By David R. Bohm
MAD Magazine’s Alfred E. Nuemann would famously say, “What, Me Worry?” If you store personal information about your clients or customers on your computer, however, you should worry that it is properly secured.
Hackers and other malevolent individuals on the world wide web are constantly trying to compromise or steal data from your computer system to sell on the dark web. They particularly target names combined with (1) social security numbers, (2) credit or debit card numbers or other account information, (3) security or access codes or passwords, or (4) medical or health insurance information.
Another common form of cyberattack is to plant ransomware on a target’s computer system. Ransomware encrypts the data on the system making it inaccessible to the system’s owner, leaving a ransom note as the only thing readable on the affected system. Continue reading »
01/19/21 11:06 AM
Business Law, Cybersecurity, Emerging Business, Litigation, Manufacturing and Distribution, Technology | Comments Off on What, Me Worry? If You Store Customers’ Personal Information on Your Computer System, You Should! |
Permalink
What, Me Worry? If You Store Customers’ Personal Information on Your Computer System, You Should!
By David R. Bohm
The Circuit Courts for St. Louis City and County have both issued Administrative Orders that approve of taking of depositions by video conference. Both of these orders require that a party opposing the taking of a deposition by video conference, for that reason alone, has the burden to prove that the deposition not go forward (i.e., that the deposition notice be quashed).
At a Town Hall videoconference on April 16, Judge Rex Burlison, the presiding judge of the St. Louis City Circuit Court, made clear that, at least in the city, a party opposing the taking of a deposition by videoconference will have a difficult time convincing the court not to permit such deposition to go forward. For now, at least, in the age of social distancing amidst fear of the COVID-19 virus, it appears that videoconference depositions will be the new normal.
However, there are real issues that need to be addressed concerning depositions by videoconference. Perhaps the most important has to do with the security of the videoconference platforms used by court reporting services. In a survey of several large national court reporting services and one smaller service, they all reported using Zoom for depositions, despite recent reports by credible sources that Zoom has been hacked and is not secure. Unless and until these security concerns are addressed, I will oppose taking of depositions over Zoom (although other services may be more secure). The security of depositions is of particular concern when depositions involve businesses’ confidential information or otherwise will address sensitive information.
There are also questions regarding the preservation of video and audio of depositions, including how this will be done, how parties can access any recordings, and whether storage of any such video and/or audio is secure. Again, the security of recordings of Zoom conferences has also been reported to be an issue. Continue reading »
04/20/20 12:21 PM
Business Law, COVID-19, Cybersecurity, Litigation, Technology | Comments Off on Video Depositions – the New Normal for the Age of Social Distancing |
Permalink
Video Depositions – the New Normal for the Age of Social Distancing
By Corporate Law Practice Group
Social media has officially taken over our lives. The statistics only confirm this fact. There are 2.3 billion active social media users across the world. Any given internet user has an average of five social media accounts. Facebook has over 1.71 billion users, YouTube has over 1 billion users, and WhatsApp has 900 million users. Every day, there are 60 billion messages sent through Facebook messenger and Whats-App. Three hundred hours of videos are uploaded on YouTube every minute. Snapchat users watch 6 billion videos on average a day.
It is clear that an individual’s accounts contain a plethora of intimate, personal details meant to be shared exclusively with friends or a fan base. But this begs the question, with this personal nature of social media, what can be excluded from court? The answer: potentially none of it. Continue reading »
06/17/19 11:18 AM
Business Law, Digital Media, Litigation, Technology | Comments Off on #SocialMediaAsEvidence |
Permalink
#SocialMediaAsEvidence
By Ruth Binger
Cyber criminals hack businesses for a myriad of reasons: to rob bank accounts by hacking email accounts and intercepting wire transfers; to file fraudulent tax returns using stolen customer or employee personal data; to commit health insurance or Medicare fraud; to steal intellectual property; to destroy property; and to deny service. Websites are also hacked as a mechanism to cyber hack other businesses. (See data protection tips here.)
Cyber hackers include your employees, identity thieves, contractors and vendors, business competitors, terrorists, state-sponsored actors and others. The success of your business and its very existence could be placed in jeopardy because of unauthorized business account access, loss of ability to execute transactions, regulatory, reputational and litigation costs, and significant remedial costs.
Focusing on the litigation ramifications, let’s use the following fictional ABC Co. case study to understand the various laws involved. Continue reading »
12/19/17 2:30 PM
Business Law, Digital Media, Manufacturing and Distribution, Technology | Comments Off on When Bad Guys Attack: Data Breach and Legal Exposure |
Permalink
When Bad Guys Attack: Data Breach and Legal Exposure
By Ruth Binger
A cyber incident will happen to your company. It is not a matter of if, but when. Small businesses make an appealing target because hackers know they don’t spend as much on security as larger businesses and are not as careful.
According to a Towergate Insurance study, 82 percent of small business owners claim that they are not targets for attack because there is nothing worth stealing. However, employee personal data and health information and customer data are always worth stealing. Symantec reports that 43 percent of cyber-attacks worldwide in 2016 were against small businesses with less than 250 workers. In fact, cyber crooks try to rob bank accounts via wire transfers, steal customers’ personal identify information, file fraudulent tax returns, commit Medicare fraud, etc.
IBM estimates that nearly two-thirds of all cyber-attacks hit small to mid-sized businesses. More disturbing, the U.S. National Cyber Security Alliance estimates that about 60 percent of those hit are forced to close six months after an attack. A 2016 Poneman Institute Breach Report advises that the average price a small business has to pay after a cyber attack is about $690,000.
According to the 2017 Verizon Data Breach Investigations Report:
- 75 percent of the breaches were perpetrated by outsiders (with 51 percent involving organized criminal groups) and the remaining involved internal actors.
- 62 percent of the breaches involved hacking
- 81 percent of breaches involving hacking leveraged stolen and/or weak passwords
- Not surprising, malware installed via malicious email attachments was present in 50 percent of the breaches involving hacking
- The victims of data breaches are:
- Financial organizations (24 percent)
- Health care organizations (15 percent)
- Public sector entities (12 percent)
- Retail and accommodations (15 percent)
- One in 14 users are tricked into following a link or opening an attachment with 25 percent of the users making the same mistake twice
It’s all about the money: Perpetrators of data breaches steal and exploit sensitive data for financial gain. They are opportunistic, using phishing to poke for weak points to use as entry points. Phishing, the most common tool, involves collecting sensitive information like login credentials and credit card information through legitimate-looking but fraudulent websites. Ninety-five percent of phishing attacks led to a breach that was followed by the installation of some sort of malicious software (malware).
Small to mid-sized businesses can take preventive steps to minimize damage. Here are 20 tactics to employ to protect your data. Continue reading »
09/11/17 11:53 AM
Business Law, Digital Media, Technology | Comments Off on When Bad Guys Attack Small to Mid-Sized Businesses: 20 Data Protection Tips |
Permalink
When Bad Guys Attack Small to Mid-Sized Businesses: 20 Data Protection Tips
By Katherine M. Flett
Our ever-evolving technological society is raising new questions about how to reconcile complex health data protection laws with cloud storage. Storage of data in the “cloud” allows users to store, maintain, and manage data remotely on the internet. Its advantages include accessibility of the cloud-stored data from any location via the internet, emergency back-up capacity, and even cost savings. An online search for HIPAA-compliant cloud storage companies reveals that there is no shortage of companies who advertise their “HIPAA-compliant cloud services.” It is important to remember that working with a company who claims their cloud storage “is HIPAA compliant,” does not excuse you from meeting HIPAA requirements. Due diligence is required when selecting such a company and entering into appropriate contractual arrangements with the companies.
The Department of Health and Human Services’ Office for Civil Rights (“OCR”) is responsible for overseeing protection of sensitive health data under the Health Insurance Portability and Accountability Act, as amended (“HIPAA”). OCR issued guidance on October 6, 2016, explaining how to safeguard electronic health information protected by HIPAA in today’s widespread cloud networking environment.
HIPAA applies to “covered entities,” and this article will focus on one such covered entity, the health care provider. Most health care providers do not perform all of their health care functions by themselves and instead often use a range of services offered by others, called “business associates” under HIPAA. Health care providers are permitted to disclose protected health information (“PHI”) to these business associates (“BA”) as long as they obtain satisfactory assurances that the BA will use the information only for the purposes for which it was engaged by the health care provider, will safeguard the information from misuse, and will help the health care provider comply with some of the health care provider’s duties under HIPAA, through the execution of business associate agreements.
Continue reading »
01/9/17 12:14 PM
Health Care, HIPAA, Technology | Comments Off on The Intersection of HIPAA and Cloud Storage |
Permalink
The Intersection of HIPAA and Cloud Storage
By Ruth Binger
Most companies are under a common perception that all jobs involving computers are complex, require exceptional expertise and are therefore exempt from the requirement of overtime pay under the Fair Labor Standards Act. Legally, this is not true. As a preventive measure, companies should audit their workforce to make sure that their information technology workers are properly classified. Failure to do so could cause companies to lose their exemption from paying overtime for all misclassified employees, payment of two to three years of back pay and the payment of double damages.
There are three possible applicable exemptions available to avoid overtime pay for information technology jobs. They are: (1) the computer related exemption under 29 CFR Section 541.400; (2) the administrative exemption under 29 CFR Section 541.200; and (3) the executive exemption under 29 CFR Section 641.100. This article will focus only on the computer related exemption.
Continue reading »
02/1/05 7:11 PM
Business Law, Emerging Business, Employment Law, Technology | Comments Off on Are All IT Jobs Exempt From Overtime Requirements Under the Fair Labor Standards Act? |
Permalink
Are All IT Jobs Exempt From Overtime Requirements Under the Fair Labor Standards Act?
By David R. Bohm
The success of a company in the technology sector is largely dependent upon its intellectual property, which, in turn, is derived from investment in human capital. It is the company’s employees (as used herein, the term “employee” will include independent contractors and contract employees) who develop software, invent new products or techniques, and generate other types of trade secrets and confidential information. Today, because employees are more mobile than ever, it is extremely important that businesses take precautions to keep their intellectual property from being utilized by an employee who goes to work for a competitor.
Patent and copyright law provide an entrepreneur some rights in relation to employees involved in developing patented or copyrighted material. Additionally, an entrepreneur has some common law rights in its trade secrets and confidential information. However, in order for a business to fully protect its interests in intellectual property developed and utilized by it, it is important to implement written agreements
that specifically address the rights of the business and its employees relative to such inventions and information.
Continue reading »
01/1/01 4:08 PM
Intellectual Property, Technology | Comments Off on Protecting Your Company’s Intellectual Property from Predation by Employees and Independent Contractors |
Permalink
Protecting Your Company’s Intellectual Property from Predation by Employees and Independent Contractors