Kaspersky Lab and Due Diligence – How Do You Minimize Risk?

Kaspersky Lab, a Russian-owned cybersecurity company that sells anti-virus software and other kinds of IT systems security products, has been banned from use by the federal government.  This latest development comes by way of the Department of Homeland Security (DHS), which issued a directive requiring agencies to (1) identify Kaspersky products they are using, (2) create plans to stop using those products, and,… More

Yes, You Were Likely a Victim of the Equifax Hack, But Here’s What You Can Do Now

As we previously said, the Equifax breach affects approximately 143 million Americans. While the hackers stole data that includes addresses, birth dates, full names and Social Security numbers, there are steps you can take today that will protect you from an identity theft worst-case scenario.

Assume the hackers stole your data

While no one wants to be in a situation where personal information was exposed,… More

So They’ve Hacked Equifax…. Is Anyone Safe? And What Should You Do Now?

Me and 143 million of my closest friends may have had our personal information inappropriately accessed through a breach at Equifax–is there no safe haven anywhere?  Deferring that question for another day, here are the instructions from the FTC on how to check if your data is implicated.  The first time I tried, I could not access the site:

I waited an hour and went back to the site. … More

High Security: How to Minimize Marijuana Data Risks

As we’ve blogged in the past, the cannabis industry is particularly susceptible to cyberattacks. With threats like a federal crackdown and workplace drug testing, customers have a vested interest in keeping their information private. Unfortunately, the newly-legal cannabis industry has limited experience with data security. While traditional industries have the benefit of expertise and mature regulatory oversight to foster best cybersecurity practices,… More

You can’t be forced to provide a cell phone PIN number, Massachusetts court says.

A Massachusets court recently held that a defendant cannot be compelled to provide a cell phone PIN number to a cell phone that is seized in an arrest, because doing so would be self-incriminating.  In Commonwealth v. Jones, the Superior Court reasoned in part that

The fact that the LG Phone was found on Mr. Jones’ person at the time of his arrest is notable and helpful to the Commonwealth,… More

Adventures in State Data Breach Laws: Maryland Becomes the Next to Amend.

As we have noted before in this space, states have begun going through the process of amending their data breach notification laws.  California, for example, recently amended its data breach notification statute to expand the definition of personal information.  Illinois did the same, and adjusted its safe harbor provision.  And New York created first-of-its-kind financial sector cybersecurity regulations.  … More

General Data Protection Regulation: What It Means For US Healthcare/Life Science Companies (Part Three)

This is the third post in a three-part series designed to provide a summary of some of the GDPR features that are likely to have the most substantial impact on healthcare/life science related businesses. (Links for Part One and Part Two

GDPR Features that Apply Specifically to the Healthcare/Life Science Sectors

Even though the GDPR is a general regulation,… More

General Data Protection Regulation: What It Means For US Healthcare/Life Science Companies (Part Two)

This is the second post in a three-part series designed to provide a summary of some of the GDPR features that are likely to have the most substantial impact on healthcare/life science related businesses. (Links for Part One and Part Three

New General Features of the GDPR

Some of the GDPR general features may be of particular interest for companies in the healthcare/life science sectors.… More

General Data Protection Regulation: What It Means For US Healthcare/Life Science Companies (Part One)

This is the first post in a three-part series designed to provide a summary of some of the GDPR features that are likely to have the most substantial impact on healthcare/life science related businesses. (Links for Part Two and Part Three)

The clock is ticking: on May 25, 2018, in less than a year from now, the General Data Protection Regulation (“the GDPR”) will apply in all Member States of the European Union (“EU”) and will replace the Directive 95/46/CE (“the Directive”).… More