Partner Matt Miller Publishes Article on Minimizing Litigation Risk in Cybersecurity Audits

Data breaches have become an all-consuming topic of late. Stories about data theft dominate political headlines, boardroom discussions and family meetings around the dinner table. They, of course, have also been the subject of government investigations and private litigation.

The current environment is not unlike other moments in the recent past that seem to have captured the attention of Wall Street, K Street and Main Street, including the financial reporting scandals of the early 2000s.… More

Is Your Company’s Board of Directors Cyber Savvy?

Every company should expect that at some point it will experience a data breach. Whether as a result of hackers, disgruntled employees, or careless acts such as losing an unencrypted phone or laptop, data breaches may subject companies to liability and must be handled with speed and great care. What are the responsibilities of directors in preventing and addressing data breaches?

Without a doubt, directors must be generally aware of the data security risks facing the company and ensure that the company is prepared to manage those risks appropriately and has an incident response plan for a data breach.… More

Join us March 27: Legal and Technical Perspectives on Data Privacy and Security

Taking stock of the current privacy and security environment is critical. The legal world around data privacy continues to shift and the technical challenges to solving data security needs continue to increase in complexity.

Join Foley Hoag’s Chris Hart and Rapid7’s Jeremiah Dewey for a conversation about understanding and meeting today’s data privacy and security challenges. They will discuss the following:

  • What does the current threat environment look like?…
  • More

Partner Colin Zick Discusses Why Law Firms Are Building State Privacy Practices as Enforcement Heats Up with Bloomberg Law

Partner Colin Zick speaks to Bloomberg Law about how big law firms are expanding their state-focused practices to help clients deal with heavy state fines for alleged privacy violations.

Companies are turning to state-centric practices “because they see the threats from individual state enforcers,” Zick said. They want expertise from former officials, like former Massachusetts Attorney General Martha Coakley, who know the proper approach to limit enforcement risks,… More

Debate over Cybersecurity Oversight for Gas Pipeline and Bulk Power Systems Continues

Earlier this month, Federal Energy Regulatory Commission (“FERC”) Chairman Neil Chaterjee testified before the U.S. Senate Committee on Energy and Natural Resources on issues related to cybersecurity in the energy industry.

In his testimony, Chaterjee seemed to soften at least his messaging, if not his position, calling for increased mandatory oversight of cybersecurity for gas pipelines.  In a joint letter written last June,… More

Presentation: “Alexa, What Medication Am I Taking?” A discussion of privacy, security and practical issues implicated by the use of voice technology in healthcare.

Partner Colin Zick and Associate Jeremy Meisinger presented to the Massachusetts Health Information Management Association on the legal issues presented by the continued development of voice technology in healthcare.  Click here to download the slides. More

EDPB Issues Opinion on the Interplay between the Clinical Trials Regulation and the GDPR

‎On January 23, 2019, the European Data Protection Board (“EDPB”) issued an interesting opinion about personal data processed in relation to clinical trials.

The main role of the EDPB – which succeeded the Article 29 Working Party – is to contribute to the consistent application of the GDPR throughout the European Union. Its tasks include providing general guidance to clarify the law and advising the European Commission on data protection issues and new legislations.… More

Blockchain and Data Privacy (Lex Mundi Series)

Editors’ Note: The following article was originally published as part of Lex Mundi’s Blockchain Whitepaper Series, which you can find here.

What data privacy concerns should practitioners have relating to blockchain technology? Answering the question involves understanding first the personal information implicated by a specific blockchain application, and then analyzing the relevant legal regimes that govern the personal information.

Personal Information

Data privacy does not implicate all information,… More

Privacy and Data Security Strategies for Start-Up Companies

Start-up companies know that, when potential investors kick the tires, they will look carefully at the company’s business model and IP portfolio.  These days, investors are also likely to look at whether the company is in compliance with privacy and data security laws.  Cybersecurity has become increasingly important for business of all sizes.  While identity thieves may focus on the target rich environments of large-scale enterprises,… More

GDPR Alert: Google Gets Biggest Fine Ever Issued by a European Data Protection Authority

On 21 January 2019, the French Data Protection Authority (the “French DPA”) fined Google LLC 50 million euros for breach of the GDPR.

As we reported on this blog, just after GDPR became applicable, noyb.eu (None of Your Business), the non-profit privacy organization set up by Max Schrems, the Austrian lawyer who initiated the action against Facebook that led to the invalidation of the Safe Harbor,… More