The Privacy Insider Podcast Ep. 7: David, Goliath, and Data Privacy Part II: Max Schrems
When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
The Italian Data Protection Authority (“Garante per la Protezione dei Dati Personali”) published a provision in which it established that some services for e-mail management are configured to collect and store metadata...more
On April 23, 2024, the Centers for Medicare & Medicaid Services (“CMS”) issued a final rule implementing one-to-one consent rules for Third Party Marketing Organizations (“TPMOs”) that engage in Medicare-related advertising....more
Private Nutzung von Internet und E-Mail am Arbeitsplatz: Endlich mehr Sicherheit für Arbeitgeber? Nach bisheriger Auffassung der deutschen Datenschutzbehörden ist der Arbeitgeber bei gestatteter Privatnutzung von...more
The consequences of a cyberattack can be catastrophic, as we saw in the previous blog of this series. Cybersecurity is a business-wide responsibility that demands a proactive strategy extending far beyond technical solutions...more
The Information Commissioner’s Office (ICO) has recently published guidance for employers on monitoring workers lawfully, transparently and fairly. The guidance aims to protect workers’ data protection rights and help...more
‘Tis the season for the hustle and bustle of year-end holiday activities. With that comes the increased risk of cybercriminals exploiting the season to find vulnerabilities. This includes taking advantage of increased online...more
As Cybersecurity Awareness Month wraps up, it’s worth mentioning that employee security awareness training is an ongoing process. Employee error remains a significant contributing factor in data breaches. According to the...more
Many organizations give employees the ability to work from anywhere, adding convenience and flexibility to work and personal schedules. However, with this flexibility comes responsibility—the responsibility to protect the...more
On June 30, 2023, ARx Patient Solutions filed a notice of data breach with the Attorney General of Maine after discovering that an employee’s M365 email account was accessed by an unauthorized party. In this notice, ARx...more
The volumes of evidence available for litigation are such that privileged documents – a small but important subset of any evidence collection – can easily be overlooked, commingled, misplaced, or simply lost. In addition, the...more
The New York Department of Financial Services (NYDFS) continues to be a major player in data security enforcement. On Oct. 18, 2022, NYDFS announced that it had entered into a consent order with EyeMed Vision Care LLC...more
Email scams and viruses are nothing new—threats like phishing emails and malware have been around since the days when services like AOL still dominated the internet and email landscape. However, while technology has made a...more
On August 16, 2022, CISA (the Cybersecurity and Infrastructure Security Agency) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) issued an Alert outlining multiple Common Vulnerabilities and Exposures...more
We are all increasingly familiar with, and probably increasingly frustrated by, the use of chatbots to attempt to solve some problem we are having with a company, often delivery of a purchased item. The “virtual agent” (not...more
There’s a case that is ubiquitous within eDiscovery circles. Its presence is everywhere when you look at eDiscovery solutions. Many people think of it as an energy industry case, but it’s actually a financial services case –...more
Cybercrime is at an all-time high, with just the cybercrime insurance industry alone expecting to grow from $8 billion globally in 2020 to $20 billion by 2025.1 Although cyber liability insurance policies now exist to help...more
A recent Privacy Peril advised of the increasing cyber risk from nation state attacks, particularly as a result of the war in Ukraine. There is, of course, little we can do to thwart cyber assaults on vital nerve centers....more
Where We Stand - This year kicks off against the backdrop of the security flaw found in Log4j, a system-logging code library widely used in applications and services across the Internet. In the aftermath of this crisis, a...more
Risk Management Question - How can employees mitigate the risk of falling for phishing scams purportedly sent by their company's HR department? The Issue - Scammers often know just the right thing to say to pique an...more
One of the challenging things about HIPAA (Health Insurance Portability and Accountability Act) enforcement is the fact that both the Office for Civil Rights and State AGs have jurisdiction to assess fines and penalties for...more
An apparent email snafu has led to the filing of a putative class action against the Phoenix Children’s Hospital. The allegations stem from an email that was allegedly sent out to 368 people that outlined the protocols for...more
According to Microsoft, 91% of cyberattacks start with an email. In an earlier Privacy Peril we provided information on prevalent words phishers of men and women insert in an email subject line to grab the recipient’s...more
Recent compliance-related news coverage has identified an increase in anonymous hoax emails and online reports posted to companies through their internal reporting systems. Whether filed via email or through an online...more
In einer lang erwarteten Entscheidung hat das Bundesarbeitsgericht (BAG) am 27. April 2021 (2 AZR 342/20) den Antrag eines ausgeschiedenen Mitarbeiters gegen seinen ehemaligen Arbeitgeber auf Überlassung einer Kopie von...more