David Adler takes center stage in Washington D.C. at ISACA #CSXNA 2017

Trends in Cyber Law
ISACA CSXNA 2017 CYBER LAW

Adler’s topic was Trends in Cyber-Law 2017.

Cyber-Law “governs the digital dissemination of both (digitalized) information and software and legal aspects of information technology more broadly, including information security and electronic commerce. Cyber law  is a term that encapsulates the legal issues related to use of the Internet. It is less a distinct field of law than intellectual property or contract law, as it is a domain covering many areas of law and regulation, such as internet access and usage, privacy, freedom of expression, and jurisdiction.”

Despite the variety of subjects, most legal trends for 2017 are in 5 key areas: Data Sovereignty, Cyber Conflict, Civil Liberties, IoT and Cloud.

The full presentation slide deck is available here.

CSX2017 Trends in Cyberlaw 2017 Adler (Read-Only)

Intellectual Property rights (copyright, patent, trademark, trade secrets) and information technology systems each play a crucial role in business competitiveness. In order to realize the full potential of a company’s intangible business assets, it is necessary to be able to identify, locate and safeguard their disclosure and use. Cyber Security plays a crucial role in managing these internal and external business and legal risks. This “Hot Topics” discussion is a snapshot of developments in law, policy, regulation and court cases focusing on privacy and civil liberties, identity, cyber-conflict, IoT, standards, corporate structuring and the international technology marketplace.

This session covered:

  • Understanding how developments in smart home devices are creating new cyber security challenges
  • Learning how changes in regulatory agency policies and personnel are creating new privacy risks and opportunities
  • Identifying new legal cases affecting business operations
  • Recognizing new business and legal risks in relationships with customers and vendors and how to implement changes to mitigate such risks

For more information contact us here:

www.adler-law.com (866) 734-2568

Advertisements

Best Practices EU/US Privacy Shield

In case you missed it, Ken Dort at Drinker Biddle held a discussion covering high points of the EU/US Privacy Shield. Talking points covered:

1. Application Overview
2. Certification Issues
3. Privacy Shield Principles and Supplemental Principles
4. Implementation Timelines (Expected)
5. Best Practices Going Forward Pending Implementation

The draft EU-U.S. Privacy Shield “adequacy decision” includes the Privacy Shield Principles companies must follow. Suggested Best Practices for compliance with EU-U.S. Privacy Shield Principles include: evaluating disclosures about data collection and use to determine whether they are sufficiently clear and evident to consumers, and 2) giving strong consideration for implementation of a formal opt-in mechanism. European government trade regulators are concerned about whether consumers are being sufficiently informed about the nature and scale of data collection.

Ken graciously provided this great list of resources for the discussion:

* Full text of the Privacy Shield can be found here.

* European Commission draft adequacy decision can be found here.

* Department of Commerce Fact Sheet can be found here.

* European Commission Fact Sheet can be found here.

* European Commission FAQs can be found here.

* Statement from U.S. Secretary of Commerce Penny Pritzker on release of the Privacy Shield text can be found here.

* European Commission statement on the Privacy Shield text can be found here.

Article 29 Working Party statement on the Privacy Shield can be found here.

As part of Adler Law Group’s Privacy & Information Security Practice, we continue to follow the developments in this area. We can help you review, enhance and adopt standardized contracts and implement methodologies for approaching these challenges by setting objectives, determining scope, allocating resources, and developing agreements that will efficiently and effective manage risks.

Mining Data and Privacy: A Primer, Special Areas and State Laws

On Sept. 10, 2015, as part of the Mining Data and Privacy: A Primer Continuing Legal Education presentation moderated by the ISBA Intellectual Property committee, I presented the topic:

ISBA Privacy CLE – “Special Areas”: “Discover the security and privacy issues that have arisen in a number of special areas – HIPAA, COPPA, special state laws and regulations that govern online privacy, protection of personal data in court filings.”

The presentation is available here.

 

The New Wave of Data-Breach Outrage

You can almost feel it, like a power-line buzz in the air. If 2014 was the year that consumers and legislators woke up to the real threat to privacy and information security, 2015 may be the year that sees a shift in both enforcement and penalties.

On February 5, Anthem, Inc., the country’s second-largest health insurer by market value announced a security breach resulting in unauthorized access to tens of millions of current and former customer and employee accounts, Bloomberg reports.

Of particular concern is that the compromised data included social security numbers and birth dates, etc. Very different than having a credit card number stolen.

Last week, a group of 10 state attorneys general (AGs) sent a letter chastising Anthem for the length of time it took to notify the public of the breach. The letter was written on behalf of Arkansas, Connecticut, Illinois, Kentucky, Maine, Mississippi, Nebraska, Nevada, Pennsylvania and Rhode Island.

Some observers have commented that current encryption technology can limit the amount of data that even “authorized users” can view at one time, making it more difficult to compromise massive amounts of data.

In this situation, the breach occurred through misuse of an authorized user’s credentials, so encryption alone would not have worked. While most companies give universal access to data to some employees (senior level or IT), for the encryption approach to work, no one person or set of credentials should allow access to all data.

In the end, the new “best practices” approach may be a combination of encryption plus controls to limit the amount of data that any one set of credentials can access.

When it comes to addressing data privacy risks, it is often difficult to determine whether you should slow down, change course, signal for help, or simply muddle through. Often, teams tasked with managing privacy need to quickly identify potential issues, assess the risk, and implement controls to steer clear of unneeded exposure. The privacy professionals at the Adler Law Group can help you adopt Privacy Impact Assessments – or similar tools – and standardize a methodology for approaching these challenges by setting objectives, determining scope, allocating resources, and developing practices that will efficiently and effective manage privacy, while keeping pace with the business. For a free consultation, call us at (866) 734-2568, send and email to info@ecommerceattorney.com or visit our web site www.adler-law.com.

DATA PRIVACY DAY 

Do You Understand Your Data Privacy Rights?

Data Privacy Day was started in 2007 in response to widespread lack of understanding about how personal data was being protected. Today, 91% of adults “agree” or “strongly agree” that consumers have lost control over how personal information is collected and used by companies, according to a recent Pew Research Center Survey.

Data is one of the natural resources of the 21st century. It should be treated like all other precious resources. Understanding, responsibility, and accountability are key. Ubiquitous Internet connections, unprecedented processing power and speed combined with staggeringly large databases have the ability to help both the private and public sectors. However, there is a growing split between the benefits of data-driven activities and perceptions of decreased privacy rights needs to be addressed. There is a balance that needs to be found between the responsibility of governments and that of businesses in ensuring an adequate level of protection to citizens and consumers, while supporting technological innovation.

The purpose of Data Privacy Day is raise awareness among digital citizens and empower them with understanding how their data is being collected, stored and consumed. Often, that starts with being educated about the privacy policies of online companies and web properties.

The National Cyber Security Alliance (NCSA) officially kicked off today’s Data Privacy Day events with a broadcast from George Washington University Law School featuring Federal Trade Commissioner Maureen Ohlhausen and privacy and security experts from industry and government.

Whether you are a consumer, an application developer, a technology platform provider, consultant, or enterprise that relies on the collection, analysis and commercialization of data (who doesn’t these days) Adler Law Group can help you navigate this emerging area by 1) assessing and prioritizing privacy risks, 2) creating a baseline understanding of data assets, data flows and contractual commitments, 3) developing internal Privacy Polciies and processes, and 4) creating and delivering training programs for executives and employees that increases awareness and mitigate risk.

Identifying Intellectual Property Issues in Start-Ups – Live Webcast!

Do you work with start-up companies and need a basic understanding of the various intellectual property issues that can arise?

I will be co-presenting in this online seminar that will help you:

  • understand the trademark and copyright problems your client may encounter with branding;
  • learn how to protect your client’s branding once established;
  • familiarize your practice with patents, including what they protect, timing, and strategies to prevent inadvertent loss of patent rights before filing the application;
  • understand trade secrets and the importance of non-disclosure and confidentiality agreements;
  • recognize intellectual property issues relating to technology, including open source code and the cloud;
  • establish a proactive approach toward intellectual property ownership between cofounders, employees, and vendors; understand business names, domain names, promotional issues, and website content concerns.

The program qualifies for 1.5 hours MCLE credit.

I would like to personally invite you to attend the upcoming Law Ed program titled, “Identifying Intellectual Property Issues in Start-Ups,” which I will be co-presenting via live webcast on Tuesday, May 27th.

Presented by the ISBA Business Advice and Financial Planning Section

Co-Sponsored by the ISBA Intellectual Property Section

Is Your Company’s Web Site Privacy Policy Compliant With New California Law?

Privacy Law Update: California “Do Not Track” 

Two California laws went into effect at the beginning of the year that  require additional notifications to consumers.  The California Online Privacy Protection Act (“CalOPPA”) requires that web sites, mobile apps and other online services available to California residents (in reality anyone with a web site that may be accessed by a CA resident) post a privacy policy that gives notice to consumers regarding behavioral or interest-based advertising practices (“OBA”).

Disclosures must explain:
1. If a web site operator allows other parties to use tracking technologies in connection with the site or service to collect certain user data over time and across sites and services; and
2. How it responds to browser “do not track” signals or other mechanisms designed to give consumers choice as to the collection of certain of their data over time and across sites and services

In addition, the “California Shine the Light Act” requires that companies (except non-profits and businesses with less than 20 employees) collecting broadly defined personal information from California consumers on or offline either: (a) give consumers a choice as to the sharing of that information with third parties (including affiliates) for direct marketing purposes; or (b) provide notice of, and maintain, a method by which consumers can annually obtain information on the categories of information disclosed the names and addresses of the recipients of that data, and a description of the recipients’ business.

If an e-commerce service offers tangible goods or services, or vouchers for them, to California consumers, it must give certain notices to consumers, including how they can file a complaint with the CA Department of Consumer Affairs.

Are you  concerned about how to disclose how your service responds to “Do Not Track” signals or similar tools and settings, and whether third parties are permitted to collect personally identifiable information about consumer online activities over time and across different websites when a consumer uses that online service? We may be able to help. We can review your policies, your information gathering and sharing practices, and advise on whether there is room for improvement.

Please contact us for a no-fee consultation.