I recently gave a talk on Faculti about ideas in my recent book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022), about how major security breaches could be prevented through new approaches to data security law. The Faculti platform provides a library of 8,000 video and audio insights […]
Woodrow Hartzog and I wrote a new article about data breaches called “Data Vu: Why Breaches Involve the Same Stories Again and Again.” We discuss how data breaches involve the same old mistakes and how we must break the cycle. We begin: In the classic comedy Groundhog Day, protagonist Phil, played by Bill Murray, asks “What would […]
Watch this video of a discussion that I had with Bruce Schneier and Woodrow Hartzog about data breach law issues. Website for Breached! Breached! Amazon Page Download Chapter 1 for free
Professor Woodrow Hartzog and I selected some key quotes from our new book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022). Website for Breached! Breached! Amazon Page Download Chapter 1 for free The Law’s Obsessive and Unproductive Focus on Data Breaches “Too much of the current law of data security […]
I had the great opportunity to interview Mahmood Sher-Jan about new developments in data incident response. Mahmood Sher-Jan, CHPC, is the Founder and CEO of RadarFirst, a company dedicated to applying innovation and software technology to address the growing data privacy and security challenges faced by organizations that maintain regulated personal data. He holds patents in incident management, fraud prevention, […]
Numerous privacy laws are requiring that companies provide individuals with data rights — rights to access their data, correct their data, learn about uses of their data, delete their data, and more. Administering these rights can be quite complicated for organizations.
In the annals of what must be one of the most ridiculous data security incidents, a law firm employee sent a client file on an unencrypted thumb drive in the mail. The file contained Social Security information and other financial data. Seriously? The envelope arrived without the USB drive. The firm contacted the post office. […]
The General Data Protection Regulation (GDPR) is one of the world’s strictest data privacy laws and requires privacy professionals around the globe to design and implement comprehensive compliance programs. In the past year, I developed a series of resources and training courses to assist privacy professionals with this complex task. GDPR Whiteboard 200+ pages of […]
Last year, major incidents involving law firm data breaches brought attention to the weaknesses within law firm data security and the need for more effective plans and preparation. An American Bar Association (ABA) survey reveals that 26% of firms (with more than 500 attorneys) experienced some sort of data breach in 2016, up from 23% in 2015.
There is a significant degree of confusion and lack of awareness about attorney confidentiality and cybersecurity obligations. This issue is especially acute when it comes to using the cloud to store privileged documents. A common myth is that storing privileged documents in the cloud is a breach of attorney-client confidentiality. In other instances, many attorneys […]