by

Cursor Hand On Key Background Showing Blank Copy space Click Here

Cybercrime cost the world economy about $445 billion in 2014 and the 2015 numbers will be even higher. The cost of data breaches will reach $2.1 trillion globally by 2019. Worldwide spending on information security is estimated to reach $77 billion in 2015. In the midst of these astounding numbers, the role of the “human factor” has gotten lost. This is a frightening fact. Why? Because “they will click.” A breach is just one click away – a single person can and will overcome any technological safeguard. This is an unassailable reality, but one that gets mostly lip service by companies.
Continue reading

by and

Co-chairs of the Jeffer Mangels Cybersecurity and Privacy Group, Robert E. Braun and Michael A. Gold, discuss why companies need a cybersecurity training program. The other videos in this 4-part series include: First steps to take when there’s a data breach at your company; Cybersecurity for middle market companies; and Impact of international privacy laws on U.S. companies.

Continue reading

by and

Co-chairs of the Jeffer Mangels Cybersecurity and Privacy Group, Robert E. Braun and Michael A. Gold, discuss Impact of international privacy laws on U.S. companies. The other videos in this 4-part series include: Why companies need a cybersecurity training program; First steps to take when there’s a data breach at your company; and Cybersecurity for middle market companies.
Continue reading

by and

Co-chairs of the Jeffer Mangels Cybersecurity and Privacy Group, Robert E. Braun and Michael A. Gold, discuss the first steps to take when there’s a data breach at your company. The other videos in this 4-part series include: Why companies need a cybersecurity training program; Cybersecurity for middle market companies; and Impact of international privacy laws on U.S. companies.
Continue reading

by and

Co-chairs of the Jeffer Mangels Cybersecurity and Privacy Group, Robert E. Braun and Michael A. Gold, discuss cybersecurity for middle market companies. The other videos in this 4-part series include: Why companies need a cybersecurity training program; First steps to take when there’s a data breach at your company; and Impact of international privacy laws on U.S. companies.

Continue reading

by

The Big Data deluge - A businessman tries to crunch the numbers at his desk.png

We are flooded with news reports of major data breaches and malware attacks. The reports focus on attacks against businesses with significant volumes of sensitive personal and financial information, like financial institutions, hospitals, retailers – and most recently, law firms. There is no question that the press pays the most attention to a data breach when large volumes of valuable information have been stolen or encrypted for ransom.

Some firms, like business managers and family offices, have not received much media scrutiny. But lack of media coverage is not a reason for comfort. These organizations are ripe targets for intruders, precisely because of the people they represent and the information they possess. Business managers and family offices hold the most confidential information of their clients – financial records, bank and securities account information, health records, estate planning and trust documents, physical locations of valuable assets and the like. Intruders do not gravitate only to the largest companies or those with the highest public profiles. Rather, intruders are attracted to targets with valuable information, regardless of who they are.

Continue reading

by and

California, home of many of the world’s largest technology companies, has long been at the forefront of protecting personal electronic information in the United States. California adopted the nation’s first data breach notification law, led the nation in requiring website privacy statements, and actively enforces online privacy. On October 6, 2015 Governor Jerry Brown signed SB 178, the Electronic Communications Privacy Act (CalECPA), taking another step further by requiring California law enforcement agencies to obtain a warrant and notify the subject(s) of the warrant before acquiring electronic information.
Continue reading

by

On August 24, 2015, the Third Circuit United States Court of Appeals issued its ruling in Federal Trade Commission v. Wyndham Worldwide Corporation. The case was highly anticipated by the data security community generally for its expected ruling on the authority of the FTC to regulate data security standards. Although the decision dealt most directly with the hospitality industry, it is a wakeup call for every company that is subject to FTC jurisdiction.
Continue reading

by

The Safe Harbor

For 15 years, the Safe Harbor Framework has provided a way for U.S. companies to comply with the EU Data Protection Directive.  Under the directive, transfers of personal data from the EU to a non-EU country are prohibited unless the receiving country can assure an adequate level of protection for the data.  While a number of countries do comply – among them Andorra, Argentina, Canada, Faroe Islands, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland and Uruguay – the United States does not.  The Safe Harbor Framework was developed by the United States Department of Commerce and the European Commission as a mechanism to address the EU law’s adequacy standard. U.S. businesses voluntarily participate in the Framework and thereby comply with its terms.
Continue reading

by

Effective January 1, 2014, amendments to the California Online Privacy Protection Act (“CalOPPA”) require all commercial websites and online services that collect personally identifiable information (“PII”) to include additional disclosures in their privacy statements: how the operator responds to browser “Do Not Track” signals or other similar mechanisms; and whether other parties may collect PII about an individual consumer’s online activities over time and across different Web sites when a consumer uses the operator’s site or service.
Continue reading