Latest Articles

If you listen very carefully, the age of information security as we know it ended recently, not with a bang, but with a whimper.  While that may be something of an overstatement, a recent event put us on the track to that very end. Consider the “old-way”: Your company decides to engage a vendor to provide services or products in which the vendor will have possession of, hosting of, access to, or other use of…
While there is time before the California Consumer Privacy Act of 2018 comes into effect, which is January 1, 2020, businesses need to start planning now for compliance. The CCPA provides California consumers with significantly expanded rights as to the collection and use of their personal information by businesses. It covers any business meeting revenue or data collection volume triggers and that collects or sells information about California residents.…
In a recent blog post, I discussed limitation of liability clauses in technology contracts. Given the favorable response to that post, I thought it would be of interest to discuss another misunderstood and frequently neglected area of technology contracting: information security warranties. Let me be more specific. Most well-drafted technology agreements contain specific warranties and other protections relating to the protection and security of data shared with the vendor. While clearly important, contract protections…
CCPA At-A-Glance The new law gives consumers broad rights to access and control of their personal information and imposes technical, notice, and financial obligations on affected businesses. CCPA was enacted to protect the privacy of California consumers and has some similar characteristics to the EU’s General Data Protection Regulation (GDPR), including a new and very broad definition of what is included in protected personal information. Affected businesses are for-profit entities doing business in California that…
To maximize the effectiveness of your business’ security policy, consider these five essential areas during the creation and deployment stages. Most sophisticated businesses have at least some form of a security policy for their organizations.  Unfortunately, all too often, those policies are inadequate, fail to comply with applicable regulatory requirements, are profoundly complex and difficult for the average employee to understand, and almost always aren’t updated in a timely manner.…
Every organization is exposed to information security threats daily. It is essential that organizations have an information security protection program that is properly designed, documented, executed, and updated to minimize exposure to information loss, disruption of operations, and liability to third parties and regulators. An effective cybersecurity risk management program requires an effective governance structure based on the organization’s risk appetite — just like the company would create for any other material risk. While the…
The automotive industry has long been exempt from the cyber attacks that have affected so many companies operating in the financial services, healthcare and retail spaces. However, that is changing quickly due to the copious amount of historical data being collected by modern vehicles and the new autonomous features created by manufacturers.…