Security, Privacy and the Law

Legal Perspectives on the Expanding Universe of Information Security & Privacy Issues.

Taking stock of the current privacy and security environment is critical. The legal world around data privacy continues to shift and the technical challenges to solving data security needs continue to increase in complexity. Join Foley Hoag’s Chris Hart and Rapid7’s Jeremiah Dewey for a conversation about understanding and meeting today’s data privacy and security challenges. They will discuss the following: What does the current threat environment look like? How has the legal landscape changed…
Partner Colin Zick speaks to Bloomberg Law about how big law firms are expanding their state-focused practices to help clients deal with heavy state fines for alleged privacy violations. Companies are turning to state-centric practices “because they see the threats from individual state enforcers,” Zick said. They want expertise from former officials, like former Massachusetts Attorney General Martha Coakley, who know the proper approach to limit enforcement risks, he continued. Click here to read the…
Earlier this month, Federal Energy Regulatory Commission (“FERC”) Chairman Neil Chaterjee testified before the U.S. Senate Committee on Energy and Natural Resources on issues related to cybersecurity in the energy industry. In his testimony, Chaterjee seemed to soften at least his messaging, if not his position, calling for increased mandatory oversight of cybersecurity for gas pipelines.  In a joint letter written last June, Chatterjee, along with fellow FERC Commissioner Richard Glick, advocated for transfer of…
Partner Colin Zick and Associate Jeremy Meisinger presented to the Massachusetts Health Information Management Association on the legal issues presented by the continued development of voice technology in healthcare.  Click here to download the slides.…
‎On January 23, 2019, the European Data Protection Board (“EDPB”) issued an interesting opinion about personal data processed in relation to clinical trials. The main role of the EDPB – which succeeded the Article 29 Working Party – is to contribute to the consistent application of the GDPR throughout the European Union. Its tasks include providing general guidance to clarify the law and advising the European Commission on data protection issues and new legislations. The…
Editors’ Note: The following article was originally published as part of Lex Mundi’s Blockchain Whitepaper Series, which you can find here. What data privacy concerns should practicioners have relating to blockchain technology? Answering the question involves understanding first the personal information implicated by a specific blockchain application, and then analyzing the relevant legal regimes that govern the personal information. Personal Information Data privacy does not implicate all information, but personal identifying information. This means…
Start-up companies know that, when potential investors kick the tires, they will look carefully at the company’s business model and IP portfolio.  These days, investors are also likely to look at whether the company is in compliance with privacy and data security laws.  Cybersecurity has become increasingly important for business of all sizes.  While identity thieves may focus on the target rich environments of large-scale enterprises, any company that stores personal data or sensitive business…
On 21 January 2019, the French Data Protection Authority (the “French DPA”) fined Google LLC 50 million euros for breach of the GDPR. As we reported on this blog, just after GDPR became applicable, noyb.eu (None of Your Business), the non-profit privacy organization set up by Max Schrems, the Austrian lawyer who initiated the action against Facebook that led to the invalidation of the Safe Harbor, and a French organization called “…
Can a fingerprint alone provide “testimony” about a person?  Earlier this month, a federal court in California said yes.  But the court was not engaging in a highly-localized form of palm-reading; rather, the question arose in the ever-evolving field of how to balance law enforcement needs and individual citizens’ privacy interests as new technologies emerge. The United States District Court for the Northern District of California has been a hotspot for privacy-related litigation, but this…
On January 10, 2019, Advocate General Szpunar issued his much awaited opinion in the Google case that was referred to the European Court of Justice by the French “Conseil d’Etat”, the highest administrative court of the country.  The Conseil d’Etat basically asked the European Court of Justice to follow-up on its Google Spain decision: is the right to be forgotten – i.e., the right of individuals to request an operator of a search engine…