Archives

An Active Summer for GDPR: Part II, Video Surveillance Data and the US CLOUD Act

In an effort to make sure everyone is up-to-date on the guidelines, decisions, and other relevant changes in European data protection, XPAN is providing a break down of what you may have missed over those relaxing summer months. Last week (available here), we provided a breakdown of the first of two plenary sessions held by […]

An Active Summer for GDPR: Part I, Codes of Conduct & Certification under the GDPR

As the summer is beginning to wind down, it is a good time to reflect on the last few months and to set priorities for the upcoming fall and winter months when it comes to a company’s security and privacy infrastructure. And, the EU authorities have had an active summer — giving companies in all […]

Every Company’s Lessons from the FTC’s Facebook Settlement

By Michael A. Shapiro, Esq., CIPP/US/E, Attorney with XPAN Law Group, LLC Last month’s Federal Trade Commission settlement with Facebook was met with mixed reactions.  While the Commission hailed it as “record-breaking and history-making,” some critics derided it as amounting to a little more than a slap on the wrist.  Although the headlines focused on […]

The NYSHIELD Act: It Has Arrived!

On June 17, 2019, the New York State Assembly passed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which is the latest in the state-by-state effort to increase data protection efforts. We have seen the Pennsylvania Supreme Court in Dittman v. UPMC create a legal duty to exercise reasonable care to safeguard its […]

Cybersecurity and Data Privacy in the Practice of Law

By Jordan L. Fischer, Esquire, Co-Founder and Managing Partner of XPAN Law Group, LLC Law firms often operate as a repository of sensitive client information, from proprietary trade secrets to personal data such as social security numbers and medical information. We also store sensitive emails and other communications that clients intend and prefer be kept […]

Insider Threats Part 3 – Making Third-Party Risk Management A Priority

By Antonia Dumas, Associate at XPAN Law Group LLC In the first blog of this insider threat series, we discussed the importance of changing the perspective regarding third-party relationships as insider threats. Then we turned to more obvious threats, your own employees as your weakest link. However, now we turn to the need to make […]

As Government Agencies Expand the Use of Biometric Technologies, Privacy and Civil Liberties Activists Raise Alarm, and Legislators Start Paying Attention

By Michael A. Shapiro, Attorney at XPAN Law Group, LLC Last month, we wrote about legal developments and changing regulatory landscape affecting the use of biometric data in the private sector. The government at the federal and local levels also collects and processes a vast amount of biometric information on U.S. citizens and foreign nationals.  […]

A CISO and Outside Cybersecurity Counsel: A Marriage Made in Heaven

Frequently people ask, “why would a company [or organization] need a good cybersecurity and data privacy attorney”? A CISO (chief information security officer) should be able to handle everything, right? She should be intimately familiar with the corporate network infrastructure, all of the current policies, procedures, SOPs, and guidelines, all existing privacy and security regulations/requirements, […]

A Biometric Data Regulation: Coming to a State Near You

By Michael A. Shapiro, Attorney at XPAN Law Group, LLC Once a subject of science fiction movies, biometric identification is becoming an integral part of our daily lives.  Between fingerprint scanning, voice print identification, and facial recognition technology, more and more companies are collecting and processing biometric data. While biometric identification provides more security advantages […]

Beware of Potential Conflicts: Should Your Organization Appoint an IT Director as a Data Protection Officer?

**Reproduced from the International Journal for the Data Protection Officer, Privacy Officer, and Privacy Counsel, availabe here.  By Jordan L. Fischer, Esquire, Managing Partner, XPAN Law Group, LLC and Michael A. Shapiro, Esquire, XPAN Law Group, LLC Since the enactment of the European Union’s General Data Protection Regulation (the “Regulation”), the Data Protection Officer (“DPO”) […]