The NYSHIELD Act: It Has Arrived!

On June 17, 2019, the New York State Assembly passed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which is the latest in the state-by-state effort to increase data protection efforts. We have seen the Pennsylvania Supreme Court in Dittman v. UPMC create a legal duty to exercise reasonable care to safeguard its […]

Cybersecurity and Data Privacy in the Practice of Law

By Jordan L. Fischer, Esquire, Co-Founder and Managing Partner of XPAN Law Group, LLC Law firms often operate as a repository of sensitive client information, from proprietary trade secrets to personal data such as social security numbers and medical information. We also store sensitive emails and other communications that clients intend and prefer be kept […]

Insider Threats Part 3 – Making Third-Party Risk Management A Priority

By Antonia Dumas, Associate at XPAN Law Group LLC In the first blog of this insider threat series, we discussed the importance of changing the perspective regarding third-party relationships as insider threats. Then we turned to more obvious threats, your own employees as your weakest link. However, now we turn to the need to make […]

As Government Agencies Expand the Use of Biometric Technologies, Privacy and Civil Liberties Activists Raise Alarm, and Legislators Start Paying Attention

By Michael A. Shapiro, Attorney at XPAN Law Group, LLC Last month, we wrote about legal developments and changing regulatory landscape affecting the use of biometric data in the private sector. The government at the federal and local levels also collects and processes a vast amount of biometric information on U.S. citizens and foreign nationals.  […]

A CISO and Outside Cybersecurity Counsel: A Marriage Made in Heaven

Frequently people ask, “why would a company [or organization] need a good cybersecurity and data privacy attorney”? A CISO (chief information security officer) should be able to handle everything, right? She should be intimately familiar with the corporate network infrastructure, all of the current policies, procedures, SOPs, and guidelines, all existing privacy and security regulations/requirements, […]

A Biometric Data Regulation: Coming to a State Near You

By Michael A. Shapiro, Attorney at XPAN Law Group, LLC Once a subject of science fiction movies, biometric identification is becoming an integral part of our daily lives.  Between fingerprint scanning, voice print identification, and facial recognition technology, more and more companies are collecting and processing biometric data. While biometric identification provides more security advantages […]

Beware of Potential Conflicts: Should Your Organization Appoint an IT Director as a Data Protection Officer?

**Reproduced from the International Journal for the Data Protection Officer, Privacy Officer, and Privacy Counsel, availabe here.  By Jordan L. Fischer, Esquire, Managing Partner, XPAN Law Group, LLC and Michael A. Shapiro, Esquire, XPAN Law Group, LLC Since the enactment of the European Union’s General Data Protection Regulation (the “Regulation”), the Data Protection Officer (“DPO”) […]

Nowhere to Run, Nowhere to Hide

This week we saw yet another rash of cyberattacks. The Philadelphia court system website was shut down Tuesday (May 21st) all afternoon because of a virus intrusion. The court website is where attorneys file all of their pleading (complaints, answers, motions) for court cases taking place in Philadelphia. And while it is bad enough to deprive […]

Insider Threats Continued – Your Own Employees Are Your Weakest Link

By Antonia Dumas, Associate at XPAN Law Group LLC In a previous blog post, we discussed  insider threats with a focus on a non-obvious threat, your third-party relationships, describing how an insider threat can be defined and the types of actors that can be a threat to the protection and privacy of your systems and […]

Better Late than Never: While Organizations Struggle to Comply with the California Consumer Privacy Act on Time, Ignorance of the Law Is Not an Option

By Michael A. Shapiro, Attorney at XPAN Law Group, LLC The California Consumer Privacy Act (CCPA) enacted last summer is the first comprehensive U.S. privacy law which creates broad rights for consumers in California and parallel duties on businesses regarding the use of private information.  Among the rights delineated by the CCPA, consumers can seek […]