Data Categorizations: A Back to School Basic

Data categorizations should be on every company’s back-to-school supply list. A few years ago, we published a blog post about how when the kids go back-to-school, it is a good time to take stock of your cyber-readiness in business. After going through the harrowing task of back-to-school shopping and locating the very specific items that […]

Do Not Hit The Red Button! Making Cybersecurity and Data Privacy Training A Requirement

By Antonia Dumas, Associate at XPAN Law Group LLC Keep your employees from hitting the red button! Those of you that are fans of The Twilight Zone (Button, Button) or saw the poor modern remake (The Box) may remember the episode with the mysterious box that arrived on someone’s doorstep with only a big red […]

An Active Summer for GDPR: Part II, Video Surveillance Data and the US CLOUD Act

In an effort to make sure everyone is up-to-date on the guidelines, decisions, and other relevant changes in European data protection, XPAN is providing a break down of what you may have missed over those relaxing summer months. Last week (available here), we provided a breakdown of the first of two plenary sessions held by […]

An Active Summer for GDPR: Part I, Codes of Conduct & Certification under the GDPR

As the summer is beginning to wind down, it is a good time to reflect on the last few months and to set priorities for the upcoming fall and winter months when it comes to a company’s security and privacy infrastructure. And, the EU authorities have had an active summer — giving companies in all […]

Every Company’s Lessons from the FTC’s Facebook Settlement

By Michael A. Shapiro, Esq., CIPP/US/E, Attorney with XPAN Law Group, LLC Last month’s Federal Trade Commission settlement with Facebook was met with mixed reactions.  While the Commission hailed it as “record-breaking and history-making,” some critics derided it as amounting to a little more than a slap on the wrist.  Although the headlines focused on […]

The NYSHIELD Act: It Has Arrived!

On June 17, 2019, the New York State Assembly passed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which is the latest in the state-by-state effort to increase data protection efforts. We have seen the Pennsylvania Supreme Court in Dittman v. UPMC create a legal duty to exercise reasonable care to safeguard its […]

Cybersecurity and Data Privacy in the Practice of Law

By Jordan L. Fischer, Esquire, Co-Founder and Managing Partner of XPAN Law Group, LLC Law firms often operate as a repository of sensitive client information, from proprietary trade secrets to personal data such as social security numbers and medical information. We also store sensitive emails and other communications that clients intend and prefer be kept […]

Insider Threats Part 3 – Making Third-Party Risk Management A Priority

By Antonia Dumas, Associate at XPAN Law Group LLC In the first blog of this insider threat series, we discussed the importance of changing the perspective regarding third-party relationships as insider threats. Then we turned to more obvious threats, your own employees as your weakest link. However, now we turn to the need to make […]

As Government Agencies Expand the Use of Biometric Technologies, Privacy and Civil Liberties Activists Raise Alarm, and Legislators Start Paying Attention

By Michael A. Shapiro, Attorney at XPAN Law Group, LLC Last month, we wrote about legal developments and changing regulatory landscape affecting the use of biometric data in the private sector. The government at the federal and local levels also collects and processes a vast amount of biometric information on U.S. citizens and foreign nationals.  […]

A CISO and Outside Cybersecurity Counsel: A Marriage Made in Heaven

Frequently people ask, “why would a company [or organization] need a good cybersecurity and data privacy attorney”? A CISO (chief information security officer) should be able to handle everything, right? She should be intimately familiar with the corporate network infrastructure, all of the current policies, procedures, SOPs, and guidelines, all existing privacy and security regulations/requirements, […]