Archives

The Evoling Threats of Cybersecurity

The last six months has seen the world drastically change, facing a once-in-a-life time pandemic. Our lives rapidly transitioned to almost a completely digital world and, for many, have stayed there ever since. With this dramatic and instantaneous shift to an online society, cybersecurity threats have increased in frequency and evolved in sophistication. And, while […]

Transferring data from Switzerland for eDiscovery purposes in a post-Schrems II world

Michael Simon Introduction: another one bites the dust On September 8, 2020, Adrian Lobsiger, the Swiss Federal Data Protection and Information Commissioner (FDPIC), announced in a position paper that he no longer considers the Swiss US Privacy Shield agreement to be adequate for the purposes of lawfully transferring personal data from Switzerland to the US. […]

Transferring data from the EU for eDiscovery purposes in a post Privacy Shield World

Michael Simon A few weeks ago, I had the privilege of participating in a Masters’ Conference webinar on the topic of how to lawfully transfer EU data to the US after the Court of Justice of the European Union (“CJEU”) invalidated the Privacy Shield agreement on July 16, 2020. Despite many uncertainties that remain from […]

Cannabis, Cybersecurity and Data Privacy – What should you do right now under the approved CCPA regulations

Where the Legalized Cannabis Industry Stands Today with the CCPA Just this past week, the Office of Administrative Law (“OAL”) for California approved the California Consumer Privacy Act of 2018 (“CPPA”) regulations, submitted by the state’s Attorney General (“AG”) in June. Those regulations went into effect immediately (more information on the scope & requirements of […]

Lessons from the Twitter Hack

Employees continue to be one of the biggest problems facing organizations when it comes to cybersecurity and data privacy. No matter how expensive or comprehensive a company’s technological infrastructure, the human component is still the biggest threat. Employees inadvertently click links, unknowingly download files, plug in potentially infected USB drives, and thoughtlessly put personal information […]

Massachusetts & the Written Information Security Policy (WISP) Requirements: Updating Your WISP to Reflect the New “Normal” of Work

By Michael Simon Are your employees coming back to the office?  Then it’s time to update your written information security policy (WISP).  Since 2010, Massachusetts Mass. Gen. L. 93H has required organizations that collect “Personal Information” to implement a comprehensive written information security policy (WISP).  Massachusetts amended chapter 93H effective April 11, 2019 to reaffirm […]

The CJEU disrupts International Data Transfers, Again

The Court of Justice of the European Union (“ECJ”) released its much anticipated decision on July 16, 2020 regarding the transfer of personal data from the European Union (“EU”) to the United States (“US”). The full decision can be found here; and the ECJ press release can be located here.  The two main holdings of […]

Global privacy in a crisis: The challenge of addressing regional privacy laws & COVID-19

This article was originally published on Thomson Reuters Westlaw on June 27, 2020, citation 2020 WL 3486582. Republished with permission. A full copy of the original post can be found here and a copy of the PDF is available here. By Jordan L. Fischer, Esq. In the last two decades, the evolution of technology, the […]

In the Cannabis Industry, Profitability and Data Privacy/Security go Hand-in-Hand

Reprinted with permission from the July 1, 2020, issue of the New Jersey Law Journal. Further duplication without permission is prohibited. All rights reserved. © 2020 ALM Media Properties, LLC. A fully copy of the article is available here. * * * * * * By Rebecca Rakoski, Esq. No longer operating in the margins, the […]

A Continued Increase in Data Breaches Requires Proactive Privacy Compliance

By Antonia Dumas, Associate at XPAN Law Group LLC  A data breach equates to data security and privacy compliance targets. The easiest way for regulators or authorities to make a business a target for enforcement is a data breach (see our previous blog post about data breaches bringing you in front of regulatory eye).  A […]