XPAN Law Group
Privacy • Discovery • Cyber Security • Data Management

Cybersecurity Series

Luck Favors the Prepared

And the Saga Continues: On The Road Again to the CJEU with Shrems II

Facebook has been caught in a legal battle concerning the adequacy of its data protection well before the Cambridge Analytical revelations that came to light in the past few weeks. While spending a semester in the United States studying at Santa Clara University, Austrian law student Max Schrems first became aware of Facebook’s limited grasp of the severity of European Union (“EU”) data protection laws in 2011 when  a privacy attorney from Facebook spoke to his class. Angered by the lack of appreciation of the EU privacy law in his home continent, Schrems decided to write his thesis paper about “Facebook’s Misunderstanding of Privacy Law in Europe.” During the course of his research, Schrems learned that Facebook had been violating strict EU privacy law, which prompted him to file numerous complaints with the Irish Data Protection Commission (DPC) in 2011. He later rescinded this set of complaints because the DPC had ignored his efforts.    

Read More
XPAN Law Group, LLC
Is Nothing Sacred? Recent Hackings on Our Governmental Entities

Somewhere, in another country or hidden in a basement down your street, a hacker is waiting in the dark searching for the vulnerabilities in our national infrastructure.  They are scanning systems for any threat vector which can serve as their entry into our world. This past week, we were treated to two recent hacking incidents against governmental entities that are the shape of things to come.  

Read More
XPAN Law Group, LLC
In case you missed it, the CLOUD Act is now law

In the midst of the Microsoft case, Senators Orrin Hatch (R-Utah), Christopher Coons (D-Del.), Lindsey Graham (R-S.C.) and Sheldon Whitehouse (D-R.I.), introduced the Clarifying Lawful Overseas Use of Data Act, or “CLOUD Act” in February, to create a framework for law enforcement to access data that is stored overseas.   At the time the CLOUD Act was first introduced, we addressed some of the potential impacts the Cloud Act would have in light of the pending Microsoft case, and the jurisdiction of data generally.  

Read More
XPAN Law Group, LLC
But, I never gave you my data? The GDPR's impact on data subject rights

Let us set the scene.  You receive an email: sign-up for LinkedIn! Facebook! Instagram! [Fill in your Service of Choice here.]  And, once you click to create an account, the information is mostly pre-populated: your name, your email address, your current job, your “friends”, your location/region -- a number of pieces of information that may have you shaking your head asking:  how did they compile all of this information without my input and without me even knowing it?

Read More
XPAN Law Group, LLC
Why Aren't You Ready? The First Steps to Protecting Healthcare Data

Recently, I read a statistic that stated 70% of employees in all industries lack sufficient cyber-preparedness. However, in the healthcare industry alone, this statistic is even higher: 78% of employees showed a lack of preparedness regarding common threat vectors and privacy issues.  This statistic, and the corresponding article, is both shocking and, at the same time, not surprising.

Read More
XPAN Law Group, LLC
A Deep Dive into CareFirst and What it Means for Breach Litigation in the US

The Supreme Court has shed some light on whether plaintiffs in a class action suit have standing to sue a healthcare insurer in federal court based upon a breach into that healthcare insurer’s protected network. On February 20, 2018, the Supreme Court denied CareFirst’s petition for certiorari and will leave the holding in place from the United States Court of Appeals, District of Columbia Circuit. This case resulted from a June 2014 cyberattack into the protected server of the health insurer, CareFirst.

Read More
XPAN Law Group, LLC
Are you Following Me? How the Internet of Things is Affecting Our Lives

The new “big thing” in the cyber world is Internet of Things (“IoT”).  What is the IoT? It is your fitness tracker, your Alexa, electronic pacemakers, the GPS in your car, self driving cars -- pretty much all of those cool and new electronics and technology that makes our lives exciting and easier.  However, no matter how techy our world gets some things never change, and the old adage -- there is no such thing as a free lunch -- seems more and more appropriate.  

Read More
XPAN Law Group, LLC
The NYDFS: Treating Cybersecurity as the Newest Businesses Opportunity

The New York Department of Financial Services (NYDFS) issued cybersecurity regulations that began to take effect on March 1, 2017.  Similar to the Health Insurance Portability and Accountability Act (“HIPAA”), the NYDFS imposed proactive cybersecurity regulations on “covered entities” doing business in New York.  Covered entities under the NYDFS cybersecurity regulations include insurance companies, banking institutions, trust companies, budget planners, check cashers, credit unions, and (thanks to Equifax) credit monitoring companies.  

Read More
XPAN Law Group, LLC
It isn't the Size of the Breach: OCR Issues Largest Fine to Date against FMCNA

People like to talk about the big cyber breaches: Instagram, Ashley Madison, Target, and Equifax, just to name a few.  But it is not always the number of people affected by a breach that should cause concerns for businesses; it is the failure of a business to take appropriate steps to protect personal data. Let us deconstruct our point by using a recent example related to healthcare data under the Health Insurance Portability and Accountability Act (“HIPAA”) and its first settlement of 2018.

Read More
XPAN Law Group, LLC
Breach Response- Decoding the Target in an M&A Transaction

If nothing else, one key element for any organization when addressing the issue of cybersecurity is breach/disaster response.  We have discussed in previous blog posts that being able to deliberately and elegantly respond to a breach is the main difference between extinction and survive.  A Darwinian proposition: only the strong (and prepared) survive.  Never is this fact more evident than when dealing with an M&A transaction.

Read More
XPAN Law Group, LLC
Cybersecurity is Always a Good Investment IN M&A Transactions

Whether you are the target or the acquirer, cybersecurity is the number 1 issue in an M&A transaction. The reason? Money. If you are the target, failure to appropriately address cybersecurity can significantly devalue your company.  If you are an acquirer, failure to conduct appropriate cyber due diligence before the deal is signed can result in purchasing a liability instead of an asset.  No matter which side of the table you sit, cybersecurity should be top-of-mind.

Read More
XPAN Law Group, LLC
Responding Elegantly and Deliberately

While at the recent Cybersecurity Awareness Summit at the Harrisburg University of Science and Technology, one of the speakers put a slide up that said basically; Firewalls, passwords, anti-virus software, and multifactor authentication → yesterday’s news. The point being that these are really the baseline.  The starting point.  The bare minimum of security.  

Read More
XPAN Law Group, LLC
A Post-Equifax World: The Times They Are A Changin'

We now live in a post-Equifax world.  When we look back at this time in history, I truly believe that is how we will measure cybersecurity regulations.  How we approached cybersecurity pre-Equifax and how we approach cybersecurity post-Equifax.  There is no point in denying that the cyber-world has fundamentally shifted.  People who were paying little-to-no attention to cybersecurity are now running to their “tech guy” to find out what type of security their company employs. So what can we expect from this post-Equifax world, you may be asking?  Simply (and yet there is nothing simple about it), more regulations. 

Read More
XPAN Law Group, LLC
What the World Needs Now....

What the world needs now is for every organization to commit to a culture of security. The Equifax cyberattack is being touted as the largest and most concerning in the history of the United States. The company is reporting that at least 143 million Americans are affected by this breach, which includes the names, addresses, social security numbers and possibly credit card numbers of those people. For those of you keeping count, that is almost half of the American population.  As an attorney who focuses solely on cybersecurity, this type of attack is hardly a surprise.  Anyone who “lives” in this world is keenly aware that cyberattacks are becoming more frequent with hackers getting better and better at their craft.  

Read More
XPAN Law Group, LLC
Cyber-Back to School Basics

As we are all preparing for the “most wonderful time of the year”, i.e. back to school for the kids, it makes me reflect on how much things have changed from when we were kids in school.  For example, I am currently on the hunt for a ½ inch three-ring binder with interior pockets in chartreuse for my 7 year old. When we were kids we showed up with a back-pack, a lunch box and some pencils. Not so anymore where we are provided a detailed list as long as my arm of school supplies for my pre-schooler.  So many of you are probably asking what this has to do with cybersecurity.  Well, it actually has everything to do with cybersecurity. 

Read More
XPAN Law Group, LLC
Know Thy Vendors

One of the most important things to consider when dealing with the issue of cybersecurity does not even involve your own direct network security.  It involves your vendors.  Those companies and organizations that help you run your business in an efficient and cost effective manner.  Those little “helpers”, however, can also be a huge threat vector to your organization.  In the world of cybersecurity, you are only as strong as the weakest link in your data chain.

Read More
XPAN Law Group, LLC