What a Trump presidency may mean for privacy and data security

White House, U.S._166211048As the shock of Trump’s surprise election win gives way to processing the consequences of a Trump presidency, one issue that has not gotten as much attention is privacy and data security.

Trump did not say much on this topic on the campaign trail and his “vision” for cybersecurity on his campaign website is relatively thin. But we can glean some information from his public comments. As always with Trump, unpredictability is his trademark, so it is anyone’s guess whether his actions going forward will be consistent with his past statements. Continue Reading

Is your company really prepared for the IoT?

Innovation - Idea - Light Bulb -92265641The IoT, or Internet of Things, connects physical devices containing software, sensors, and/or network connectivity and includes anything and everything from wearable technologies, to drones, to driverless cars. Madison Partner Mindi Giftos explains the business and legal ramifications of this technology in a piece published in In Business Madison magazine online this month.

Read more.

After the Love Has Gone: Anticipating Data Issues in Your Contract Process

Single or divorced woman alone missing a boyfriendAny agreement between two parties begins with the rosy optimism that the good times will last forever. In the world of technology licensing and development, however, we know this is rarely the case. While this blog has previously considered data security oversight by the board of directors of the company, it is also important for a company’s legal and procurement teams to establish a plan for the security, use, and transition of its data throughout the contracting process. These issues are particularly important in highly regulated industries such as healthcare and financial services. Continue Reading

Information in Distress – Part 1

Hand held distress flaresMore and more frequently the following question arises: “What do we do about personal, sensitive, and business information owned by or residing with a financially troubled company?” Information is an intangible asset and often has significant value. Information increasingly resides with a party other than the owner and may need to be transferred in unexpected ways. Unfortunately, the thinking about this question often arises after financial distress is readily apparent, such as after a bankruptcy filing. Planning should occur much earlier, whether for the business in distress or in dealing with a business that could suffer financial distress (hint 1 – the latter is every business). Continue Reading

New York proposes first cybersecurity rules

risksigniStock_000016809464_LargeNew York proposed first-of-its-kind cybersecurity regulations on Sept. 13, 2016. The proposed rules would apply only to banks, insurers, and other financial services companies regulated by the New York Department of Financial Services (“DFS”). However, the sweeping nature of the regulations and New York’s role as a banking center are likely to make the rules a model for other states. Continue Reading

Five key steps to Privacy Shield certification

surgical-glovesiStock_000007268500_LargeIn the digital era, EU data protection law may apply to U.S.-based companies with significant consequences. The EU law generally prohibits the transfer of personal data from the EU to the U.S., unless the transfer is made in accordance with one of a very few of authorized data transfer mechanisms or otherwise falls within one of the its even fewer exceptions. This transfer restriction significantly impacts U.S. multinational companies’ everyday business activities, such as processing employees’ payroll data, as well as their ability to implement enterprise-wide initiatives, such as compiling internet marketing information. Continue Reading

A Brief History of Bank Privacy

Bank SignWith all due respect to noted astrophysicist Stephen Hawking, this blog post will attempt to explain the bank privacy universe in a tiny package. Many tend to think “bank privacy” began with the Gramm-Leach-Bliley Act (“GLB” and technically The Financial Services Modernization Act of 1999). But this perspective misstates the origin of bank privacy and understates its breadth and depth.

Rather bank privacy is genetically coded into the customer relationship and has been since the beginning. Perhaps “privacy” is even the wrong word as “confidential” seems more apt. Protecting bank customer confidences has long been recognized on both state and federal levels, at common law and in numerous statutes pre-dating GLB. For perspective, in 1995 I revised my bank’s deposit agreement and made extensive reference to customer confidentiality and the bank’s information sharing practices, embodying almost all the concepts later enshrined in GLB. Continue Reading

Terms of Use and Privacy Policy: Your navigation system in the ocean of e-commerce

ocean_skyline178637162Posting a terms of use document on your website or mobile application defines the terms that govern your customers’ use of your website or mobile application and greatly reduces your exposure to liability when providing goods or services through a web-based application. A privacy policy describes to your consumers what information you collect, how you collect it and how you use it. Posting a privacy policy provides notice to your customers so that they can make an informed decision on whether or not they want to use your web-based application after considering the data you collect and how you use it.

Read more…

Should my company self-certify under the EU–US privacy shield?

key-digitaliStock_000022243984_LargeThe European Union and United States differ greatly on law regulating the collection and transfer of personal data. For many years companies could rely upon the U.S.–EU Safe Harbor to lawfully make transatlantic data transfers and bridge the gap between the differing privacy frameworks. But in October 2015, the EU Court of Justice invalidated the U.S.–EU Safe Harbor on the grounds that it did not adequately protect personal data. This ruling jeopardized the continued flow of data from the EU to the United States and left many companies wondering how they could continue collecting and using data from the EU without violating the law. Continue Reading

HIPAA punches a serious blow: Advocate Health enters into $5.5-million settlement for violations

Boxing glovesAnytime we conduct a training, we can’t help but turn blue in the face repeating over and over again the importance of conducting an accurate and thorough risk analysis of electronic PHI (ePHI). In the event of a breach or an audit, one of the first items the Office of Civil Rights (OCR) will ask for is the risk analysis. The OCR has obviously lost its patience for entities that choose or fail to perform an adequate risk analysis. Earlier this month, Advocate Health Care Center (Advocate Health) agreed to pay a massive $5.55 million to settle multiple violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This settlement is the largest to-date against a single entity. Continue Reading

LexBlog