data privacy[Update:  After publication of the below post, AB 1035 was amended to remove the below-referenced language. The fact that the California legislature considered defining what constitutes “reasonable security procedures and practices” for purposes of the CCPA’s private right of action but, at least as of now, did not proceed with such legislation leaves businesses subject

Recently, I had the pleasure of being interviewed by Julia Kerrigan, an articulate and insightful young journalist writing for her high school paper, The Dart. In my mind (that’s foreshadowing the challenges caused by my ego-centricity dear reader), the point of the conversation was for me to provide Julia with a primer on information privacy and security issues so that she could weave into her article a few observations from a so-called expert.

Continue Reading

Over the past five to ten years, the advancement of technology has produced a flurry of corporate cyber-attacks. Data breaches make the news virtually every day.

Too often, however, companies seek compensation for their data breach losses by making claims on commercial general liability (CGL) or property policies – policies that simply were not written

Blockchain technology is seeing increasingly wide use internationally, but security issues are becoming a major problem.

Blockchain is a public electronic ledger that can be openly shared among users and that creates an unchangeable record of their transactions. Each transaction, or “block”, is time-stamped and linked to the previous one. Each block is then linked to a specific participant. Blockchain can only be updated by consensus between users in the system, and when new data is entered, it can never be erased, edited, adjusted, or changed.


Continue Reading

For over twenty years, my father was a wholesale seafood supplier. One day over dinner (probably lobster, because that’s just how we rolled), my father tells us that he has hired an off-duty US Department of Agriculture inspector to inspect the fish that his company will be sending out to its grocery store clients. When I asked him if this was a legal requirement, he said it was not (the Department of Health and Human Services, via the FDA, apparently regulates fish, not the USDA). When I then asked him why he was doing it, he said, “If you were in the grocery store and you saw one piece of fish labelled ‘USDA Government Inspected’ and one piece of fish without that label, which one would you buy?” An informal “seal” program had been born!

Continue Reading

Once again, we realize that we have little control over how information we share on social media is ultimately used. The recent revelation that a data analytic firm retained by Trump’s presidential campaign used the Facebook data of more than 50 million people to target them with political ads is both shocking and unsurprising at

Recently, I counseled an employer regarding the termination of a high level HR employee. The termination wasn’t fun but the company’s termination process was followed. Unfortunately, that was the problem. The employer collected and turned off the exiting employee’s company badge. The employer took the same actions for the corporate credit card. The exiting employee’s laptop was collected and IT was informed to shut down the individual’s access to all systems immediately.

Continue Reading

Semper Fidelis is the U.S. Marines’ motto – “always faithful.” Perhaps an ironic twist of phrase in the context of its recent and preventable data breach. Let’s recap. The Marine Forces Reserve recently announced that personal information of over 21,000 Marines, sailors, and civilians were “compromised.” The PI included social security numbers, bank account and routing numbers, card information, name, address and other contact information. In other words, PI which is a treasure trove for identity thieves. Some of the PI may have been redacted in part. How did this breach occur? The culprit was an e-mail incorrectly sent with an unencrypted attachment. The email was sent out by the Defense Travel System which manages travel itineraries and expense reimbursement. Obviously sensitive location information is also in play. Probably not a big thing for a travelling salesperson, but highly problematic for defense sector travel.

Continue Reading