SlideShare ist ein Scribd-Unternehmen logo

Privacy and Technology in Your Practice: Why it Matters & Where is the Risk

Als PPTX, PDF herunterladen
D
duffeeandeitzen

This presentation was given during the 2019 DBA Technology Summit

Recht
1 von 46
Privacy andTechnology inYour Practice: Written and Presented By: Craig C. Carpenter Thompson & Knight LLP Charles M. Hosch Hosch & Morris PLLC T. Hunter Lewis Duffee + Eitzen LLP Honorable Emily Miskel District Judge, 470th Judicial District Court Collin County Additional Research and Compilation: George Shake Joshua Dossey Duffee + Eitzen LLP Why it matters and where is the risk
Data Breaches for Law Firms Craig C. Carpenter,Thompson & Knight, LLP
What’s a breach? Breaches are a Privacy and Security Issue • Privacy: • Duty to maintain confidentiality • “We will keep your information secure and make sure it is not accessed by unauthorized parties.” • Cyber Security: • Physical, technical, administrative safeguards • Criminal act • 18 U.S. Code § 1030 – Computer Fraud and Abuse Act • Tex. Penal Code § 33.02 – Texas Breach of Computer Security
Law Firms are Not Immune • Mandiant reported that at least 80 of the top 100 law firms in the country, by revenue, had been hacked by 2011. • Logicforce has reported that about 2/3 of law firms have experienced some sort of data breach. “law firm”
In Fact, Law Firms are LucrativeTargets • Corporate Deals • Trade Secrets • Financial Data • Privileged Communications/Information • Personal Data • Health Data • Export-ControlledTechnology
Types of Attacks • InsiderThreat • VendorThreat • Phishing • Spear Phishing • Ransomware • Wire transfer fraud
Compliance • Rules of Professional Responsibility • State notification regulations • Data subject • AGs • Credit Agencies • International notification regulations • Industry-specific data
Compliance Issues for Law Firms • Is it a “breach”? • Who owns the data? • Law firm? • Client? • Other law firm? • Other law firm’s client? • Is it subject to a protective order? • Privileged information How does it impact your practice?
Costs What are the practical implications? • Breach investigation • Breach mitigation • Regulatory responses • Breach notification • Customer Relations • Reputational damage • Down time
InitialTakeaways from the Recent Capital One Breach 1. Having a plan and contacts in place makes a huge difference 2. Know what data you have and where it is located 3. Understand your vendor/third party vulnerabilities 4. “Hacking” has been a crime for a while now 5. Post-breach communication is critical 6. Lawsuits quick to follow
Capital One Breach Lawsuit 1. Negligence 2. Negligence Per Se 3. Breach of Implied Contract
Privacy & Technology Questions? Craig C. Carpenter Thompson & Knight, LLP O: 214-969-1154 Craig.Carpenter@tklaw.com
Cybersecurity vs. Privacy Charles M. Hosch, Hosch & Morris, PLLC
What’s the difference? “Cybersecurity” and “Privacy” Of course you can’t have privacy without security. But what’s the difference?
At a Glance: Cybersecurity • Asks, “How do I secure my data and keep it from being ‘hacked,’ breached,’ stolen, lost, or fumbled?” • Applies to: All data, including both commercial and personal information. Privacy • Asks, “Assuming I can keep my data secure (a huge ‘if’), how can I use the “personal information” within my data?” Applies to: “Personal” or “personally identifiable” information. (Definitions vary. May extend to data that can be linked to households, and/or include inferences you draw from raw data.)
Sources of Law: Cybersecurity • Trade Secret Law: Uniform Trade Secrets Act, Tex. Civ. Prac. & Rem. Code, Ch. 134A; Defend Trade Secrets Act, 18 U.S.C. §1836, et seq.; • State-based “Breach Response” statutes – All 50 States – e.g. Tex. Bus. Comm. Code §§ 521.002, 521.053; • Regulatory requirements in specific industries, e.g. NYS DFS; HIPAA Security Rule; GLBA; FTC Safeguards Rule; MA and CA Information Security Laws; UCC Article 4A; NAIC Insurance Data Security Model Law; City of Chicago (Ordinance, MCC § 2-25-090); PCI-DSS; • Requirements in privacy statutes, e.g. CCPA; • FTC Act, 15 U.S.C. Sec. 5. Privacy • -In US, mostly “sector-specific,” e.g. HIPAA for healthcare; Gramm-Leach- Bliley for financial institutions; FERPA for education; FCRA for credit reports and background checks, etc.; • Most privacy statutes are not preemptive, so states and state industry regulators can overlap; • For Europe (including tracking Europeans from US), comprehensive privacy regulation under GDPR; • Movement toward comprehensive state statutes, e.g. California Consumer Privacy Act (“CCPA”) taking effect in 2020 • FTC Act, 15 U.S.C. Sec. 5. • Key Regulators: • Federal: FTC, OCR, and SEC • State: State AGs • Individual: Class Action Lawyers
General Principles and Standards Cybersecurity • Use reasonable measures to protect the confidentiality, security, and integrity of data; • Note that what is enough to be “reasonable” varies according to how sensitive the particular data is; • What is “reasonable” evolves over time; • There is no such thing as perfect security – good information security program documentation is critical. Privacy FTC Fair Information Principles: • Notice/Awareness: Tell people what data you’re going to collect, and why; • Choice/Consent: Get their consent; • Access/Participation: Let people see their data, correct mistakes in it, have it back or move it if they wish; • Integrity/Security: You and your vendors use it only for the consented purpose, keep it secure, dispose of it responsibly; • Enforcement/Redress: (Think $5
Cloud Computing and Legal Technology Q: What are cloud services? A: Third-party services to which you can outsource some or all of your IT requirements. Q: What types of requirements can you outsource (partial list)? A: Top-level “Infrastructure” (e.g. to AWS or Microsoft); Middle-level “Platforms” (e.g. SalesForce or SQL Server); and/or User-friendly “Applications” (e.g. Abacus, Practice Panther, Clio). *You’ll have different responsibilities, and different contracts, for each “layer.” ( Q: What do I most need to know about Legal Tech? A: Most legal-tech services: (i) Are running on a cloud platform hosted by a third-party, (ii) Present their own security and privacy risks, and are (iii) probably relying on other vendors to provide aspects of their services to your firm.
Contracting Key Topics (partial list) PRIVACY PERFORMANCE Automatic Renewal? SECURITY Confidentiality Copyright Infringement Cost Third-Party Issues Inappropriate/Illegal Use Scalability Data Ownership Modifications/Changes Accessibility Geolocation Governing Law/Venue Data Recovery WARRANTIES SERVICE LEVEL AGREEMENTS Storage Term TERMINATION RIGHTS Compliance Training Breach Notification Audits VENDOR CONTROL SCOPE OF RIGHTS
Vendor Control Q: What does “vendor control” mean? A: Prudent Selection – Contracting – Monitoring – Management of vendors and service providers. Q: What are the keys to selecting and contracting with a vendor? A: Ethics/reputation; functionality; performance/service commitment; confidentiality; security; data control; and ownership. Q: Is this required, or just best practice? A: Increasingly required. GDPR and CCPA effectively require Data Processing and Security Addenda, where your vendors pledge to require their vendors not to use personal data for anything except the purpose for which they’re hired; to require the same of their vendors; to keep personal information secure; etc. (TRANSLATION: don’t let your vendors’ vendors do a side hustle with your clients’ data – or with yours.)
Privacy & Technology Questions? Charles M. Hosch Hosch & Morris, PLLC O: 214-306-8980, ext. 102 charles@hoschmorris.com
Competent Representation T. Hunter Lewis, Duffee + Eitzen LLP Duffee + Eitzen LLP
SpecialThanks: George Shake Joshua Dossey Duffee + Eitzen LLP
Technological Competence Requirements In The Beginning…. • In 2012 ABA revised Model Rules of Professional Conduct, Rule 1.1, comment 8 to include the requirement for attorneys to maintain technological competence. • The ABA issues advisory opinions on ethics questions and can be cited as persuasive authority – these opinions and rules are not binding on state disciplinary authorities
ABA Model Rules of Professional Conduct Rule 1.1, comment 8 -Maintaining Competence [8]To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.
Texas Implementatio n In The Beginning…. • At the state level, many states began passing legislation concerning technical updates to their statutory authority concerning process of service (to include electronic service), electronic signatures, electronic communication/notice, and electronic filing • In 2013, The Texas Supreme Court mandated electronic filing in civil cases to begin January 1, 2014, with full implementation by July, 2016.
Texas Key Rule Changes • Texas Rule of Civil Procedure 21 • Filing and Serving Pleadings and Motions • Texas Rule of Civil Procedure 21a • Methods of Service • Texas Rule of Civil Procedure 21c • Privacy Protection for Filed Documents
Texas Ethics Opinion Concerning then Current Rules 2016 – Texas Ethics Opinion 665 • In December, 2016 The Professional Ethics Committee For the State Bar of Texas issued Opinion No. 665. • This opinion addresses attorney’s responsibilities related to metadata. • The opinion reviewed the competency requirements of the previous version of Rule 1.01, Texas Disciplinary Rules of Professional Conduct. • Although this opinion addresses an attorney’s duty of competence related to technology, this opinion narrowly deals with metadata.
Texas Ethics Opinion Concerning then Current Rules 2016 – Texas Ethics Opinion 665 The opinion states: • [A] lawyer’s duty of competence requires that lawyers who use electronic documents understand that metadata is created in the generation of electronic documents, that transmission of electronic documents will include transmission of metadata, that the transmitted metadata may include confidential information, that recipients of the documents can access metadata, and that actions can be taken to prevent or minimize the transmission of metadata.
Florida became the first state to require lawyers to include Technology in their CLE 2017 – The First CLE Requirement in FloridaRULE 6-10.3 MINIMUM CONTINUING LEGAL EDUCATION STANDARDS (b) Minimum Hourly Continuing Legal Education Requirements. Each member must complete a minimum of 33 credit hours of approved continuing legal education activity every 3 years. At least 5 of the 33 credit hours must be in approved legal ethics, professionalism, bias elimination, substance abuse, or mental illness awareness programs, with at least 1 of the 5 hours in an approved professionalism program, and at least 3 of the 33 credit hours must be in approved technology programs. If a member completes more than 33 credit hours during any reporting cycle, the excess credits cannot be carried over to the next reporting cycle.
Texas Ethics Opinion Concerning then Current Rules 2018 – Texas Ethics Opinion 680 • In September 2018 The Professional Ethics Committee For the State Bar of Texas issues Opinion No. 680. • The opinion states: Rule 1.01(a) requires that lawyers exhibit “competence” in representing clients. In Opinion 665 (December 2016), the Committee applied Rule 1.01 to a question involving a lawyer’s inadvertent transmission to third parties of electronic metadata within client documents and concluded that the Rule’s “competency” requirement was applicable to a lawyer’s technological competence in preserving client confidential information. The Committee reiterates here the necessity of competence by lawyers and their staff regarding data protection considerations of cloud-based systems. • Again, the opinion addresses an attorney’s duty of competence related to technology, this opinion focuses on cloud-based systems, not technology as a broad issue.
2019Texas Supreme Court Order February 26, 2019 the Texas Supreme Court orders that paragraph 8 of the comment to Rule 1.01, Texas Disciplinary Rules of Professional Conduct, is amended to include the requirement for attorneys to maintain technological competence. Thus, becoming the 36th and most recent state to do so.
Texas Ethics Opinion Concerning then Current Rules 2019 Texas Supreme Court Order Rule 1.01. Competent and Diligent Representation Comment: Maintaining Competence 8. Because of the vital role of lawyers in the legal process, each lawyer should strive to become and remain proficient and competent in the practice of law, including the benefits and risks associated with relevant technology. To maintain the requisite knowledge and skill of a competent practitioner, a lawyer should engage in continuing study and education. If a system of peer review has been established, the lawyer should consider making use of it in appropriate circumstances. Isolated instances of faulty conduct or decision should be identified for purposes of additional study or instruction.
How will Texas apply this change? 2019 Texas Supreme Court Order Rule 1.01. Competent and Diligent Representation • As of 9/1/2019, no appellate decisions in Texas reference the revised comment to the Rule. • Sister Jurisdictions may give rise to some guidance for Texas Courts (e.g. Delaware).
The Potential Future of the Competence Requirement James v. Nat’l Fin.LLC, C.A. No. 8931-VCL, 2014 Del. Ch. LEXIS 254 (Del.Ch. December 5, 2014). • The Court of Chancery has jurisdiction to hear all matters relating to equity, largely dealing with corporate issues, has a national reputation in the business community and is responsible for developing the case law in Delaware on corporate matters. Appeals from the Court of Chancery may be taken to the Supreme Court.
James v. Nat’l Fin.LLC • Delaware’s Lawyer’s Rules of Professional Conduct, Rule 1.1, Comment 8, was amended to include the language “including the benefits and risks associated with relevant technology.” ****(This is the Texas Language)**** Case Background • Class Action unconscionable loan practices civil lawsuit. • This opinion deals with a discovery dispute and sanctions. • The Plaintiffs propounded discovery requests related to the bank’s loan practices.
James v. Nat’l Fin.LLC Case Background • In the deposition of the Defendant bank’s representative he admitted to making errors in exporting data for the discovery response. • Court ordered Defendant bank to utilize an IT expert to respond to specific discovery requests. • Court ordered that the IT expert provide an affidavit describing the procedures it followed in extracting the data. • Defendant chatted with an IT expert for 20 minutes who wrote a letter stating that there was no way to property and easily convert paper records into an electronic database.
James v. Nat’l Fin.LLC Case Background • Plaintiff’s attorney pressed Defendant’s attorney for the required affidavit. Wait for it… Wait for it… • Defendant’s attorney stated that he did not know anything about it and tried to stay out of the process! • During the hearing on motion for sanctions (of course) Defendant’s attorney said…
James v. Nat’l Fin.LLC Case Background “I have to confess to this Court, I am not computer literate. I have not found presence in the cybernetic revolution. I need a secretary to help me turn on the computer. This was out of my bailiwick.”
James v. Nat’l Fin.LLC Holding The Court had some thoughts about this: • Professed technological incompetence is not an excuse for discovery misconduct and went on to quote comment 8 to Rule 1.1 of Delaware’s Lawyer’s Rules of Professional Conduct with the language “including the benefits and risks associated with relevant technology.” • The Court ordered the Defendant to pay Plaintiff’s attorneys fees and costs related to this discovery dispute.
Final Thoughts • While Texas does not have a specific Technology requirement for CLE, prioritize at least one CLE or Lecture concerning technology updates annually. • Refer to State Bar promulgated seminars concerning legislative updates and updates concerning e-discovery and new trends in technology in litigation. • Know what you don’t know… technology can outpace even the best of us!
Privacy & Technology Questions? T. Hunter Lewis Duffee + Eitzen, LLP O: 214-419-9010 Hunter@D-ELaw.com
The Judicial Perspective Hon. Emily Miskel, District Judge 470th Judicial District Court Collin County,Texas
Privacy & Technology Questions? Hon. Emily Miskel District Judge 470th Judicial District Court Emily@EmilyMiskel.com

Empfohlen

20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet LawKlemchuk LLP
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseShawn Tuma
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsShawn Tuma
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINCOMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINamiable_indian
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 

Empfohlen

20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet LawKlemchuk LLP
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseShawn Tuma
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsShawn Tuma
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINCOMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINamiable_indian
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Gagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationGagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationChristina Gagnier
 
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's EnterpriseJustin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprisecentralohioissa
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
Strong Host Security Policies are Good Business
Strong Host Security Policies are Good BusinessStrong Host Security Policies are Good Business
Strong Host Security Policies are Good BusinessHostingCon
 
Be aware of the ICT laws that apply to your organisation
Be aware of the ICT laws that apply to your organisationBe aware of the ICT laws that apply to your organisation
Be aware of the ICT laws that apply to your organisationLance Michalson
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
The Legal Aspects of Cyberspace
The Legal Aspects of CyberspaceThe Legal Aspects of Cyberspace
The Legal Aspects of Cyberspacetimmcguinness
 
Privacy and Security in Mobile E-Commerce
Privacy and Security in Mobile E-CommercePrivacy and Security in Mobile E-Commerce
Privacy and Security in Mobile E-CommerceNow Dentons
 
Be aware of the laws in South Africa that apply to email
Be aware of the laws in South Africa that apply to emailBe aware of the laws in South Africa that apply to email
Be aware of the laws in South Africa that apply to emailLance Michalson
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
 
KMA Insights Webinar July 2009 -- Compliance with MA Privacy Law
KMA Insights Webinar July 2009 -- Compliance with MA Privacy LawKMA Insights Webinar July 2009 -- Compliance with MA Privacy Law
KMA Insights Webinar July 2009 -- Compliance with MA Privacy LawKnowledge Management Associates, LLC
 
Tech Week Chicago 2012: Law & Social Data
Tech Week Chicago 2012: Law & Social DataTech Week Chicago 2012: Law & Social Data
Tech Week Chicago 2012: Law & Social DataAdler Law Group
 
Understanding Legal Technology Competence with Bob Ambrogi and Joshua Lenon
Understanding Legal Technology Competence with Bob Ambrogi and Joshua LenonUnderstanding Legal Technology Competence with Bob Ambrogi and Joshua Lenon
Understanding Legal Technology Competence with Bob Ambrogi and Joshua LenonClio - Cloud-Based Legal Technology
 
How to Choose a Legal Technology Consultant
How to Choose a Legal Technology ConsultantHow to Choose a Legal Technology Consultant
How to Choose a Legal Technology ConsultantClio - Cloud-Based Legal Technology
 
Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryEMC
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
Cloud primer
Cloud primerCloud primer
Cloud primerZeno Idzerda
 
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...William Tanenbaum
 
Best Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information SecurityBest Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information Securitysatyakam_biswas
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
 

Weitere ähnliche Inhalte

Was ist angesagt?

Gagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationGagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationChristina Gagnier
 
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's EnterpriseJustin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprisecentralohioissa
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
Strong Host Security Policies are Good Business
Strong Host Security Policies are Good BusinessStrong Host Security Policies are Good Business
Strong Host Security Policies are Good BusinessHostingCon
 
Be aware of the ICT laws that apply to your organisation
Be aware of the ICT laws that apply to your organisationBe aware of the ICT laws that apply to your organisation
Be aware of the ICT laws that apply to your organisationLance Michalson
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
The Legal Aspects of Cyberspace
The Legal Aspects of CyberspaceThe Legal Aspects of Cyberspace
The Legal Aspects of Cyberspacetimmcguinness
 
Privacy and Security in Mobile E-Commerce
Privacy and Security in Mobile E-CommercePrivacy and Security in Mobile E-Commerce
Privacy and Security in Mobile E-CommerceNow Dentons
 
Be aware of the laws in South Africa that apply to email
Be aware of the laws in South Africa that apply to emailBe aware of the laws in South Africa that apply to email
Be aware of the laws in South Africa that apply to emailLance Michalson
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
 
Tech Week Chicago 2012: Law & Social Data
Tech Week Chicago 2012: Law & Social DataTech Week Chicago 2012: Law & Social Data
Tech Week Chicago 2012: Law & Social DataAdler Law Group
 
Understanding Legal Technology Competence with Bob Ambrogi and Joshua Lenon
Understanding Legal Technology Competence with Bob Ambrogi and Joshua LenonUnderstanding Legal Technology Competence with Bob Ambrogi and Joshua Lenon
Understanding Legal Technology Competence with Bob Ambrogi and Joshua LenonClio - Cloud-Based Legal Technology
 
Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryEMC
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...William Tanenbaum
 
Best Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information SecurityBest Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information Securitysatyakam_biswas
 

Was ist angesagt? (20)

Gagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationGagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago Presentation
 
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's EnterpriseJustin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information Security
 
Strong Host Security Policies are Good Business
Strong Host Security Policies are Good BusinessStrong Host Security Policies are Good Business
Strong Host Security Policies are Good Business
 
Be aware of the ICT laws that apply to your organisation
Be aware of the ICT laws that apply to your organisationBe aware of the ICT laws that apply to your organisation
Be aware of the ICT laws that apply to your organisation
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
 
The Legal Aspects of Cyberspace
The Legal Aspects of CyberspaceThe Legal Aspects of Cyberspace
The Legal Aspects of Cyberspace
 
Privacy and Security in Mobile E-Commerce
Privacy and Security in Mobile E-CommercePrivacy and Security in Mobile E-Commerce
Privacy and Security in Mobile E-Commerce
 
Be aware of the laws in South Africa that apply to email
Be aware of the laws in South Africa that apply to emailBe aware of the laws in South Africa that apply to email
Be aware of the laws in South Africa that apply to email
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to Know
 
KMA Insights Webinar July 2009 -- Compliance with MA Privacy Law
KMA Insights Webinar July 2009 -- Compliance with MA Privacy LawKMA Insights Webinar July 2009 -- Compliance with MA Privacy Law
KMA Insights Webinar July 2009 -- Compliance with MA Privacy Law
 
Tech Week Chicago 2012: Law & Social Data
Tech Week Chicago 2012: Law & Social DataTech Week Chicago 2012: Law & Social Data
Tech Week Chicago 2012: Law & Social Data
 
Understanding Legal Technology Competence with Bob Ambrogi and Joshua Lenon
Understanding Legal Technology Competence with Bob Ambrogi and Joshua LenonUnderstanding Legal Technology Competence with Bob Ambrogi and Joshua Lenon
Understanding Legal Technology Competence with Bob Ambrogi and Joshua Lenon
 
How to Choose a Legal Technology Consultant
How to Choose a Legal Technology ConsultantHow to Choose a Legal Technology Consultant
How to Choose a Legal Technology Consultant
 
Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare Industry
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
Cloud primer
Cloud primerCloud primer
Cloud primer
 
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
 
Best Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information SecurityBest Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information Security
 

Ähnlich wie Privacy and Technology in Your Practice: Why it Matters & Where is the Risk

Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better CybersecurityShawn Tuma
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...Shawn Tuma
 
Scotland legal update 25 sept
Scotland legal update 25 septScotland legal update 25 sept
Scotland legal update 25 septRachel Aldighieri
 
12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotatedwdsnead
 
Legal Issues Associated with Third-Party Cyber Risk
Legal Issues Associated with Third-Party Cyber RiskLegal Issues Associated with Third-Party Cyber Risk
Legal Issues Associated with Third-Party Cyber RiskShawn Tuma
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 
Don't be a robot: You can't automate your ethical considerations
Don't be a robot: You can't automate your ethical considerationsDon't be a robot: You can't automate your ethical considerations
Don't be a robot: You can't automate your ethical considerationsNehal Madhani
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...
The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...
The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...Gary Allen
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16Glenn E. Davis
 
Hacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetHacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetLexisNexis
 
Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm,...
Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm,...Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm,...
Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm,...Shawn Tuma
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
 
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...Lisa Abe-Oldenburg, B.Comm., JD.
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...David Cunningham
 

Ähnlich wie Privacy and Technology in Your Practice: Why it Matters & Where is the Risk (20)

Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better Cybersecurity
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
 
Scotland legal update 25 sept
Scotland legal update 25 septScotland legal update 25 sept
Scotland legal update 25 sept
 
12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated
 
Legal Issues Associated with Third-Party Cyber Risk
Legal Issues Associated with Third-Party Cyber RiskLegal Issues Associated with Third-Party Cyber Risk
Legal Issues Associated with Third-Party Cyber Risk
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
Don't be a robot: You can't automate your ethical considerations
Don't be a robot: You can't automate your ethical considerationsDon't be a robot: You can't automate your ethical considerations
Don't be a robot: You can't automate your ethical considerations
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...
The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...
The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16
 
Hacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetHacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder Target
 
Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm,...
Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm,...Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm,...
Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm,...
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
 
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...
 
How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?
 

Kürzlich hochgeladen

FULL ENJOY - 8264348440 Call Girls in Netaji Subhash Place | Delhi
FULL ENJOY - 8264348440 Call Girls in Netaji Subhash Place | DelhiFULL ENJOY - 8264348440 Call Girls in Netaji Subhash Place | Delhi
FULL ENJOY - 8264348440 Call Girls in Netaji Subhash Place | Delhisoniya singh
 
Chp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptChp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptzainabbkhaleeq123
 
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdfBPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdflaysamaeguardiano
 
INVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxINVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxnyabatejosphat1
 
Legal Risks and Compliance Considerations for Cryptocurrency Exchanges in India
Legal Risks and Compliance Considerations for Cryptocurrency Exchanges in IndiaLegal Risks and Compliance Considerations for Cryptocurrency Exchanges in India
Legal Risks and Compliance Considerations for Cryptocurrency Exchanges in IndiaFinlaw Consultancy Pvt Ltd
 
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptxMunicipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptxSHIVAMGUPTA671167
 
The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...James Watkins, III JD CFP®
 
Divorce Procedure in India (Info) (1).pdf
Divorce Procedure in India (Info) (1).pdfDivorce Procedure in India (Info) (1).pdf
Divorce Procedure in India (Info) (1).pdfdigitalnikesh24
 
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书Fs Las
 
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881mayurchatre90
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsAurora Consulting
 
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual serviceanilsa9823
 
Transferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptxTransferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptx2020000445musaib
 
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptxKEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptxRRR Chambers
 
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)Delhi Call girls
 
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书 如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书Sir Lt
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxMollyBrown86
 

Kürzlich hochgeladen (20)

Old Income Tax Regime Vs New Income Tax Regime
Old Income Tax Regime Vs New Income Tax RegimeOld Income Tax Regime Vs New Income Tax Regime
Old Income Tax Regime Vs New Income Tax Regime
 
FULL ENJOY - 8264348440 Call Girls in Netaji Subhash Place | Delhi
FULL ENJOY - 8264348440 Call Girls in Netaji Subhash Place | DelhiFULL ENJOY - 8264348440 Call Girls in Netaji Subhash Place | Delhi
FULL ENJOY - 8264348440 Call Girls in Netaji Subhash Place | Delhi
 
Chp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptChp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .ppt
 
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdfBPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
 
Vip Call Girls Greater Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Greater Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Greater Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Greater Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
INVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxINVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptx
 
Legal Risks and Compliance Considerations for Cryptocurrency Exchanges in India
Legal Risks and Compliance Considerations for Cryptocurrency Exchanges in IndiaLegal Risks and Compliance Considerations for Cryptocurrency Exchanges in India
Legal Risks and Compliance Considerations for Cryptocurrency Exchanges in India
 
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptxMunicipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
 
The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...
 
Divorce Procedure in India (Info) (1).pdf
Divorce Procedure in India (Info) (1).pdfDivorce Procedure in India (Info) (1).pdf
Divorce Procedure in India (Info) (1).pdf
 
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
 
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
 
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
 
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
 
Transferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptxTransferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptx
 
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptxKEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
 
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
 
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书 如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
 

Privacy and Technology in Your Practice: Why it Matters & Where is the Risk

  • 1. Privacy andTechnology inYour Practice: Written and Presented By: Craig C. Carpenter Thompson & Knight LLP Charles M. Hosch Hosch & Morris PLLC T. Hunter Lewis Duffee + Eitzen LLP Honorable Emily Miskel District Judge, 470th Judicial District Court Collin County Additional Research and Compilation: George Shake Joshua Dossey Duffee + Eitzen LLP Why it matters and where is the risk
  • 2. Data Breaches for Law Firms Craig C. Carpenter,Thompson & Knight, LLP
  • 3.
  • 4.
  • 5. What’s a breach? Breaches are a Privacy and Security Issue • Privacy: • Duty to maintain confidentiality • “We will keep your information secure and make sure it is not accessed by unauthorized parties.” • Cyber Security: • Physical, technical, administrative safeguards • Criminal act • 18 U.S. Code § 1030 – Computer Fraud and Abuse Act • Tex. Penal Code § 33.02 – Texas Breach of Computer Security
  • 6. Law Firms are Not Immune • Mandiant reported that at least 80 of the top 100 law firms in the country, by revenue, had been hacked by 2011. • Logicforce has reported that about 2/3 of law firms have experienced some sort of data breach. “law firm”
  • 7. In Fact, Law Firms are LucrativeTargets • Corporate Deals • Trade Secrets • Financial Data • Privileged Communications/Information • Personal Data • Health Data • Export-ControlledTechnology
  • 8. Types of Attacks • InsiderThreat • VendorThreat • Phishing • Spear Phishing • Ransomware • Wire transfer fraud
  • 9. Compliance • Rules of Professional Responsibility • State notification regulations • Data subject • AGs • Credit Agencies • International notification regulations • Industry-specific data
  • 10. Compliance Issues for Law Firms • Is it a “breach”? • Who owns the data? • Law firm? • Client? • Other law firm? • Other law firm’s client? • Is it subject to a protective order? • Privileged information How does it impact your practice?
  • 11. Costs What are the practical implications? • Breach investigation • Breach mitigation • Regulatory responses • Breach notification • Customer Relations • Reputational damage • Down time
  • 12. InitialTakeaways from the Recent Capital One Breach 1. Having a plan and contacts in place makes a huge difference 2. Know what data you have and where it is located 3. Understand your vendor/third party vulnerabilities 4. “Hacking” has been a crime for a while now 5. Post-breach communication is critical 6. Lawsuits quick to follow
  • 13. Capital One Breach Lawsuit 1. Negligence 2. Negligence Per Se 3. Breach of Implied Contract
  • 14. Privacy & Technology Questions? Craig C. Carpenter Thompson & Knight, LLP O: 214-969-1154 Craig.Carpenter@tklaw.com
  • 15. Cybersecurity vs. Privacy Charles M. Hosch, Hosch & Morris, PLLC
  • 16. What’s the difference? “Cybersecurity” and “Privacy” Of course you can’t have privacy without security. But what’s the difference?
  • 17. At a Glance: Cybersecurity • Asks, “How do I secure my data and keep it from being ‘hacked,’ breached,’ stolen, lost, or fumbled?” • Applies to: All data, including both commercial and personal information. Privacy • Asks, “Assuming I can keep my data secure (a huge ‘if’), how can I use the “personal information” within my data?” Applies to: “Personal” or “personally identifiable” information. (Definitions vary. May extend to data that can be linked to households, and/or include inferences you draw from raw data.)
  • 18. Sources of Law: Cybersecurity • Trade Secret Law: Uniform Trade Secrets Act, Tex. Civ. Prac. & Rem. Code, Ch. 134A; Defend Trade Secrets Act, 18 U.S.C. §1836, et seq.; • State-based “Breach Response” statutes – All 50 States – e.g. Tex. Bus. Comm. Code §§ 521.002, 521.053; • Regulatory requirements in specific industries, e.g. NYS DFS; HIPAA Security Rule; GLBA; FTC Safeguards Rule; MA and CA Information Security Laws; UCC Article 4A; NAIC Insurance Data Security Model Law; City of Chicago (Ordinance, MCC § 2-25-090); PCI-DSS; • Requirements in privacy statutes, e.g. CCPA; • FTC Act, 15 U.S.C. Sec. 5. Privacy • -In US, mostly “sector-specific,” e.g. HIPAA for healthcare; Gramm-Leach- Bliley for financial institutions; FERPA for education; FCRA for credit reports and background checks, etc.; • Most privacy statutes are not preemptive, so states and state industry regulators can overlap; • For Europe (including tracking Europeans from US), comprehensive privacy regulation under GDPR; • Movement toward comprehensive state statutes, e.g. California Consumer Privacy Act (“CCPA”) taking effect in 2020 • FTC Act, 15 U.S.C. Sec. 5. • Key Regulators: • Federal: FTC, OCR, and SEC • State: State AGs • Individual: Class Action Lawyers
  • 19. General Principles and Standards Cybersecurity • Use reasonable measures to protect the confidentiality, security, and integrity of data; • Note that what is enough to be “reasonable” varies according to how sensitive the particular data is; • What is “reasonable” evolves over time; • There is no such thing as perfect security – good information security program documentation is critical. Privacy FTC Fair Information Principles: • Notice/Awareness: Tell people what data you’re going to collect, and why; • Choice/Consent: Get their consent; • Access/Participation: Let people see their data, correct mistakes in it, have it back or move it if they wish; • Integrity/Security: You and your vendors use it only for the consented purpose, keep it secure, dispose of it responsibly; • Enforcement/Redress: (Think $5
  • 20. Cloud Computing and Legal Technology Q: What are cloud services? A: Third-party services to which you can outsource some or all of your IT requirements. Q: What types of requirements can you outsource (partial list)? A: Top-level “Infrastructure” (e.g. to AWS or Microsoft); Middle-level “Platforms” (e.g. SalesForce or SQL Server); and/or User-friendly “Applications” (e.g. Abacus, Practice Panther, Clio). *You’ll have different responsibilities, and different contracts, for each “layer.” ( Q: What do I most need to know about Legal Tech? A: Most legal-tech services: (i) Are running on a cloud platform hosted by a third-party, (ii) Present their own security and privacy risks, and are (iii) probably relying on other vendors to provide aspects of their services to your firm.
  • 21. Contracting Key Topics (partial list) PRIVACY PERFORMANCE Automatic Renewal? SECURITY Confidentiality Copyright Infringement Cost Third-Party Issues Inappropriate/Illegal Use Scalability Data Ownership Modifications/Changes Accessibility Geolocation Governing Law/Venue Data Recovery WARRANTIES SERVICE LEVEL AGREEMENTS Storage Term TERMINATION RIGHTS Compliance Training Breach Notification Audits VENDOR CONTROL SCOPE OF RIGHTS
  • 22. Vendor Control Q: What does “vendor control” mean? A: Prudent Selection – Contracting – Monitoring – Management of vendors and service providers. Q: What are the keys to selecting and contracting with a vendor? A: Ethics/reputation; functionality; performance/service commitment; confidentiality; security; data control; and ownership. Q: Is this required, or just best practice? A: Increasingly required. GDPR and CCPA effectively require Data Processing and Security Addenda, where your vendors pledge to require their vendors not to use personal data for anything except the purpose for which they’re hired; to require the same of their vendors; to keep personal information secure; etc. (TRANSLATION: don’t let your vendors’ vendors do a side hustle with your clients’ data – or with yours.)
  • 23. Privacy & Technology Questions? Charles M. Hosch Hosch & Morris, PLLC O: 214-306-8980, ext. 102 charles@hoschmorris.com
  • 24. Competent Representation T. Hunter Lewis, Duffee + Eitzen LLP Duffee + Eitzen LLP
  • 26. Technological Competence Requirements In The Beginning…. • In 2012 ABA revised Model Rules of Professional Conduct, Rule 1.1, comment 8 to include the requirement for attorneys to maintain technological competence. • The ABA issues advisory opinions on ethics questions and can be cited as persuasive authority – these opinions and rules are not binding on state disciplinary authorities
  • 27. ABA Model Rules of Professional Conduct Rule 1.1, comment 8 -Maintaining Competence [8]To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.
  • 28. Texas Implementatio n In The Beginning…. • At the state level, many states began passing legislation concerning technical updates to their statutory authority concerning process of service (to include electronic service), electronic signatures, electronic communication/notice, and electronic filing • In 2013, The Texas Supreme Court mandated electronic filing in civil cases to begin January 1, 2014, with full implementation by July, 2016.
  • 29. Texas Key Rule Changes • Texas Rule of Civil Procedure 21 • Filing and Serving Pleadings and Motions • Texas Rule of Civil Procedure 21a • Methods of Service • Texas Rule of Civil Procedure 21c • Privacy Protection for Filed Documents
  • 30. Texas Ethics Opinion Concerning then Current Rules 2016 – Texas Ethics Opinion 665 • In December, 2016 The Professional Ethics Committee For the State Bar of Texas issued Opinion No. 665. • This opinion addresses attorney’s responsibilities related to metadata. • The opinion reviewed the competency requirements of the previous version of Rule 1.01, Texas Disciplinary Rules of Professional Conduct. • Although this opinion addresses an attorney’s duty of competence related to technology, this opinion narrowly deals with metadata.
  • 31. Texas Ethics Opinion Concerning then Current Rules 2016 – Texas Ethics Opinion 665 The opinion states: • [A] lawyer’s duty of competence requires that lawyers who use electronic documents understand that metadata is created in the generation of electronic documents, that transmission of electronic documents will include transmission of metadata, that the transmitted metadata may include confidential information, that recipients of the documents can access metadata, and that actions can be taken to prevent or minimize the transmission of metadata.
  • 32. Florida became the first state to require lawyers to include Technology in their CLE 2017 – The First CLE Requirement in FloridaRULE 6-10.3 MINIMUM CONTINUING LEGAL EDUCATION STANDARDS (b) Minimum Hourly Continuing Legal Education Requirements. Each member must complete a minimum of 33 credit hours of approved continuing legal education activity every 3 years. At least 5 of the 33 credit hours must be in approved legal ethics, professionalism, bias elimination, substance abuse, or mental illness awareness programs, with at least 1 of the 5 hours in an approved professionalism program, and at least 3 of the 33 credit hours must be in approved technology programs. If a member completes more than 33 credit hours during any reporting cycle, the excess credits cannot be carried over to the next reporting cycle.
  • 33. Texas Ethics Opinion Concerning then Current Rules 2018 – Texas Ethics Opinion 680 • In September 2018 The Professional Ethics Committee For the State Bar of Texas issues Opinion No. 680. • The opinion states: Rule 1.01(a) requires that lawyers exhibit “competence” in representing clients. In Opinion 665 (December 2016), the Committee applied Rule 1.01 to a question involving a lawyer’s inadvertent transmission to third parties of electronic metadata within client documents and concluded that the Rule’s “competency” requirement was applicable to a lawyer’s technological competence in preserving client confidential information. The Committee reiterates here the necessity of competence by lawyers and their staff regarding data protection considerations of cloud-based systems. • Again, the opinion addresses an attorney’s duty of competence related to technology, this opinion focuses on cloud-based systems, not technology as a broad issue.
  • 34. 2019Texas Supreme Court Order February 26, 2019 the Texas Supreme Court orders that paragraph 8 of the comment to Rule 1.01, Texas Disciplinary Rules of Professional Conduct, is amended to include the requirement for attorneys to maintain technological competence. Thus, becoming the 36th and most recent state to do so.
  • 35. Texas Ethics Opinion Concerning then Current Rules 2019 Texas Supreme Court Order Rule 1.01. Competent and Diligent Representation Comment: Maintaining Competence 8. Because of the vital role of lawyers in the legal process, each lawyer should strive to become and remain proficient and competent in the practice of law, including the benefits and risks associated with relevant technology. To maintain the requisite knowledge and skill of a competent practitioner, a lawyer should engage in continuing study and education. If a system of peer review has been established, the lawyer should consider making use of it in appropriate circumstances. Isolated instances of faulty conduct or decision should be identified for purposes of additional study or instruction.
  • 36. How will Texas apply this change? 2019 Texas Supreme Court Order Rule 1.01. Competent and Diligent Representation • As of 9/1/2019, no appellate decisions in Texas reference the revised comment to the Rule. • Sister Jurisdictions may give rise to some guidance for Texas Courts (e.g. Delaware).
  • 37. The Potential Future of the Competence Requirement James v. Nat’l Fin.LLC, C.A. No. 8931-VCL, 2014 Del. Ch. LEXIS 254 (Del.Ch. December 5, 2014). • The Court of Chancery has jurisdiction to hear all matters relating to equity, largely dealing with corporate issues, has a national reputation in the business community and is responsible for developing the case law in Delaware on corporate matters. Appeals from the Court of Chancery may be taken to the Supreme Court.
  • 38. James v. Nat’l Fin.LLC • Delaware’s Lawyer’s Rules of Professional Conduct, Rule 1.1, Comment 8, was amended to include the language “including the benefits and risks associated with relevant technology.” ****(This is the Texas Language)**** Case Background • Class Action unconscionable loan practices civil lawsuit. • This opinion deals with a discovery dispute and sanctions. • The Plaintiffs propounded discovery requests related to the bank’s loan practices.
  • 39. James v. Nat’l Fin.LLC Case Background • In the deposition of the Defendant bank’s representative he admitted to making errors in exporting data for the discovery response. • Court ordered Defendant bank to utilize an IT expert to respond to specific discovery requests. • Court ordered that the IT expert provide an affidavit describing the procedures it followed in extracting the data. • Defendant chatted with an IT expert for 20 minutes who wrote a letter stating that there was no way to property and easily convert paper records into an electronic database.
  • 40. James v. Nat’l Fin.LLC Case Background • Plaintiff’s attorney pressed Defendant’s attorney for the required affidavit. Wait for it… Wait for it… • Defendant’s attorney stated that he did not know anything about it and tried to stay out of the process! • During the hearing on motion for sanctions (of course) Defendant’s attorney said…
  • 41. James v. Nat’l Fin.LLC Case Background “I have to confess to this Court, I am not computer literate. I have not found presence in the cybernetic revolution. I need a secretary to help me turn on the computer. This was out of my bailiwick.”
  • 42. James v. Nat’l Fin.LLC Holding The Court had some thoughts about this: • Professed technological incompetence is not an excuse for discovery misconduct and went on to quote comment 8 to Rule 1.1 of Delaware’s Lawyer’s Rules of Professional Conduct with the language “including the benefits and risks associated with relevant technology.” • The Court ordered the Defendant to pay Plaintiff’s attorneys fees and costs related to this discovery dispute.
  • 43. Final Thoughts • While Texas does not have a specific Technology requirement for CLE, prioritize at least one CLE or Lecture concerning technology updates annually. • Refer to State Bar promulgated seminars concerning legislative updates and updates concerning e-discovery and new trends in technology in litigation. • Know what you don’t know… technology can outpace even the best of us!
  • 44. Privacy & Technology Questions? T. Hunter Lewis Duffee + Eitzen, LLP O: 214-419-9010 Hunter@D-ELaw.com
  • 45. The Judicial Perspective Hon. Emily Miskel, District Judge 470th Judicial District Court Collin County,Texas
  • 46. Privacy & Technology Questions? Hon. Emily Miskel District Judge 470th Judicial District Court Emily@EmilyMiskel.com