“Your organization is and will be compromised by insiders…”
Author: Steve Sheinberg
Proactive Privacy
Employment lawyers should look beyond mere compliance with privacy regulation and engage in what I call “Proactive Privacy.”
Proactive Privacy is creating a privacy-aware corporate culture that educates all employees about privacy (and cybersecurity) and motivates them to be a part of that culture. In short, it extends your privacy demands beyond the punitive and into the normative. (Of course, clear policies and expectations remain critical!).
2015 ABA National Symposium on Technology and Employment Law
I was just at the 2015 ABA National Symposium on Technology and Employment Law and had the privilege of participating in a panel about big bata and bias in employment law. The conference was really, hour for hour, two of the most valuable days of my legal career.
Continue reading “2015 ABA National Symposium on Technology and Employment Law”
7 Network Security Essentials
What things would you do today to secure your network? The answers are myriad, but I would suggest these seven things:
EEOC, Big Data and Disparate Impact: Barking up the Wrong Tree
It has been widely reported that EEOC Assistant Legal Counsel Carol Miaskoff, when addressing a conference on big data, shared her belief that employers should be concerned with the disparate impact of their employment-related data mining and analysis.
I am not convinced that she is right. I don’t think disparate impact will be the theory on which plaintiffs successfully attack big data in employment — I think it will be on a theory of intentional discrimination through proof of a discriminatory “pattern and practice.”
Continue reading “EEOC, Big Data and Disparate Impact: Barking up the Wrong Tree”
8 Cyber Risk Assessment Frameworks
Understanding how to assess cyber risk is essential for a lawyer leading or participating in an enterprise-level cyber risk management team. One or more of these eight analytical frameworks should help.
What the Lenovo Malware Debacle Means
As has been widely reported, Lenovo had shipped consumer laptops with software on it that made it vulnerable to a so-called man-in-the-middle attack, namely, the software intercepted inbound web data, decrypted it, inserted advertising, recoded it, issued a new security certificate (based on a pre-installed “root” certificate) and then sent it along to the browser which accepted the data as trusted. It works with outbound data, too. Equally bad, because the makers of the malware were sloppy (and why wouldn’t they be?) they used the same certificate on many machines, used a weakly encrypted certificate and used a password that was easily guessable (not cracked, guessed). This created ready-made entrance for other attackers to insert themselves as a person-in-the-middle and compromise every transaction.
The upshot? The user of an infected machine can have zero confidence that the websites they go to (banks, corporate, etc) are real. Security experts warn that no web-based transaction from an infected machine can be deemed to be secure.
Do Data Breaches Hurt? Future Injuries in Data Breach Litigation
Protecting a company from data breach lawsuits may get substantially harder.
Once hit by a data breach, companies face suit from consumers and employees who have had personally identifiable information compromised. A relatively new line of cases has made life very difficult for these plaintiffs by holding that increased risk of identity theft is not sufficient grounds for a lawsuit. However, some holdout courts may just have it right.
Understanding this requires a deep dive into the world of standing to sue.
Continue reading “Do Data Breaches Hurt? Future Injuries in Data Breach Litigation”
Lessons from the Anthem Breach
The Anthem breach reported late last week provides a number of insights:
- While Anthem’s transmissions were encrypted, their stored data was not. It is worth examining whether the efficiencies gleaned from non-encrypted storage are outweighed by the costs of breach recovery, notification and damage to reputation.
{workplace_tech_law} 