Seyfarth Synopsis:  On May 12, 2021, President Joe Biden issued a very broad, 34 page “Executive Order on Improving the Nation’s Cybersecurity.” The Executive Order, or “EO”, can be found here. This order comes six months after the notorious SolarWinds attack, and mere weeks after other high-profile attacks have invaded our networks, and shut

In this unprecedented time, businesses are, more than ever, implementing and rapidly rolling out programs for remote or at-home work by employees. The quick changes in local and state governmental “shelter in place” instructions and Public Heath directives have placed significant strains on remote networks and caused local shortages of laptop computers at office supply and electronic stores across the country.

With this unexpected increase in remote workers, many companies are pushing the limits of their existing remote access technology, or deploying ad hoc technology and access solutions as quickly as possible. Some of those companies are not taking the time to consider potential information security, privacy, and other compliance ramifications for those same remote workers.

It is entirely appropriate and necessary for companies to adapt their technology and work networks are utilized to the greatest degree possible to remain in operation and serve business and customer needs. But as always, data security and privacy should always be part of the equation.

Below are some essential things to know about the security risks posed by remote or at-home worker, and a Technical Checklist for Remote employees to make sure your corporate data is safe, and you do not risk compliance challenges with data privacy law and requirements.
Continue Reading Cybersecurity, Data Privacy, and Compliance Issues Related to Remote Workers

Seyfarth Shaw Offers Data Privacy & Protection in the EU-U.S. Desktop Guide and On-Demand Webinar Series

On May 25, 2018, the EU General Data Protection Regulation (“GDPR”) will impose significant new obligations on all U.S. companies that handle personal data of any EU individual. U.S. companies can be fined up to €20 million or 4%

Cross-posted from Carpe Datum Law

On May 25, 2018, the EU General Data Protection Regulation (“GDPR”) will impose significant new obligations on all U.S. companies that handle personal data of any EU individual. U.S. companies can be fined up to €20 million or 4% of their global annual revenue for the most egregious violations. What does the future passage of GDPR mean for your business?

Our experienced eDiscovery and Information Governance (eDIG) and Global Privacy and Security (GPS) practitioners will present a series of four 1-hour webinars in August through October of 2017. The presenters will provide a high-level discussion on risk assessment tools and remediation strategies to help prepare and reduce the cost of EU GDPR compliance.
Continue Reading Is your organization ready for the new EU General Data Protection Regulation?

Cross Posted from California Peculiarities Employment Law Blog

Hernandez v. Sprouts Farmers Market, Inc., a case stemming from a phishing scam, emphasizes the need for California employers to implement comprehensive data protection and data breach notification policies and practices for personal employee information under the CDPA.

A story of a company suffering a data breach tops newspaper headlines almost daily. So how can you stay out of the “fuego,” and stay compliant with California laws about your employees’ and customers’ data?

California’s Data Protection Act—“Army Of One”

In 2003 California passed the nation’s first data breach notification statute: the CDPA. Since then, over 30 states have enacted similar statutes, but California remains the national leader in privacy and data security standards.

The CDPA mandates that any business that “owns or licenses personal information about a California resident shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure.” And it requires a company to notify affected individuals of a data breach “in the most expedient time possible and without unreasonable delay.”
Continue Reading Phishing: Data Breach Is “Chalkdust Torture”

A company faced with a security breach has a lengthy “to do” list, things to accomplish with respect to its incident response plan. It must, among other things, determine the root cause of the vulnerability or breach, investigate and eliminate the vulnerability or breach, determine the full nature and extent of the breach, determine who to notify and finalize the notifications.

If the American Postal Workers Union (APWU) has its way, a unionized employer facing a security breach involving employee personal information would have yet another responsibility – bargaining over the impact of or response to the security breach.
Continue Reading Union Files NLRB Complaint Regarding the USPS’ Handling of Security Breach Involving Employee Personal Information