Privacy Plus+ News
Stay informed with our latest insights on privacy and technology trends, along with key updates from our firm.
In the Dark: Understanding the Implications of “Shadow AI.”
This week, let’s consider the growing trend of “Shadow AI,” which refers to the unsanctioned use of AI tools or systems within an organization, often without the knowledge of the organization and outside of the organization’s governance framework.
“Public Insecurity:” The Special Vulnerability of Public Facilities
This week, let’s focus on the ransomware attacks on state and local governments and consider some risk-reducing cybersecurity measures.
Stop Selling Data: Avast's Strategy Stymied by the FTC
This week, let’s consider the Federal Trade Commission’s recent settlement with Avast, which, among other things, contains a $16.5 million penalty and bans Avast from selling web browsing data for advertising purposes
Could the SEC's Fraud Charges Against SolarWinds and its CISO Reshape Cybersecurity Oversight?
This week, we're taking a close look at and considering the implications of the recent lawsuit filed by the SEC against SolarWinds Corporation and its Chief Information Security Officer, which claims that they committed fraud and neglected to maintain adequate internal controls in their cybersecurity practices.
SEC Seeks Disgorgement from Virtu for Misleading Statements on Customer Data Protection
This week, let’s highlight the SEC’s recent civil action against Virtu Americas and its parent company, Virtu Financial, seeking disgorgement for misleading statements about data protection.
SEC Adopts New Cybersecurity Disclosure Rules for Public Companies
This week, let’s address the SEC’s recently adopted rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies. We’ll look at the mechanics, summarize the changes, highlight effective dates, and offer some thoughts.
E.U. and U.S. Have Agreed to A New Data Privacy Framework - What’s Old is New Again
This week, let’s look at the new self-certification procedure in the Data Privacy Framework facilitating the transfer of personal data from the European Union to the United States.
Top 5 Questions for Directors Re: Cyber Governance
This week, let’s focus on effective cyber governance by the board of directors, and propose some questions that every director should ask to protect themselves and their organizations from cyber risk and personal liability.
Top 5 Questions Every CISO Should Ask
This week, let’s consider some questions that every Chief Information Security Officer should ask to protect themselves and their organizations from cyber risk and personal liability.
SolarWinds Executives May Face Personal Liability as SEC Issues Wells Notices
This week, executive cyber-liability issues continue to emerge, and here, we’re covering the related latest news in connection with the SolarWinds hack.
Cybersecurity Whistleblowers
This week, let’s highlight the recent uptick in cybersecurity whistleblowers, including those from the Dallas Independent School District and Twitter, and consider how to deal with cybersecurity whistleblower complaints.
HM in DBA Headnotes Discussing Uber CSO’s Criminal Conviction
Was Uber’s Chief Security Officer a villain or a scapegoat? And how should companies respond to the news of his criminal conviction? HM attorneys discuss in this month’s Headnotes for the Dallas Bar Association.
European Data Protection Authorities Set Sites on Microsoft 365
This week, let’s consider European DPAs published privacy concerns about Microsoft 365, and related risks associated with workforce productivity suites.
Cyber Liability for Directors and Officers
This week, let’s catch up on cyber liability issues — from Drizly to Uber to SolarWinds — officers and directors should be tuning in and turning their attention to cyber and privacy corporate governance and D&O insurance.
FTC takes Action Against Drizly and its CEO: Will Protecting Data Become a Priority for CEOs?
The FTC wants to send a very clear message to CEOs: Protecting Americans’ data is not discretionary. It must be a priority. For Drizly’s CEO’s privacy and data security have become an albatross for him to carry to his future businesses under latest FTC proposed consent order.
Cross-Border Data Transfer Update – New Trans-Atlantic Data Privacy Framework and UK’s International Data Transfer Agreement
This week, let’s consider the “agreement in principle” for the new U.S.-E.U Trans-Atlantic Data Privacy Framework and the UK’s International Data Transfer Agreement.