Privacy Plus+ News
Stay informed with our latest insights on privacy and technology trends, along with key updates from our firm.
Could the SEC's Fraud Charges Against SolarWinds and its CISO Reshape Cybersecurity Oversight?
This week, we're taking a close look at and considering the implications of the recent lawsuit filed by the SEC against SolarWinds Corporation and its Chief Information Security Officer, which claims that they committed fraud and neglected to maintain adequate internal controls in their cybersecurity practices.
Amazon’s Antitrust Suit Paradox
This week, let’s examine the paradox as the FTC and 17 states slam Amazon with a colossal antitrust lawsuit, accusing it of crushing competition and dictating market play.
SEC Seeks Disgorgement from Virtu for Misleading Statements on Customer Data Protection
This week, let’s highlight the SEC’s recent civil action against Virtu Americas and its parent company, Virtu Financial, seeking disgorgement for misleading statements about data protection.
SEC Adopts New Cybersecurity Disclosure Rules for Public Companies
This week, let’s address the SEC’s recently adopted rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies. We’ll look at the mechanics, summarize the changes, highlight effective dates, and offer some thoughts.
“Data Provenance”: Navigating Ownership, Authenticity, and Rights in the Digital Age
This week, let’s examine “Data Provenance,” a concept that involves tracing the lineage of data — its origins, transformations, and ownership. We’ll also propose a new specialized application for “Data Provenance:” regulating the privacy of personal data.
E.U. and U.S. Have Agreed to A New Data Privacy Framework - What’s Old is New Again
This week, let’s look at the new self-certification procedure in the Data Privacy Framework facilitating the transfer of personal data from the European Union to the United States.
Top 5 Questions for Directors Re: Cyber Governance
This week, let’s focus on effective cyber governance by the board of directors, and propose some questions that every director should ask to protect themselves and their organizations from cyber risk and personal liability.
Top 5 Questions Every CISO Should Ask
This week, let’s consider some questions that every Chief Information Security Officer should ask to protect themselves and their organizations from cyber risk and personal liability.
The Escalating Battle Against Disinformation in a Digitally-Driven World
This week, we'll dissect the debates surrounding disinformation, which is poised to become even more prevalent as AI is used to fabricate counterfeit images, videos, and audio.
When Atlas Shrugs – FTC Faults Amazon for Alexa and Ring
This week, let’s highlight the latest privacy enforcement actions by the Federal Trade Commission — two cases against Amazon; and also discuss the developing trend of holding company executives directly responsible for data protection.
Five Eyes Issues Guidance for the Deployment of “Smart City” Technologies
This week, let’s review the new “smart city” cybersecurity guidance issued by the Five Eyes intelligence alliance, and offer some perspective accrued over time as long as this guidance is overdue.
All the Talk About Chat-GPT
This week, let’s talk about Chat-GPT as Italy’s Data Protection Authority blocks it and Elon Musk and others call for freeze amidst warnings related to privacy and the existential risk posed by too-powerful AI.
Cybersecurity Whistleblowers
This week, let’s highlight the recent uptick in cybersecurity whistleblowers, including those from the Dallas Independent School District and Twitter, and consider how to deal with cybersecurity whistleblower complaints.
Managing AI Risk: NIST Framework and ISO Guidance Announced
This week, let’s highlight the new risk management framework and guidance respectively published by NIST and ISO.
Bad Privacy Practices at GoodRx?
This week, let’s look at a new Consent Decree required by FTC and consider its prohibition of disclosure of health information for advertising purposes, along with the FTC’s expanding privacy enforcement and continued rumblings inside the Commission.
“It’s Turtles All the Way Down” - FTC Focuses on AWS Security
This week, let’s look at a recent FTC Consent Order, then consider what lessons can be drawn about using AWS. We’ll also explain how IT infrastructure fits the turtle metaphor featured in the title of this post.
European Data Protection Authorities Set Sites on Microsoft 365
This week, let’s consider European DPAs published privacy concerns about Microsoft 365, and related risks associated with workforce productivity suites.
Cyber Liability for Directors and Officers
This week, let’s catch up on cyber liability issues — from Drizly to Uber to SolarWinds — officers and directors should be tuning in and turning their attention to cyber and privacy corporate governance and D&O insurance.
FTC takes Action Against Drizly and its CEO: Will Protecting Data Become a Priority for CEOs?
The FTC wants to send a very clear message to CEOs: Protecting Americans’ data is not discretionary. It must be a priority. For Drizly’s CEO’s privacy and data security have become an albatross for him to carry to his future businesses under latest FTC proposed consent order.
Free Privacy Training Re: GDPR and More
This week, let’s highlight a free resource that may be helpful to any business subject to the GDPR’s requirements.