Privacy Plus+ News
Stay informed with our latest insights on privacy and technology trends, along with key updates from our firm.
Unprecedented Cyber Espionage and its Effect on Supply Chain Risk
This week, let’s examine recent reports about cyber espionage targeting the United States and other Western nations.
In the Dark: Understanding the Implications of “Shadow AI.”
This week, let’s consider the growing trend of “Shadow AI,” which refers to the unsanctioned use of AI tools or systems within an organization, often without the knowledge of the organization and outside of the organization’s governance framework.
How do you “Own” Data?
This week, let’s consider what “owning data” actually means — hint: It’s not what you may think.
Top 5 Questions for Directors Re: Cyber Governance
This week, let’s focus on effective cyber governance by the board of directors, and propose some questions that every director should ask to protect themselves and their organizations from cyber risk and personal liability.
Top 5 Questions Every CISO Should Ask
This week, let’s consider some questions that every Chief Information Security Officer should ask to protect themselves and their organizations from cyber risk and personal liability.
SolarWinds Executives May Face Personal Liability as SEC Issues Wells Notices
This week, executive cyber-liability issues continue to emerge, and here, we’re covering the related latest news in connection with the SolarWinds hack.
FTC Charges Genetic Testing Company 1Health.io with Privacy and Security Failures
This week, let’s consider the case against 1Health.io. It’s the latest FTC privacy enforcement action, and it is the first case focused on the privacy and security of genetic information.
Texas Data Privacy and Security Act
The Texas Data and Privacy Security Act is the latest comprehensive state privacy bill to be signed into law. Here, we’re summarizing it.
When Atlas Shrugs – FTC Faults Amazon for Alexa and Ring
This week, let’s highlight the latest privacy enforcement actions by the Federal Trade Commission — two cases against Amazon; and also discuss the developing trend of holding company executives directly responsible for data protection.
Royal Ransomware Strikes Dallas – What Can be Learned?
When a library website goes down, it should not also disable police services. Let’s reflect on what we can learned from the Royal ransomware attack on the City of Dallas.
Five Eyes Issues Guidance for the Deployment of “Smart City” Technologies
This week, let’s review the new “smart city” cybersecurity guidance issued by the Five Eyes intelligence alliance, and offer some perspective accrued over time as long as this guidance is overdue.
Cybersecurity Whistleblowers
This week, let’s highlight the recent uptick in cybersecurity whistleblowers, including those from the Dallas Independent School District and Twitter, and consider how to deal with cybersecurity whistleblower complaints.
SEC Proposes New Rule on Safeguarding Client Assets
This week, let’s consider the SEC’s release of a Proposed Rule regarding Safeguarding Advisory Client Assets, which specifically addresses a standard of care for security and cybersecurity related to custodial crypto assets.
Managing AI Risk: NIST Framework and ISO Guidance Announced
This week, let’s highlight the new risk management framework and guidance respectively published by NIST and ISO.
“It’s Turtles All the Way Down” - FTC Focuses on AWS Security
This week, let’s look at a recent FTC Consent Order, then consider what lessons can be drawn about using AWS. We’ll also explain how IT infrastructure fits the turtle metaphor featured in the title of this post.
HM in DBA Headnotes Discussing Uber CSO’s Criminal Conviction
Was Uber’s Chief Security Officer a villain or a scapegoat? And how should companies respond to the news of his criminal conviction? HM attorneys discuss in this month’s Headnotes for the Dallas Bar Association.
European Data Protection Authorities Set Sites on Microsoft 365
This week, let’s consider European DPAs published privacy concerns about Microsoft 365, and related risks associated with workforce productivity suites.
The Care and Handling of CEII
This week, let’s consider Controlled Unclassified Information, and how one example of it—Critical energy/electric infrastructure information—is regulated in the energy industry.
Predicting the Future of Privacy Law into 2023
This week, let’s look ahead toward the State of Privacy in 2023. With the New Year little more than 100 days away, what should we expect?
Prepping for Cyber-Attacks
As the risk of cyber-attacks escalate, let’s consider some resources and news that can help you and your organization reduce the risk of compromise and otherwise enhance your cyber posture.