Today, security is top of mind for many in the legal profession. The EU’s GDPR, now one-year-old, certainly grabbed our attention and California’s similar CPPA, set to take effect early next year, has increased awareness. While the news has extensively covered major data breaches, it is easy for lawyers, law firms, in-house counsel, and their staffs to dismiss exposure to those occurrences because we typically do not collect large volumes of data in our day-to-day practices.
In his 3/8/17 article, “Rising cost of data breaches to $2.1 trillion by 2019…” Luke Irwin of IT Governance ominously wrote: “[W]e found an astounding figure of 3.1 billion records leaked in 2016, conservatively. We also discovered an infiltration of law firms’ email worth $4 million stolen [and] data breaches anticipated to be at 2.1 trillion by 2019, in less than 2 years from now.”
Despite some discernible progress in privacy protection since the European Union's General Data Protection Regulation (GDPR) was enacted one year ago, in America it’s practically non-existent. In a Microsoft blog post, Corporate VP & Deputy General Counsel, Julie Brill recounted the progress that has been made since GDPR’s adoption, concluding with a predictable call for further progress to be made in the year to come, including adoption of uniform federal legislation similar to the EU GDPR.
Misery loves company, you could say, but when you are the guardian at the gate, this may be company you don’t want to keep. In “Highlights of Verizon’s 2019 Data Breach Investigations Report,” Sharon Nelson, takes on and highlights Verizon’s most recent survey. In short, the news is not good for anyone in general, and professionals in particular.
The noted authority, Sharon D. Nelson, Esq., recently reported in her Ride the Lightning Blog: “Bank Sued Over Court Filing Containing Lawyers’ Personal Information,” a thorny bank litigation case that serves to highlight the critical importance of courts and litigators coming together to jointly adopt state-of-the-art infosecurity software and protocols.
In an article by Victoria Hudgins, writing for LegalTechNews.com, “Sink or Swim: Law Firms Need to Leverage, Understand Tech to Survive,” stated, “For law firms and their in-house partners to survive and thrive, differentiating services and analyzing big data will be key, while understanding and harnessing technology are the first big steps, according to a Wolters Kluwer survey.”
Reuters tech/biz writer, Jonathon Stempel, recently reported in “Yahoo strikes $117.5 million data breach settlement after earlier accord rejected,” that the settlement is the largest common fund class action settlement in data breach history. The implications of this settlement (revised from an early attempted settlement in hopes of being more palatable to federal district Judge Lucy Koh) are staggering.
Topics: Differentialsharing, compliance, riskmanagement, databreach, data breach, Yahoo breach, unsecured data, sensitive information, sensitive data, security, risk management, financial risk, Yahoobreach
In the Washington Post article, entitled “Millions of sensitive Facebook user records were left exposed on public web, security researchers say,” Post reporters Tony Romm and Elizabeth Dwoskin report that over a half billion Facebook records have been sitting exposed to any comers on an Amazon cloud-computing server. Cybersecurity implications – and lessons –keep spinning off from the social media giant’s privacy stumblings.
In the Washington Post article titled “FEMA ‘major privacy incident’ reveals data from 2.5 million disaster survivors,” reporters Joel Achenbach, William Wan, and Tony Room reveal a shocking security failure by the Federal Emergency Management Agency (FEMA). The failure included the unnecessary and unauthorized sharing of personal information, including banking details and home addresses, of disaster victims from the 2017 California wildfires and Hurricanes Harvey, Irma and Maria.