Technology Law Archives

Dan Mogin: Antitrust, Pro-Privacy Moves Led Outside U.S.

March 21st, 2019|Categories: Complex Business Litigation, HB Risk Notes, Technology Law|Tags: Antitrust, Compliance, Data Privacy, eCommerce, Social Media|

In a move that could redefine how 2.6 billion people use Facebook Messenger and Facebook’s acquired WhatsApp and Instagram apps, The New York Times reported on Jan. 25 that Facebook CEO Mark Zuckerberg plans to integrate the platforms. The announcement turned up the volume on antitrust and privacy warnings directed at the social media giant. “Facebook can be legitimately criticized for merging these apps after contrary assurances and perhaps for trying to dominate messaging,” MoginRubin Partner Dan Mogin said, “but perhaps more importantly, this is another example of the evolving convergence between antitrust and privacy that appears to be being driven by forces outside the US enforcement agencies. It’s a challenging issue for antitrust and may eventually lead to a sea change.” See the complete post on the MoginRubin Blog.

South Korea, EU Having ‘Adequacy’ Discussions

January 30th, 2019|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: Cybersecurity, Data Breach, Data Privacy, Information Technology Law, Legal Tech|

Because of its robust network connectedness, its advanced use of mobile devices and its rich collection of intellectual property, South Korea is a leading target for hackers. Discussions are under way between the EU and South Korea to determine, as a non-EU country, whether its data protections are adequate. Also, South Korea has joined the APEC Cross-Border Privacy Rules system. Significant caselaw is developing regarding this country’s 2011 data protection statute as well as its sector-specific laws. Daniel Solove and Paul Schwartz have selected Professor Haksoo Ko from the Law School at Seoul National University to speak at the International #PrivacySecurity Forum April 3-5, 2019. Ko will co-present to provide an up-to-date account of developments in South Korea and analyze the most important compliance hurdles. Learn more: http://bit.ly/IPSF-2019

Financial Institutions Struggle to Keep Up with ‘Changing Business Needs’ Such as Social Mobile Apps, and Getting Risk Data Quickly, Deloitte Report Suggests

January 27th, 2019|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: Compliance, Cybersecurity, Data Analytics, Data Breach, Data Privacy|

Deloitte's report is based on a survey of 94 financial institutions around the world that operate in a range of financial sectors and with aggregate assets of $29.1 trillion. Deloitte's Edward Hida -- financial risk community of practice global leader and a partner in Deloitte Risk and Financial Advisory -- posted his executive summary the latest Global Risk Management Survey which is the organization's eleventh. The report is a detailed one and Deloitte draws quite a few conclusions around the continued focus on cyber security, engagement of boards of directors, increase attention to non-financial risks, the potential of digital risk management, enterprise risk management, the proliferation of Chief Risk Officers, an increased reliance on stress testing and more. A couple figures jumped out at me which show at least two challenges to financial institutions. Hear this Deloitte professional at ICRMC in Toronto April 15-16! Respondents are finding "extremely challenging" the need to keep up with changing business operational needs, such as deployment of social mobile applications, data analytics and cloud-based risks. Also in the "extremely challenging" category, not surprisingly, are threats from "sophisticated actors," like foreign governments and crackerjack hacktivists. Other issues categorized as "extremely high priority "revolve around getting quality risk data quickly. Given the average length of time other studies show that a hacker can poke around in your network before [...]

Mitigating Operational Cyber Risk: As Business Technology Changes, So Does Your Risk Profile

December 6th, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: Artificial Intelligence (AI), Cybersecurity, Data Analytics, Data Breach, Data Privacy|

By Tom Hagy The various risks of doing business in our digitally connected world continue to evolve. So must the approach organizations take in confronting those risks, for failing to do so in the current risk landscape can be far more dangerous than in prior years. I spoke with Nick Galletto, Global Cyber Risk Leader at Deloitte, who traced the evolution of the dangers of doing business in a digitally connected world. Early on, our focus in the cyber risk management space was on how to protect websites from being defaced, he explained. Organizations had to make sure websites were functioning properly, that data was secure, and the integrity was maintained. Galletto went on to say that we’ve moved from an era of compliance and risk management to an era of complexity. From an organization’s perspective, their focus was on making sure the company was compliant with new and evolving regulations, and risk management meant having policies, procedures and effective controls in place. “While compliance is a necessity, it is not the silver bullet that’s going to protect us from any potential breaches," Galletto said. "So organizations must look at conducting their business in this connected world not merely from a compliance perspective but from a risk perspective. A clear example of this is the number of PCI-compliant companies that were still getting breached." “Now as organizations move into an era of complexity, they need to be proactive in detecting anomalies and suspicious behavior and be prepared so their teams have [...]

Aon SVP Belfiore on Corporate Cyber Risk

November 1st, 2018|Categories: HB Risk Notes, Insurance, Technology Law|Tags: Business Interruption, Cybersecurity, Data Breach, Data Privacy, Directors & Officers|

Cyber Risk of Paramount Concern to Corporate Boards Lack of History Remains a Challenge "Cyber security is the most polarizing issue on the corporate board agenda these days," says Anthony Belfiore, SVP and Chief Information Security Officer at Aon. "It has the most potential impact and the most regulatory pressure among all risks companies face. Nothing is more top of mind right now." "You just have to look at the amount of media coverage and the actual realized impacts companies are experiencing. Hundreds of thousands of businesses from big to small are being affected. The entire healthcare system in the UK went down. The impact is tangible. It’s affecting day-to-day operations," he says. “And no one is immune. Board members come from a diverse set of industries, and all are impacted." Why is cyber risk such a hot button for companies versus other types of risks? "The risk has become more urgent as it has shifted to actual business interruption," Belfiore says. "Historically companies were concerned with data leakage and loss, or regulatory fines, but now the actual operation itself can come to a halt. When a company goes down for three days that hits the media. Analysts notice. You can trace a specific event to a drop in stock values." Aren't fines still a concern? "Yes. We are operating in [...]

Cyber Risks Enter a New and Increasingly Vicious Phase

October 31st, 2018|Categories: Complex Business Litigation, HB Risk Notes, Technology Law|Tags: Business Interruption, Cybersecurity, Data Breach, Directors & Officers, Risk Management|

For anyone plotting the evolution of cyber risks, the last phase of cyber-attacks was dominated by breaches that resulted in lost or stolen personal or financial data that could then be monetized. The current phase is different. “We have observed a significant increase in the number of disruptive breaches that our clients are dealing with,” says Charles Carmakal, Vice President at Mandiant/FireEye. “These involve destruction, extortion, or public shaming.” How are organizations dealing with this shift? “It’s catching many organizations off guard. Most don’t have a playbook for dealing with extortion,” Carmakal says. “While they may have thought about a ransomware situation, that’s different from the more common type of extortion we are seeing these days, where a threat actor threatens C-level executives or corporate board members with the release of sensitive information.” “Many organizations assume the default is they wouldn’t give into the demands, but when in the middle of a crisis too often the decision is made to pay the threat actors,” he says. “So it’s important to consider what your organization will do in this situation. For example, who will be involved in the decision-making process? Organizations should play out an extortion scenario so they have a plan when faced with real demands.” How can organizations better test the efficacy of their security capabilities? Many organizations conduct penetration [...]

Kenneth Jones of Tanenbaum Keale on Law Firm Tech Development Capabilities

October 16th, 2018|Categories: Corporate Compliance, HB Risk Notes, HB Tort Notes, Technology Law|Tags: Compliance, Cybersecurity, Law Practice Technology, Legal Tech|

Should Law Firms Should be Able to Develop Custom Technologies? Here is #10 of Jones' Top-10 List. #10. Security. The cloud is great, and generally speaking, companies in this space operate systems in a highly professional manner. However, occasionally one encounters special business needs which call for extensive “above and beyond” levels of security. This could be times a firm is storing financial information, medical records, or other data they wish to absolutely, positively protect. In these situations — under the theory that “no one does things better than I do” —it’s nice to have the option to build super-secure systems with features such as encrypted data within database tables, and to manage the systems with a very small number of highly trusted professionals specifically known by the law firm. Read more of the article posted by Thomson Reuters. Kenneth Jones oversees various aspects of technology at Tanenbaum Keale LLP in the role of Chief Technologist. He leads efforts to support TK’s computing environment and infrastructure, one that features a strategy of professionally protecting and processing client data in the cloud with highly skilled and respected leading-edge business partners in the technology space. Ken also helps lead and support various TK programs in the areas of security, compliance, business continuity and firm administration. Learn more.

Protecting Intangible Assets: Risk Transfer Market Yet to Catch Up

October 12th, 2018|Categories: HB Risk Notes, Insurance, Intellectual Property, Technology Law|Tags: Cybersecurity, Data Analytics, Data Breach, Data Privacy|

Intrinsically Intangible. by Giles Harlow, Senior Vice President, Aon (Bermuda) Ltd. In the early 1980's, tangible assets made up around 80% of the value of the S&P 500. Fast forward to today and nearly 85% of the value of the S&P 500 is attributable to intangible assets. However, the risk transfer market has not caught up. According to the Aon/Ponemon report of last year, whilst around 60% of tangible assets (property, plant and equipment) are currently being insured, only 12% of informational assets are. So what gives? If the vast majority of companies' values in 2018 are attributable to intangibles, why are they not transferring those risks? Is it a lack of education on the client side? A lack of innovation in the brokerage community? A lack of understanding or willingness to accept these new risks on the carrier end? Or is it that whilst the marine and property markets have had centuries to evolve, the newer intangible insurance markets are just gearing up to size as they collate the data they need to properly price and model these risks? Likely, it is some combination of all of these factors. We have seen great strides in the cyber market, with double-digit premium growth over the last four-to-five years. The market has evolved from being focused on large data holders, to providing [...]

Financial Services Cyber Risk Information Sharing

September 26th, 2018|Categories: HB Risk Notes, Insurance, Technology Law|Tags: Cybersecurity, Data Breach, Data Privacy, Insurance Claims Recovery, Risk Management|

Why We Need to be More Like Apes, Less Like Seagulls By Tom Hagy Featuring Craigg Ballance, Director of Canadian Member Services, FS-ISAC Even before we can walk we are encouraged to share. We’re told to share our things even when we barely have any. Even some wild animals share food and resources – even when those resources are scarce. Some creatures are better at it than others, of course. Apes and lions? Absolutely. Seagulls? All you have to do next time you’re on the beach is toss what’s left of your ham sandwich into the air and see how generous gulls are. People fall into sharing -- and not-fond-of-sharing -- groups, too. Sharing is particularly critical in the financial sector where, while privacy and security regulations command a tight lid on data, global financial institutions are successfully sharing data about cyber risk, says Craigg Ballance, Director of Canadian Member Services for FS-ISAC in Toronto. But, he says, sharing has to take place across a broad landscape. “Information analysis sharing has to cut across the various subsets of the financial sector,” says Ballance. “While banks share local data, they are trying more and more to share globally, but,” he says, “banks need to share with other institutions, like insurers, investment funds, pension funds, and other types of financial institutions, for this [...]

Blockchain: Power to the People

August 28th, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: Cybersecurity, Privacy|

Dan Solove, co-founder of the Privacy+Security Forum and professor at GW Law School, just posted an interview with Steve Shillingford, Founder and CEO of Anonyome Labs, a consumer privacy software company. Below is part of just one exchange in the interview. SOLOVE: The Internet has made so many things possible that we couldn’t do in an analog world. Yet, in some ways, the online world seems to lack the capabilities of the offline world. In the offline world, it is much easier to have anonymous transactions. This becomes much more challenging online. How can the online world be made more like the offline world in this regard? SHILLINGFORD: Blockchain technology shifts the balance of power back to people—to individuals—and away from tech giants, governments and data miners. It allows you to transact on your terms, just as you do offline. And it’s not just limited to financial transactions. Put anything on the blockchain you want. The blockchain gives a person the ability to publish only the information THEY decide to divulge. Nothing more, nothing less. And no more hidden agendas, no selling personal data without your consent, no worries about privacy. Just like the analogue world, you decide the context, the content, and duration of the information you provide…not the big guys. It can really be that easy. Read the complete interview. See the latest faculty and agenda updates for the Privacy+Security [...]

Oracle Health Sciences on Pharmacovigilance and Artificial Intelligence

August 22nd, 2018|Categories: Complex Business Litigation, HB Risk Notes, HB Tort Notes, Technology Law|Tags: Artificial Intelligence (AI), Biotechnology, Data Analytics, Data Privacy, Life Sciences|

"The potential to use artificial intelligence methods increasingly for the analysis of the increasing amounts of pharmacovigilance data is well understood and many companies are moving (or planning to move) there, and we can predict that routine tasks in pharmacovigilance will in the future be increasingly automated. It will be crucial, however, for regulatory authorities to very clearly provide a position about the use of AI as well as the acceptable level of quality from AI applications. But in parallel with the shaping of those definitions, given the massive increase in their AE case workloads that most companies are currently experiencing, the industry will out of necessity proceed swiftly with the adoption of AI and cloud technologies to reduce their costs and increase their efficiencies. "Like other industries, the pharmaceutical business and in particular the pharmacovigilance field will see a massive change in their processes in the near future, away from tedious, repetitive manual tasks towards a better utilization of scarce resources, in particular medical and scientific knowledge, for value-adding tasks. It is imperative for all stakeholders – industry, service providers and regulators – to provide an environment in which such a transformation can take place without ever compromising public health or the safety of the individual patient, and ideally providing additional benefit for patients." A quote from Addressing the Data [...]

Artificial Intelligence in the Drug and Device Industries

August 9th, 2018|Categories: Complex Business Litigation, HB Tort Notes, Technology Law|Tags: Artificial Intelligence (AI), Data Analytics, Emerging Litigation & Risk, Healthcare, Life Sciences|

Are Data Divers and Miners Going to Lead Innovation? The big tech companies are into it. Apple, IBM and Google. Roche is into it. Medtronic, as well. Artificial intelligence has been a big part of innovation in the healthcare space for several years, and its impact is only going to get bigger. "Artificial intelligence-based healthcare technologies have contributed to improved drug discoveries, tumor identification, diagnosis, risk assessments, electronic health records (EHR), and mental health tools, among others," writes Blank Rome attorney Brian Higgins in his Artificial Intelligence and the Law Blog (it's excellent, by the way). [1] Daniel Faggella of TechEmergence.com writes that machine learning healthcare applications are getting a lot of attention in the press and from the investment community. He adds to the list of machine learning's impact things like treatment queries and suggestions, and even robotic surgery. But optimism for AI's application to drug discovery seems greater than that inspired by other healthcare sectors. One reason for that, Faggella writes, is that compared to other segments where various laws and stakeholder incentives may not align, "drug discovery stands out as a relatively straightforward economic value for machine learning healthcare application creators." He adds that this application also involves "one relatively clear customer who happens to generally have deep pockets: drug companies." [2] Also writing for TechEmergence.com, Kumba Sennaa says [...]