data breach, privacy and cyber insurance

One of the benefits from being a blogger and writer is opportunities to attend media events and look at products sooner than perhaps  others get to. One prime example of this is the Consumer Electronics Show that is going on this week. CES, as it likes to be called, is one of the biggest trade shows and occupies almost all of Las Vegas for the better part of a week. It boasts 4500 exhibitors and some 185,000 attendees. So it can be kind of daunting.

I’ve been coming now for several years and one reason I like it is that it’s outside the LegalTech realm. Different ways of thinking and talking about tech from legal that is refreshing and thought provoking.
Continue Reading

Last month I attended the annual New York Advisen Cyber Security Conference. The event which this year had over 900 attendees is frequented by insurance representatives, brokers, risk managers and, yes, a handful of lawyers, all of whom work in the cyber and cyber insurance space. Its probably the premier conference of its kind.

It’s funny. I’ve been attending this conference for about 5 years. When I first started coming, the conferance was all about sales, marketing and underwriting. I remember sitting at a table my first year having lunch with a handful of 20 something underwriters who were gushing over their new insurance product called cyber insurance. They trumpeted the freedoms the lack of forms provided and how they could even make up policy language as they went along. When I spoke up and said what about future claims, it was as if I was speaking in a foreign language: they were completely baffled.
Continue Reading

I listen to a lot of podcasts when, as in the past, I was driving to and from my law office: now, since my office is just a couple of steps down the hall from the kitchen and I have no commute, I listen while I am exercising. Some of my usual podcasts are good and some average but every now and then, I get one that really makes me see things in a new light and inspires me to do something. Such was the case with the most recent podcast of Dennis Kennedy and Tom Miguel on the Law Technology Today blog entitled Disruptive Innovation in a Law Practice.


Continue Reading

It’s fascinating to me how something designed to do one thing ends up solving an unrelated problem. Its well known that technology developed for one purpose frequently and ultimately serves different and altogether unexpected purposes and benefits: text-to-voice services come immediately to mind. These technologies were developed with those who are partially sighted in mind, but now have far broader applications, such as voice recognition technology like Siri and Amazon.
Continue Reading

I was looking forward to today at CES. The Acting Commish of the FTC, Maureen Ohlhausen, was to be interviewed by the CEO of CTA, Gary Shapiro. Three of the FCC Commissioners of the FCC, Brendan Carr, Mignon Clyburn and Michael O’Rielly were scheduled to participate in a roundtable moderated by Julie Kearney, VP of regulatory affairs for CTA.  Ajit Pai was supposed to be here but was a no show.

CTA is the largest consumer tech association. CES is one of the most well attended tech conference in the world. What’s the hottest topic in tech these days: the overturning of net neutrality. I thought at least we will get some insight on the pros and cons of this issue by those most directly involved in the decision. Wrong. Instead we got abbreviated wave to and acknowledgment of the issue and a recitation of slogans with little real explanation.
Continue Reading

Earlier this month, the 9th Circuit dealt online anonymous reviewing services a chilling blow when it decided United States v. Glassdoor. Faced with an online service which allowed people to post employer reviews for the benefit of others, the Court determined that those who posted on the service were like newspaper reporters and reverted to an analysis used for print media some 40 years ago.

Specifically, the Court ruled that the government could compel Glassdoor to reveal the identity of anonymous reviewers of employers by employees who posted on the site even if those who had posted didn’t consent. What this means for other online services that rely on similar anonymous posts could be significant. At the very least, use of outmoded legal concepts for new technological driven will be chilling and is unfortunate.

This means the government could compel Glassdoor to reveal the identity of anonymous reviewers of employers by employees who posted on the site even if those who had posted didn’t consent.

Background

The case started when the government served a subpoena on Glassdoor, an online forum where current and former employees can anonymously post reviews about the salaries and work environments of their places of employment. The subpoena asked for identifying information for more than one hundred accounts that had posted reviews of an employer whose contracting practices were apparently under criminal investigation by a federal grand jury. The investigation centered on alleged wire fraud by one of the companies that was under investigation by a Grand Jury.
Glassdoor refused to reveal its users’ identity to the Grand Jury citing among other things the First Amendment right of its users to speak anonymously.
Continue Reading

Fear of new technology sometimes creates strange legislative results and perhaps unintended consequences.

In 2008, Illinois passed the Biometric Information Privacy Act (BIPA), designed to protect employees and consumers against perceived abuses associated with the collection of bio metric data by businesses and providing a statutory cause of action for its violation.

Fearing how such technology might be used and worried about the privacy implications of how data might be used, (the Preamble actually provides “the full ramifications of biometric technology are not fully known”), the Illinois Legislature enacted a law requiring businesses planning to maintain any sort of databases of these identifiers enact policies to receive written authorization from customers or employees before scanning fingerprints, retinas or other biometric identifiers. It also requires businesses to share with those whose biometrics are being scanned information on how those identifiers would be stored and even disposed of.
Continue Reading

Under a new law recently proposed in Ohio, businesses that take steps to secure data could be protected from lawsuits if a hack occurs. The bill, Senate Bill 220, was the first bill to emerge from the Ohio attorney general’s office’s and its cyber-security task force of business leaders, information technology experts, and law enforcement created in the wake of high-profile hacks of consumer information. The bill is an effort to help businesses with cyber related claims, encourage them to be proactive and recognize the difficulty in creating standards for constantly evolving technologies. It’s a valid effort to balance law and technology.

According to Ohio Attorney General Mike DeWine, a member of the task force, “Those business that take reasonable precautions and meet these important standards will be afforded a safe harbor against claims should a data breach occur…To trigger the safe harbor provision, businesses must create their own cyber-security programs that meet certain standards.”
Continue Reading

“No stop signs, speed limit
Nobody’s gonna slow me down
Like a wheel, gonna spin it
Nobody’s gonna mess me around”
AC/DC

This blog is directed toward examining the tensions that arise as technology runs square into the law and the practice of law. Often the fit between the two doesn’t exist, or isn’t great mainly because the law looks backward and cant see solutions to problems that didn’t exist before. And sometimes the opposite occurs: we try to change the law to attack a new kind of problem and in doing so create a whole host of unintended consequences.

One glaring example is the ACDC Act which was proposed earlier this year by Rep. Tom Graves of Georgia.
Continue Reading

Smart Home Exhibit @ The Museum of Science and Industry

We have all heard about smart homes and the nirvana they may create. But we hear little about the risks, exposure and liability smart homes may pose. These risks stem from the fact that the standards governing smart home devices and the Internet of Things (IoT) simply don’t yet exist. And to the extent any do, they are not necessarily consistent and the law is not well developed. Nor has it addressed many of the issues raised by the new technologies. So we have a bunch of new devices that are popular, that carry some risks with few standards or laws governing them. Sound like a recipe for litigation?
Continue Reading