The prospects for and the effect of a comprehensive federal data privacy act remain uncertain. There are no indications that any comprehensive federal data privacy act will be considered by Congress this year, and questions and debates remain around whether federal privacy law will preempt state legislation or whether it will function as a minimum
data privacy
Digital Transformation – Cybersecurity Lessons from Recent Lawsuits
Digital transformation,[1] the process of leveraging technology, people and processes to innovate, requires an “all-in, ongoing commitment to improvement.”[2] But the main drivers of digital transformation – data and profits – don’t always mesh seamlessly.
As shown by recent class actions filed against Blackbaud and Morgan Stanley, and a settlement with the New York Attorney General by Dunkin’ Brands, digital transformation has numerous cybersecurity issues that present legal obligations and potential liability.
Blackbaud
In May, Blackbaud, Inc., a company that provides cloud software services to thousands of non-profits including hospitals, suffered a ransomware attack.[3] In July, it began informing its users of the attack, many of whom used Blackbaud to process personal and sensitive information.
On August 12, the first of many lawsuits was filed against Blackbaud. Among the allegations in the lawsuit, Blackbaud is accused of failing to properly monitor its computer network and systems, failing to implement policies to secure communications, and failing to train employees.
The five years prior to the attack are telling. In that timeframe, Blackbaud underwent a digital transformation that involved acquiring numerous other software platforms including a predictive modeling platform, and a software provider focused solely on corporate giving.
Since the ransomware attack, Blackbaud has published cybersecurity improvements that support adherence to industry standards for incident management, employee training, systems and network testing, risk assessments, application security, encryption, and end-user authentication.[4]
Continue Reading Digital Transformation – Cybersecurity Lessons from Recent Lawsuits
The Senate Commerce Committee held a second hearing on consumer data privacy, this time with privacy advocates
This past Wednesday, the Senate Commerce Committee held another hearing on consumer data privacy, this time giving voice to prominent privacy advocates. Previous testimony in September from leading technology businesses focused on concerns with the complexity of having to comply with a patchwork of different state privacy regulations, broad definitions of “personal information” in the California Consumer Privacy Act (CCPA), and a desire to see Federal legislation enacted that would preempt state laws and create a single, unified US privacy law.
While a national privacy law would simplify compliance, in Wednesday’s hearing Nuala O’Connor, the President and CEO of the Center for Democracy & Technology, cautioned the committee that the “price of preemption would be very, very high”, and Laura Moy, Executive Director and Adjunct Professor of Law at the Georgetown Law Center on Privacy & Technology, laid out in her written testimony six strong recommendations that we should expect to see in any proposed national standard:
Continue Reading The Senate Commerce Committee held a second hearing on consumer data privacy, this time with privacy advocates