The Canadian government issued this document to provide guidance to private sector organizations, both small and large, when a privacy breach occurs. Organizations should take preventative steps prior to a breach occurring by having reasonable policies and procedural safeguards in place, and conducting necessary training. This guideline is intended to help organizations take the appropriate steps in the event of a privacy breach and to provide guidance in assessing whether notification to affected individuals is required. Not all steps may be necessary, or some steps may be combined.
Lessons learned from devising programs to reduce products liability can point the way to creating effective information security policies.
This article explains and demystifies cybersecurity for senior management and directors by identifying the steps global companies must take to address, mitigate, and respond to the risks associated with data security.
This short article presents key issues companies in the US should consider regarding data breaches, wearables/employees Tracking, privacy, information security, human capital analytics, vendor management, mobile workforce (Bring Your Own Device), and the US Telephone Consumer Protection Act (TCPA),
This note provides a very brief description of user-friendly guidance provided by US federal agencies on compliance with data privacy laws.
Discuss provisions in cloud computing agreements that address sensitive issues, such as data ownership and protection, privacy and intellectual property. Obtain tips on negotiating liabilities and risks in cloud computing contracts — what provisions SaaS providers commonly include in agreements, provisions large customers typically request, which are negotiable and how to mitigate the impact of terms you cannot change.
Because financial industry databases are goldmines for hackers, the financial sector faces greater threats and higher regulatory demands and consequences than other industries. This interactive session will equip in-house counsel with the practical guidance and tools they need to respond when the inevitable happens. Attendees will work through a breach scenario and walk away from the program with a step-by-step outline of what to do when the data breach occurs (i.e., who to notify, remedial steps to take, etc.). Discuss best practices for information sharing, notification protocols and responding to the media. Explore the questions that should be considered before notifying the board and notifying the appropriate government agencies.
Discuss how and why regulators, such as the CFPB and the SEC, are mining big data, and how this trend can impact the financial industry. Learn what laws currently govern and impact big data, and what pitfalls to avoid when advising the business and making big data-related decisions. Understand what it means to be a "data broker” (for businesses that sell or analyze big data). Receive a checklist for essential big data policies, procedures and guidelines. Discuss the growing number of internet-connected wearables and industrial sensors, the questions they raise about data privacy, and the security of parties who aggregate, share, sell or rely upon this information.
This QuickCounsel examines the key provisions of the proposed GDPR and identifies some of the more relevant obligations which in-house counsel will need to consider under the new regime.
This Top Ten addreses organisations looking to take up cyber insurance as part of a broader cyber security strategy, and some key issues for in-house lawyers to bear in mind.