September 1, 2015

Data Breach Lawsuit Highlights: Standing & the Fading Impact of Clapper

While news broke on August 18th of Ashley Madison’s stolen data being released via the dark web, Target was penning the final strokes on a $67 million settlement agreement with Visa stemming from its 2013 largely-publicized data breach[1]. This bookend series of events on a single day from two divergent companies highlights the life cycle of a data breach, from discovery, to announcement, to resulting lawsuits. What I find worth watching in this cycle is the recent evolution of consumer plaintiff standing in class action lawsuits, because of the potential costly implications for corporations.
August 21, 2015

Getting to Know Your ESI: Early data mapping efforts pay dividends – Part 2

Many organizations struggle with how to get started with a data map, and how to use one that they have. Some basic steps are outlined below, though your project may not follow these exactly. The scope of your project will depend on how complex your organization’s IT is, your resources, and timing; creating and using a data map pre-litigation is going to be different than when you are responding to discovery. It is important to remember that data maps may be developed incrementally, such as by focusing on certain departments or systems before attempting to data map everything.
August 4, 2015

To BYOD or not to BYOD? Pros and Cons of a BYOD Program

Does your company have a written policy regarding whether employees may “bring your own device” (BOYD) for work? If not, you need one. At a minimum, your company policy should clearly state whether employee-owned devices may be used in the workplace or to access company data, and if so, in what circumstances. If your company has not already determined what the policy should be, there are risks and benefits of allowing BYOD that you will have to weigh. Two options for employees to use mobile devices for work include “Bring Your Own Device,” in which an employee purchases a device and uses it for work, and “Corporate-Owned, Personally Enabled” devices, or COPE, , involves issuing company-owned devices to employees. Each program has benefits and risks and you will need to determine what program fits best within your corporate culture.
July 14, 2015

The Changing Threat Posed by Recent Cyber Attacks

The last 18 months have been a bonanza for cyber criminals. In January, 2014 Target announced that personal information had been stolen from over 110 million accounts; over 83 million accounts at JP Morgan were hacked in August and in September Home Depot acknowledged that 56 million customer accounts were accessed when its payment system was breached. Other well known companies were victimized as well: Neiman Marcus, Yahoo! Mail and even PF Chang’s China Bistro all reported major breaches involving customer data. Just before the start of the 2014 Thanksgiving holiday, news reports began to emerge about a potentially significant data breach at Sony Pictures.
April 23, 2015

The Data Dump: what to do when you’ve received too much data?-Part 1

SCENARIO 1: YOU ARE LOOKING FOR SPECIFIC DOCUMENTS
Have you ever been overwhelmed by a document dump? If your adversary “dumps” a large amount of data on you, with little regard for relevance or organization, how do you deal with it? Years ago, you would have sent associates to a warehouse where they would pour over pages of moldy and musty documents and return with a few hot documents in a few months. Now, the volumes produced make that nearly impossible and prohibitively costly.
X