Law of Data Security and Investigations

Law of Data Security and Investigations

In these videos, KirkpatrickPrice partnered with attorney Benjamin Wright to create a series on information security and digital investigation topics. Cyber insurance, NDAs, employee awareness, consumer risk, incident response – we cover a variety of topics in this series! Security, legal, and investigative professionals can expect to learn how to manage the risks and the expectations that apply in law and ethics around information security and digital investigations.

Featured Episode:

Understanding Gramm Leach Bliley in Order to Secure Consumer Personally Identifiable Information

Understanding Gramm Leach Bliley in Order to Secure Consumer Personally Identifiable Information

What is the Gramm-Leach-Bliley Act? The Gramm-Leach-Bliley Act (GLBA) is a law that requires all financial institutions in the United States to safeguard their consumers’ sensitive data. GLBA applies to financial institutions such as organizations that offer financial or investment advice, provide consumer loans, or process consumer financial information.

Advice for Making Legal Agreements via Electronic Communication

Advice for Making Legal Agreements via Electronic Communication

/
Electronic communications have become an integral component of conducting business in today’s society. Agreements and contracts are formed over email, text messages, and other various collaborative platforms such as Office 365 or Google Drive.
Non-Disclosure Agreement Risks - When and How to Sign a Non-Disclosure Agreement

Non-Disclosure Agreement Risks - When and How to Sign a Non-Disclosure Agreement

/
Non-disclosure agreements (NDA) are often used in the technology world as a form of legal control. Many organizations even exchange NDAs amongst themselves; however, an NDA is never risk-free.
Monitoring Employee Records and Communications Best Practices

Monitoring Employee Records and Communications Best Practices

/
When organizations supply their employees with personal electronic devices, such as laptops, cell phones, or tablets, they will often have a policy or contract that explains that the employer reserves the right to monitor employee records and communications while they’re using company-owned equipment. Although these devices are used for personal communication as well as work reasons, such policies exist to ensure that company-owned devices are not abused by employees through participating in unauthorized activities. Even with policies or contracts in place, there is still a potential for an invasion of privacy, which makes such policies controversial.
Who has the Legal Right to Employee Mobile Phones, Tablets, and Computers?

Who has the Legal Right to Employee Mobile Phones, Tablets, and Computers?

/
Given that personal electronics are so prevalent in today’s society, navigating how to implement and enforce policies in the workplace regarding the use of devices (such as cell phones, tablets, and computers) can be challenging. It is often questioned who has the control over the records that are created and stored on such devices – is it the employee or the employer?
Understanding the Importance of Information Security and Personal Privacy for Your Employees

Understanding the Importance of Information Security and Personal Privacy for Your Employees

/
Continuous education is a key way that organizations can ensure that their employees stay up-to-date with current industry best practices, and teaching employees and contractors the importance of information security and personal privacy should be an integral part of it. For organizations who process personally identifiable information (PII) and protected health information (PHI), maintaining a security awareness program allows organizations to ensure that their employees and contractors are fully aware of the obligation to and importance of keeping such data secure. Because employees and contractors so frequently come into contact with PII and PHI, they are the frontline troops that secure protected information and thus must be trained on the sensitivity of the information they control, as well as the risks associated with the information. Ultimately, in this day and age, it’s irresponsible to not have a security awareness program in place.
Been Breached? How to Report Consumer Risk with a Risk Assessment

Been Breached? How to Report Consumer Risk with a Risk Assessment

/
Because there are so many different laws that regulate how and when an organization must give notice if it has had a data security breach, understanding what the correct plan of action is for your organization or determining how to report consumer risk from breaches might be daunting. Nevertheless, the laws do have one major commonality: does the consumer suffer a significant risk of harm?
Benjamin Wright on Information Security and Digital Investigations

Benjamin Wright on Information Security and Digital Investigations

/
Benjamin Wright is an attorney from Dallas, TX. He is also an instructor for the SANS Institute, where he teaches a five-day course called the “Law of Data Security and Investigations.” In this video series, KirkpatrickPrice partnered with Wright to create introductory educational materials on a variety of topics related to information security and digital investigations.
Cyber Insurance - What Is It and What is Covered Under a Cyber Insurance Policy?

Cyber Insurance - What Is It and What is Covered Under a Cyber Insurance Policy?

/
Cyber insurance – a hot topic in the law of data security. Many insurance companies have started issuing policies for cyber incidents and cyber breaches – But, what should be covered under a cyber insurance policy? Hear what expert Benjamin Wright, attorney and SANS Institute Instructor, has to say about cyber insurance.
3 Data Security & Privacy Best Practices for Your Employees

3 Data Security & Privacy Best Practices for Your Employees

/
It is considered best practice, and often required, for organizations to develop, document, and implement an information security policy. An information security policy acts as an agreement with employees with respect to data security and privacy best practices. Click to hear 3 Data Security & Privacy Best Practices that your organization should implement.
What Is an Incident Response Plan? The Collection and Evaluation of Evidence

What Is an Incident Response Plan? The Collection and Evaluation of Evidence

/
Developing an Incident Response Plan is imperative for when an organization thinks they may have experienced a data security breach or security incident. One of the most important aspects of incident response is the collection and evaluation of evidence. Watch now to learn more on incident response from Benjamin Wright.
What is a Data Security Breach?

Understanding Data Breaches with Benjamin Wright

/
It’s become quite common to see reports in the headlines about data security breaches as different types of organizations are targeted every day. The types of information or data that is stolen as a result of a breach are things like social security numbers, credit card numbers, Protected Health Information (PHI), and Personally Identifiable Information (PII), trade secrets, or intellectual property. The most important thing to consider when it comes to protecting against data breaches is it’s not a matter of if, but when, so be sure to prepare for a breach with both prevention and recovery in mind. It’s also important to be aware of what state and/or federal data breach notice laws may apply to you in the event of a security incident at your organization.

Never miss a beat. Get KirkpatrickPrice video updates.