What is the Gramm-Leach-Bliley Act? The Gramm-Leach-Bliley Act (GLBA) is a law that requires all financial institutions in the United States to safeguard their consumers’ sensitive data. GLBA applies to financial institutions such as organizations that offer financial or investment advice, provide consumer loans, or process consumer financial information.
https://kirkpatrickprice.com/wp-content/uploads/2018/08/Advice-for-Making-Legal-Agreements-via-Electronic-Communications-500x700_video.png 500 700 Benjamin Wright https://kirkpatrickprice.com/wp-content/uploads/2016/06/KirkpatrickPrice_Logo.png Benjamin Wright2018-08-09 08:01:002018-09-06 11:18:38Advice for Making Legal Agreements via Electronic Communication
Electronic communications have become an integral component of conducting business in today’s society. Agreements and contracts are formed over email, text messages, and other various collaborative platforms such as Office 365 or Google Drive.
https://kirkpatrickprice.com/wp-content/uploads/2018/08/Non-Disclosure-Agreement-Risks-When-and-How-to-Sign-a-Non-Disclosure-Agreement-500x700_video.png 500 700 Benjamin Wright https://kirkpatrickprice.com/wp-content/uploads/2016/06/KirkpatrickPrice_Logo.png Benjamin Wright2018-08-09 08:00:002019-01-21 15:21:43Non-Disclosure Agreement Risks - When and How to Sign a Non-Disclosure Agreement
Non-disclosure agreements (NDA) are often used in the technology world as a form of legal control. Many organizations even exchange NDAs amongst themselves; however, an NDA is never risk-free.
https://kirkpatrickprice.com/wp-content/uploads/2018/07/Monitoring-Employee-Records-and-Communications-Best-Practices-500x700_video.png 500 700 Benjamin Wright https://kirkpatrickprice.com/wp-content/uploads/2016/06/KirkpatrickPrice_Logo.png Benjamin Wright2018-07-31 08:02:002018-09-06 11:18:48Monitoring Employee Records and Communications Best Practices
When organizations supply their employees with personal electronic devices, such as laptops, cell phones, or tablets, they will often have a policy or contract that explains that the employer reserves the right to monitor employee records and communications while they’re using company-owned equipment. Although these devices are used for personal communication as well as work reasons, such policies exist to ensure that company-owned devices are not abused by employees through participating in unauthorized activities. Even with policies or contracts in place, there is still a potential for an invasion of privacy, which makes such policies controversial.
https://kirkpatrickprice.com/wp-content/uploads/2018/07/Who-has-the-Legal-Right-to-Employee-Mobile-Phones-Tablets-and-Computers-500x700_video.png 500 700 Benjamin Wright https://kirkpatrickprice.com/wp-content/uploads/2016/06/KirkpatrickPrice_Logo.png Benjamin Wright2018-07-31 08:01:002018-09-06 11:18:52Who has the Legal Right to Employee Mobile Phones, Tablets, and Computers?
Given that personal electronics are so prevalent in today’s society, navigating how to implement and enforce policies in the workplace regarding the use of devices (such as cell phones, tablets, and computers) can be challenging. It is often questioned who has the control over the records that are created and stored on such devices – is it the employee or the employer?
https://kirkpatrickprice.com/wp-content/uploads/2018/07/Understanding-the-Importance-of-Information-Security-and-Personal-Privacy-for-Your-Employees-500x700_video.png 500 700 Benjamin Wright https://kirkpatrickprice.com/wp-content/uploads/2016/06/KirkpatrickPrice_Logo.png Benjamin Wright2018-07-26 08:03:002018-09-06 11:18:56Understanding the Importance of Information Security and Personal Privacy for Your Employees
Continuous education is a key way that organizations can ensure that their employees stay up-to-date with current industry best practices, and teaching employees and contractors the importance of information security and personal privacy should be an integral part of it. For organizations who process personally identifiable information (PII) and protected health information (PHI), maintaining a security awareness program allows organizations to ensure that their employees and contractors are fully aware of the obligation to and importance of keeping such data secure. Because employees and contractors so frequently come into contact with PII and PHI, they are the frontline troops that secure protected information and thus must be trained on the sensitivity of the information they control, as well as the risks associated with the information. Ultimately, in this day and age, it’s irresponsible to not have a security awareness program in place.
https://kirkpatrickprice.com/wp-content/uploads/2018/07/Been-Breached-How-to-Report-Consumer-Risk-with-a-Risk-Assessment-500x700_video.png 500 700 Benjamin Wright https://kirkpatrickprice.com/wp-content/uploads/2016/06/KirkpatrickPrice_Logo.png Benjamin Wright2018-07-26 08:02:002018-09-06 11:19:00Been Breached? How to Report Consumer Risk with a Risk Assessment
Because there are so many different laws that regulate how and when an organization must give notice if it has had a data security breach, understanding what the correct plan of action is for your organization or determining how to report consumer risk from breaches might be daunting. Nevertheless, the laws do have one major commonality: does the consumer suffer a significant risk of harm?
https://kirkpatrickprice.com/wp-content/uploads/2018/07/Information-Security-and-Digital-Investigations-with-Benjamin-Wright-500x700_video.png 500 700 Benjamin Wright https://kirkpatrickprice.com/wp-content/uploads/2016/06/KirkpatrickPrice_Logo.png Benjamin Wright2018-07-26 08:01:002018-09-06 11:37:21Benjamin Wright on Information Security and Digital Investigations
Benjamin Wright is an attorney from Dallas, TX. He is also an instructor for the SANS Institute, where he teaches a five-day course called the “Law of Data Security and Investigations.” In this video series, KirkpatrickPrice partnered with Wright to create introductory educational materials on a variety of topics related to information security and digital investigations.
https://kirkpatrickprice.com/wp-content/uploads/2017/07/What-Is-Cyber-Insurance.png 500 700 Benjamin Wright https://kirkpatrickprice.com/wp-content/uploads/2016/06/KirkpatrickPrice_Logo.png Benjamin Wright2017-07-14 06:00:002018-09-06 11:37:25Cyber Insurance - What Is It and What is Covered Under a Cyber Insurance Policy?
Cyber insurance – a hot topic in the law of data security. Many insurance companies have started issuing policies for cyber incidents and cyber breaches – But, what should be covered under a cyber insurance policy? Hear what expert Benjamin Wright, attorney and SANS Institute Instructor, has to say about cyber insurance.
https://kirkpatrickprice.com/wp-content/uploads/2017/07/3-Data-Security-and-Privacy-Best-Practices-for-Your-Employees.png 500 700 Benjamin Wright https://kirkpatrickprice.com/wp-content/uploads/2016/06/KirkpatrickPrice_Logo.png Benjamin Wright2017-07-07 06:00:002018-09-06 11:37:293 Data Security & Privacy Best Practices for Your Employees
It is considered best practice, and often required, for organizations to develop, document, and implement an information security policy. An information security policy acts as an agreement with employees with respect to data security and privacy best practices. Click to hear 3 Data Security & Privacy Best Practices that your organization should implement.
https://kirkpatrickprice.com/wp-content/uploads/2017/06/WHAT-IS-AN-INCIDENT-RESPONSE-PLAN-Blog.png 500 700 Benjamin Wright https://kirkpatrickprice.com/wp-content/uploads/2016/06/KirkpatrickPrice_Logo.png Benjamin Wright2017-06-30 07:00:002018-09-06 11:37:33What Is an Incident Response Plan? The Collection and Evaluation of Evidence
Developing an Incident Response Plan is imperative for when an organization thinks they may have experienced a data security breach or security incident. One of the most important aspects of incident response is the collection and evaluation of evidence. Watch now to learn more on incident response from Benjamin Wright.
https://kirkpatrickprice.com/wp-content/uploads/2016/07/what-is-a-data-security-breach.png 500 700 Benjamin Wright https://kirkpatrickprice.com/wp-content/uploads/2016/06/KirkpatrickPrice_Logo.png Benjamin Wright2016-07-15 08:00:192018-09-06 11:37:48Understanding Data Breaches with Benjamin Wright
It’s become quite common to see reports in the headlines about data security breaches as different types of organizations are targeted every day. The types of information or data that is stolen as a result of a breach are things like social security numbers, credit card numbers, Protected Health Information (PHI), and Personally Identifiable Information (PII), trade secrets, or intellectual property. The most important thing to consider when it comes to protecting against data breaches is it’s not a matter of if, but when, so be sure to prepare for a breach with both prevention and recovery in mind. It’s also important to be aware of what state and/or federal data breach notice laws may apply to you in the event of a security incident at your organization.