Law of Data Security and Investigations

You are here: Home / Video / Law of Data Security and Investigations

Law of Data Security and Investigations

In these videos, KirkpatrickPrice partnered with attorney Benjamin Wright to create a series on information security and digital investigation topics. Cyber insurance, NDAs, employee awareness, consumer risk, incident response – we cover a variety of topics in this series! Security, legal, and investigative professionals can expect to learn how to manage the risks and the expectations that apply in law and ethics around information security and digital investigations.

Featured Episode:

Understanding Gramm Leach Bliley in Order to Secure Consumer Personally Identifiable Information
Benjamin Wright

Understanding Gramm Leach Bliley (GLBA) Compliance and Personally Identifiable Information

/in , /by

What is the Gramm-Leach-Bliley Act? The Gramm-Leach-Bliley Act (GLBA) is a law that requires all financial institutions in the United States to safeguard their consumers’ sensitive data. GLBA applies to financial institutions such as organizations that offer financial or investment advice, provide consumer loans, or process consumer financial information.

Read more
Advice for Making Legal Agreements via Electronic Communication

Advice for Making Legal Agreements via Electronic Communication

Electronic communications have become an integral component of conducting business in today’s society. Agreements and contracts are formed over email, text messages, and other various collaborative platforms such as Office 365 or Google Drive.
Read more
Non-Disclosure Agreement Risks - When and How to Sign a Non-Disclosure Agreement

Non-Disclosure Agreement Risks - When and How to Sign a Non-Disclosure Agreement

Non-disclosure agreements (NDA) are often used in the technology world as a form of legal control. Many organizations even exchange NDAs amongst themselves; however, an NDA is never risk-free.
Read more
Monitoring Employee Records and Communications Best Practices

Monitoring Employee Records and Communications Best Practices

When organizations supply their employees with personal electronic devices, such as laptops, cell phones, or tablets, they will often have a policy or contract that explains that the employer reserves the right to monitor employee records and communications while they’re using company-owned equipment. Although these devices are used for personal communication as well as work reasons, such policies exist to ensure that company-owned devices are not abused by employees through participating in unauthorized activities. Even with policies or contracts in place, there is still a potential for an invasion of privacy, which makes such policies controversial.
Read more
Who has the Legal Right to Employee Mobile Phones, Tablets, and Computers?

Who has the Legal Right to Employee Mobile Phones, Tablets, and Computers?

Given that personal electronics are so prevalent in today’s society, navigating how to implement and enforce policies in the workplace regarding the use of devices (such as cell phones, tablets, and computers) can be challenging. It is often questioned who has the control over the records that are created and stored on such devices – is it the employee or the employer?
Read more
Understanding the Importance of Information Security and Personal Privacy for Your Employees

Understanding the Importance of Information Security and Personal Privacy for Your Employees

Continuous education is a key way that organizations can ensure that their employees stay up-to-date with current industry best practices, and teaching employees and contractors the importance of information security and personal privacy should be an integral part of it. For organizations who process personally identifiable information (PII) and protected health information (PHI), maintaining a security awareness program allows organizations to ensure that their employees and contractors are fully aware of the obligation to and importance of keeping such data secure. Because employees and contractors so frequently come into contact with PII and PHI, they are the frontline troops that secure protected information and thus must be trained on the sensitivity of the information they control, as well as the risks associated with the information. Ultimately, in this day and age, it’s irresponsible to not have a security awareness program in place.
Read more
Been Breached? How to Report Consumer Risk with a Risk Assessment

Been Breached? How to Report Consumer Risk with a Risk Assessment

Because there are so many different laws that regulate how and when an organization must give notice if it has had a data security breach, understanding what the correct plan of action is for your organization or determining how to report consumer risk from breaches might be daunting. Nevertheless, the laws do have one major commonality: does the consumer suffer a significant risk of harm?
Read more
Benjamin Wright on Information Security and Digital Investigations

Benjamin Wright on Information Security and Digital Investigations

Benjamin Wright is an attorney from Dallas, TX. He is also an instructor for the SANS Institute, where he teaches a five-day course called the “Law of Data Security and Investigations.” In this video series, KirkpatrickPrice partnered with Wright to create introductory educational materials on a variety of topics related to information security and digital investigations.
Read more
Cyber Insurance - What Is It and What is Covered Under a Cyber Insurance Policy?

Cyber Insurance - What Is It and What is Covered Under a Cyber Insurance Policy?

Cyber insurance – a hot topic in the law of data security. Many insurance companies have started issuing policies for cyber incidents and cyber breaches – But, what should be covered under a cyber insurance policy? Hear what expert Benjamin Wright, attorney and SANS Institute Instructor, has to say about cyber insurance.
Read more
3 Data Security & Privacy Best Practices for Your Employees

3 Data Security & Privacy Best Practices for Your Employees

It is considered best practice, and often required, for organizations to develop, document, and implement an information security policy. An information security policy acts as an agreement with employees with respect to data security and privacy best practices. Click to hear 3 Data Security & Privacy Best Practices that your organization should implement.
Read more
What Is an Incident Response Plan? The Collection and Evaluation of Evidence

What Is an Incident Response Plan? The Collection and Evaluation of Evidence

Developing an Incident Response Plan is imperative for when an organization thinks they may have experienced a data security breach or security incident. One of the most important aspects of incident response is the collection and evaluation of evidence. Watch now to learn more on incident response from Benjamin Wright.
Read more
What is a Data Security Breach?

Understanding Data Breaches with Benjamin Wright

It’s become quite common to see reports in the headlines about data security breaches as different types of organizations are targeted every day. The types of information or data that is stolen as a result of a breach are things like social security numbers, credit card numbers, Protected Health Information (PHI), and Personally Identifiable Information (PII), trade secrets, or intellectual property. The most important thing to consider when it comes to protecting against data breaches is it’s not a matter of if, but when, so be sure to prepare for a breach with both prevention and recovery in mind. It’s also important to be aware of what state and/or federal data breach notice laws may apply to you in the event of a security incident at your organization.
Read more

Never miss a beat. Get KirkpatrickPrice video updates.

Subscribe to Our YouTube Channel