Attorney Advertising

Articles Tagged with Technology

by

sunrise-963348-m.jpgThere was an interesting article in Wired.com, the magazine, recently that put a new twist on an old topic: What’s the best way to make sure the internet, and all of the information that travels on it every day, is safe? How do you really make cybersecurity, secure? After all, the safer the information, the more secure people will feel, and the use of the web, for everything from e-commerce to portable electronic healthcare records, will grow. The flip-side is just as true: the more hacks, hackers and data-breaches, the slower the pace of progress. The good will be harder to come by if the bad is hard to avoid.

Peter W. Singer, who wrote the article, entitled, “How to Save the Net: A CDC for Cybercrime,” which was posted on 08.19.14, 6:30 a.m., proposes an interesting idea.

The CDC, otherwise known as the Centers for Disease Control, is much in the news recently. Chances are, if you’ve seen news stories about the Ebola outbreak in West Africa, or the MERS outbreak earlier this year, the CDC has come up in more than just passing. It’s the clearinghouse for health related information, combating communicable diseases, the world over. There was just an article, by Betsy McKay, Nicholas Bariyo, and Drew Hinshaw, that appeared in the August 23-24, 2014 Weekend Edition of the Wall Street Journal in the Review Section, which talks about the invaluable help the CDC gave to another country that used to be at risk of virulent Ebola outbreaks. Uganda used to send blood samples to the CDC’s facilities in Atlanta, to be screened for Ebola. Now, thanks to technology and training the CDC provided, Ugandans do the same for themselves, in country, which lets them detect outbreaks of the deadly virus sooner, respond to them quicker, and stop them before they do large scale damage.

A central clearinghouse for ideas, both proven and proposed, to safeguard digital information seems like a good idea. Having a one size fits all approach, in which the government entity is the one upon whom everyone fighting the problem relies, may not be. That’s not really even the job the CDC is doing with Ebola.

Look at how the Federal Trade Commission is policing cybersecurity: the whole point of the its Reasonable Precautions cybersecurity standard, and its enforcement, and codification, on a case by case basis, is that “Reasonable Precautions” become reasonable, or not, based on the particular facts of a given situation. What might be the right protection for digital information exchanged between wholesale distributors and retailers, might not be sufficient to protect information between retailers and consumers, and that in turn might not be enough to safeguard patients’ healthcare histories when they are exchanged among medical providers. What might be a commercially reasonable effort to safeguard information in one industry, might not be in another.

The FTC encourages individual companies, and the industries in which they compete, to voluntarily join together to ensure data security. By making the terms Industry Standard Practices and Commercially Reasonable Efforts mean something substantive, companies can protect themselves against FTC enforcement actions for lax data security, as we’ve previously noted. Look no further than the April 7, 2014 decision of U.S.D.J. Esther Salas, in The Federal Trade Commission, Plaintiff, v. Wyndham Worldwide Corp., et al., Defendants, Civil Action No. 13-1887 (ES), United States District Court, D. New Jersey, to see why. If a company can’t figure out what the FTC wants it to do to protect its customers’ data, then it should create, and live by, Industry Standard Practices which will become Commercially Reasonable Efforts if all the major companies in the industry implement them. Many companies already say they do this anyway, right in their privacy policies. Instead of meaningless legal verbiage, make the terms mean something concrete; show they can work, and the FTC will have little to complain about, even if those efforts occasionally fail. Some of the most vulnerable industries, including retail, are banding together to do just that.

The Retail Industries Leaders Association, or RILA, as we previously noted, formed a voluntary clearinghouse, known as the Retail Cyber Intelligence Sharing Center, or R-CISC, to develop and share industry leading practices in cybersecurity, by communicating amongst themselves information they learn regarding threats and defenses. The reported backers of the initiative have put in a lot of effort: they’ve conferred with cybersecurity experts and involved interested government agencies. They also have a lot at stake: credit cards and financial information are common targets; just ask the RILA members.

One main benefit of a CDC for the wired world, according to Peter W. Singer, is the trust and confidence it will bring to all those who rely on it. By bringing the best and brightest together under one centralized government-funded roof, it would allow users to know that independent experts, with their best interests in mind, were on the job, fighting off the bad guys. That’s a good thing; but is that the only way to achieve it?

What if the businesses which hold their customers’ information on line were held accountable for not doing enough to protect that data? What if they faced the loss of business, and profits, as well as a government enforcement action, if they didn’t do enough? What lengths would they go to in order to keep their customers’ trust?

If you look at some quotes in the RILA press release, from the people involved in forming the R-CISC, you’ll see that trust is a recurring theme there, too:
Continue reading

by

snow.IMG_00000242 (3) - Copy.jpgAdvances in business technology are becoming routine, even in the most unexpected places. Each new advance comes with both risks and rewards. One of the more recent, the mobile payment app, accessed through a customer’s mobile phone, points out how the good and the bad often go hand in hand: big data, marketing, privacy, cybersecurity, biometrics, and liability all wrapped up into one. How to benefit from this technology, without being caught in its snares, is a lesson every business should learn.

We previously talked about the costs involved when digital information is stolen from a business. At approximately $188 per stolen record in the United States, the costs quickly add up, even for small and medium size businesses. At that price, think of how hard it would be for a parts supplier, a small manufacturer, or a retail store to cover the loss of a few thousand, or even a few hundred, customers’ payment records.

Customers like the mobile payment apps; they make the buying experience seamlessly simply. Their ease of use lets the customer pay for a purchase without much more than punching up the app and turning the smartphone towards the store’s scanner; all without the sting of paying with cash or the necessity of pulling out a credit card. Instead, the credit card information is tied to the app. That, however, is where the trouble begins.

Mobile payment apps offer even more advantages for businesses. Many, including Henry Helgeson, CEO of payment systems software provider Merchant Warehouse, in a June 18, 2013 article in Forbes, have touted the possibilities. If done properly, and widely, mobile payment apps can harness the big data capabilities of smartphones to help businesses:
Continue reading

by

IMG_00000183.jpg Almost every New York Business uses digital information daily and therefore runs the risk of having it stolen. The potential costs involved are significant and the risks are real. How to protect against the dangers, consequences, and liability arising from data breaches, while still taking advantage of the benefits of using digital information, is a challenge every business, large and small, must become aware of and learn how to meet. In this post we’ll take a look at the dangers involved, and in subsequent posts we’ll examine the available remedies.

The most prominent data breach in the news recently, as we’ve discussed, is the one at Target stores. It alone involved the theft of credit and debit card information of more than 40 million people, or more than 1/8 of the total population of the United States. The potential costs, and liability, involved are huge: according to a report by Ponemon Institute, released in May, 2013, the average cost of a breach per stolen record, globally, was $136; in the United States it was even higher, $188. Multiplied by 40 million records compromised in the Target breach, the costs could run into the billions of dollars.
Continue reading

by

SBUH.jpg Digital information can be both a blessing and a curse for modern day businesses. It’s seemingly everywhere because, it seems, people leave it everywhere, even unsuspectingly. Even a little can tell you a lot, if you know where to look. Apparently innocuous information, like where you are at any given moment, can tell more about you, and be more valuable, than you might think. A recent story in the Wall Street Journal drives this point home.

We’ve written a lot recently about the wealth of information available in the modern-day digital age: how it can be used to investigate insurance fraud; how it can help criminals steal; or even how it can be their target. What’s becoming ever more clear, however, is the tremendous impact this information can and will have on businesses and commerce as a whole.

The Wall Street Journal story deals with turning location into dollar signs. Published on Tuesday January 14, 2013, it focuses on how companies get a huge amount of specific, detailed, though anonymous, information about customers, just by knowing where they are and where they’ve been, each and every day. They use this information in targeted marketing campaigns to increase their profits. The kicker is that they get this information, about their customers’ travels, habits, and interests, all simply by tracking their customers location, and most people probably don’t even realize they’re doing it.
Continue reading