Are you over 18 and want to see adult content?
More Annotations
![A complete backup of lipatinantioquia.com.co](https://www.archivebay.com/archive2/3d3c0fa8-9ece-4d82-afec-318906c83323.png)
A complete backup of lipatinantioquia.com.co
Are you over 18 and want to see adult content?
![A complete backup of workout-italia.it](https://www.archivebay.com/archive2/22c623b3-edcd-40cc-aaf5-b80adade8925.png)
A complete backup of workout-italia.it
Are you over 18 and want to see adult content?
![A complete backup of holycrapitslate.com](https://www.archivebay.com/archive2/c9207e91-02ec-4caa-bb4d-f762f39561c1.png)
A complete backup of holycrapitslate.com
Are you over 18 and want to see adult content?
![A complete backup of yumehana-yamaguchi.com](https://www.archivebay.com/archive2/f68319b5-772a-463b-9e3f-9fae236c395f.png)
A complete backup of yumehana-yamaguchi.com
Are you over 18 and want to see adult content?
![A complete backup of centralexpresso.com](https://www.archivebay.com/archive2/eceb584d-20ec-407c-9e52-5ca33e00e661.png)
A complete backup of centralexpresso.com
Are you over 18 and want to see adult content?
![A complete backup of bwmonastery.squarespace.com](https://www.archivebay.com/archive2/1d902d62-26cd-4e16-b7b8-9aab471d0994.png)
A complete backup of bwmonastery.squarespace.com
Are you over 18 and want to see adult content?
![A complete backup of facialoralsurgery.com](https://www.archivebay.com/archive2/c1d3d510-5f72-4d24-a6f7-95d5ec1caec3.png)
A complete backup of facialoralsurgery.com
Are you over 18 and want to see adult content?
![A complete backup of amplitudeacustica.com.br](https://www.archivebay.com/archive2/ca19644d-8dc8-4c53-a288-2d36c83d51ee.png)
A complete backup of amplitudeacustica.com.br
Are you over 18 and want to see adult content?
Favourite Annotations
![A complete backup of pediapendidikan.com](https://www.archivebay.com/archive2/0d3b6c5b-176d-42a1-802a-f23cb52c0581.png)
A complete backup of pediapendidikan.com
Are you over 18 and want to see adult content?
![A complete backup of summonersrift.ru](https://www.archivebay.com/archive2/cb286e47-6cd2-4653-96fc-b9a4cd102f9d.png)
A complete backup of summonersrift.ru
Are you over 18 and want to see adult content?
![A complete backup of intensivacursos.com.br](https://www.archivebay.com/archive2/36e80e22-56a0-4122-a750-65e9fc71856a.png)
A complete backup of intensivacursos.com.br
Are you over 18 and want to see adult content?
![A complete backup of centrumvoorafstandsonderwijs.be](https://www.archivebay.com/archive2/99e84d35-1279-44dc-9550-92ee7e8a15bc.png)
A complete backup of centrumvoorafstandsonderwijs.be
Are you over 18 and want to see adult content?
![A complete backup of nlp-trainings-tille.de](https://www.archivebay.com/archive2/6a5bf50f-c6c8-4d8f-9e9d-04191b2465b3.png)
A complete backup of nlp-trainings-tille.de
Are you over 18 and want to see adult content?
Text
DATA COUNSEL
The FTC’s guidance begins with the data, and the 2016 guidance on big data and subsequent AI development addresses this most directly. The 2020 guidance then highlights important principles such as transparency, explain-ability, fairness, accuracy and accountability for organizations to consider. And the 2021 guidance elaborates on how TEXAS PASSES BILL ALLOWING PUBLIC LISTING OF DATA BREACHES On May 31, 2021, the Texas Legislature approved House Bill 3746, which amends the Texas Business and Commerce Code § 521.053 relating to certain notifications required following a data breach involving Texas residents.. The bill includes the existing requirement that any business or entity notify the attorney general of a data breach within 60 days of its occurrence if the breach involves atHOUSE BILL 3746
On May 31, 2021, the Texas Legislature approved House Bill 3746, which amends the Texas Business and Commerce Code § 521.053 relating to certain notificationsWORK-FROM-HOME
Incident Response and Forensic Challenges in a Work-from-Home World. Our 2021 Data Security Incident Response Report discussed the challenges that organizations are facing with forensic investigations and ransomware recovery in the work-from-home world. Some of the greatest difficulties our clients encountered in the past yearinvolved key
UPDATED EU STANDARD CONTRACTUAL CLAUSES ARE FINALLY HERE Updated EU Standard Contractual Clauses Are Finally Here. On June 4, 2021, the European Union’s (EU) executive branch, the European Commission (EC), released their new Standard Contractual Clauses (SCCs) for compliant cross-border data transfers under the EU’s General Data Protection Regulation (GDPR), ending a long wait forrevised SCCs.
THE NEW (IF DECIDEDLY NOT ‘FINAL’) FRONTIER OF ARTIFICIAL The week of April 19 was an eventful one for practitioners following the evolution of potential artificial intelligence (AI) enforcement both in the United States and abroad, answering some questions regarding which regulators were going to take a more active and prospective role in regulating and advising on AI use and what those roles might look like. KEY CHANGES TO NEW YORK BREACH NOTIFICATION AND DATA The New York SHIELD Act, officially titled the Stop Hacks and Improve Electronic Data Security Act, amends New York’s existing data breach notification law in several significant ways and adds a number of data security protection requirements. The amended data breach notification obligations went into effect on Oct. 23, 2019, with the data security requirements going into effect on WAS OFAC'S ADVISORY AN OCTOBER SURPRISE OR MORE OF THE In 2018, the average ransom amount was $28,920. In 2019, the average ransom amount increased to $302,539. Ransom demands have continued to grow in 2020, and as our next report will reflect, we are seeing demands in excess of $50 million. Exfiltration is an issue in a growing number of incidents (whereas only 6% of ransomware incidentsin 2019
SEVENTH ANNUAL DATA SECURITY INCIDENT RESPONSE REPORT Welcome to our seventh Data Security Incident Response Report (DSIR).It has been quite a year from many perspectives. Thank you to everyone we have continued to partner and work with to create thisreport.
NEW YEAR BRINGS TRIO OF U.S. BREACH NOTIFICATION Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
DATA COUNSEL
The FTC’s guidance begins with the data, and the 2016 guidance on big data and subsequent AI development addresses this most directly. The 2020 guidance then highlights important principles such as transparency, explain-ability, fairness, accuracy and accountability for organizations to consider. And the 2021 guidance elaborates on how TEXAS PASSES BILL ALLOWING PUBLIC LISTING OF DATA BREACHES On May 31, 2021, the Texas Legislature approved House Bill 3746, which amends the Texas Business and Commerce Code § 521.053 relating to certain notifications required following a data breach involving Texas residents.. The bill includes the existing requirement that any business or entity notify the attorney general of a data breach within 60 days of its occurrence if the breach involves atHOUSE BILL 3746
On May 31, 2021, the Texas Legislature approved House Bill 3746, which amends the Texas Business and Commerce Code § 521.053 relating to certain notificationsWORK-FROM-HOME
Incident Response and Forensic Challenges in a Work-from-Home World. Our 2021 Data Security Incident Response Report discussed the challenges that organizations are facing with forensic investigations and ransomware recovery in the work-from-home world. Some of the greatest difficulties our clients encountered in the past yearinvolved key
UPDATED EU STANDARD CONTRACTUAL CLAUSES ARE FINALLY HERE Updated EU Standard Contractual Clauses Are Finally Here. On June 4, 2021, the European Union’s (EU) executive branch, the European Commission (EC), released their new Standard Contractual Clauses (SCCs) for compliant cross-border data transfers under the EU’s General Data Protection Regulation (GDPR), ending a long wait forrevised SCCs.
THE NEW (IF DECIDEDLY NOT ‘FINAL’) FRONTIER OF ARTIFICIAL The week of April 19 was an eventful one for practitioners following the evolution of potential artificial intelligence (AI) enforcement both in the United States and abroad, answering some questions regarding which regulators were going to take a more active and prospective role in regulating and advising on AI use and what those roles might look like. KEY CHANGES TO NEW YORK BREACH NOTIFICATION AND DATA The New York SHIELD Act, officially titled the Stop Hacks and Improve Electronic Data Security Act, amends New York’s existing data breach notification law in several significant ways and adds a number of data security protection requirements. The amended data breach notification obligations went into effect on Oct. 23, 2019, with the data security requirements going into effect on WAS OFAC'S ADVISORY AN OCTOBER SURPRISE OR MORE OF THE In 2018, the average ransom amount was $28,920. In 2019, the average ransom amount increased to $302,539. Ransom demands have continued to grow in 2020, and as our next report will reflect, we are seeing demands in excess of $50 million. Exfiltration is an issue in a growing number of incidents (whereas only 6% of ransomware incidentsin 2019
SEVENTH ANNUAL DATA SECURITY INCIDENT RESPONSE REPORT Welcome to our seventh Data Security Incident Response Report (DSIR).It has been quite a year from many perspectives. Thank you to everyone we have continued to partner and work with to create thisreport.
NEW YEAR BRINGS TRIO OF U.S. BREACH NOTIFICATION Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
UPDATED EU STANDARD CONTRACTUAL CLAUSES ARE FINALLY HERE Updated EU Standard Contractual Clauses Are Finally Here. On June 4, 2021, the European Union’s (EU) executive branch, the European Commission (EC), released their new Standard Contractual Clauses (SCCs) for compliant cross-border data transfers under the EU’s General Data Protection Regulation (GDPR), ending a long wait forrevised SCCs.
WORK-FROM-HOME
Incident Response and Forensic Challenges in a Work-from-Home World. Our 2021 Data Security Incident Response Report discussed the challenges that organizations are facing with forensic investigations and ransomware recovery in the work-from-home world. Some of the greatest difficulties our clients encountered in the past yearinvolved key
SURVIVING THE PANDEMIC: YES, YOU MAY HAVE TO PAY A RANSOM Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
THE SCOURGE OF RANSOMWARE The Scourge of Ransomware. Our 2021 Data Security Incident Response Report (DSIR) described ransomware as a scourge. There are stories every day about new threat actor groups and their victims. There are task forces, law enforcement initiatives, discussions by legislators about laws to help address the problem, and real-world impact from THE NOT-SO-HIDDEN FTC GUIDANCE ON ORGANIZATIONAL USE OF Our last AI post on this blog, the New (if Decidedly Not ‘Final’) Frontier of Artificial Intelligence Regulation, touched on both the Federal Trade Commission’s (FTC) April 19, 2021, AI guidance and the European Commission’s proposed AI Regulation.The FTC’s 2021 guidance referenced, in large part, the FTC’s April 2020 post “Using Artificial Intelligence and Algorithms.” KEY CHANGES TO NEW YORK BREACH NOTIFICATION AND DATA The New York SHIELD Act, officially titled the Stop Hacks and Improve Electronic Data Security Act, amends New York’s existing data breach notification law in several significant ways and adds a number of data security protection requirements. The amended data breach notification obligations went into effect on Oct. 23, 2019, with the data security requirements going into effect on EXECUTIVE ORDER ON IMPROVING THE NATION’S CYBERSECURITY In response to recent highly publicized cybersecurity incidents, President Biden signed an Executive Order on May 12, 2021, that contains eight key initiatives aimed at modernizing the federal government’s response to cyberattacks.. Although the initiatives outlined in the Executive Order only apply to federal contractors (many of which already comply with agency-specific cybersecurity rules PRIVACY, PRICING, AND THE VALUE OF CONSUMER DATA: THE Thi article a originall ublishe in ol 30 o 2 al 202 edition o he ourna o he ntitrust C an rivac Section o he 3 Caliornia awyers ssociation. One of the most closely watched areas of CCPA compliance is EVERYWHERE COMMERCE: TOP STRATEGIES FOR MITIGATING RISK Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
NEW YEAR BRINGS TRIO OF U.S. BREACH NOTIFICATION Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
DSIR 2021 | DATA COUNSEL Posted in Data Security Incident Response. Our 2021 Data Security Incident Response Report discussed the challenges that organizations are facing with forensic investigations and ransomware recovery in the work-from-home world. Some of the greatest difficulties our clients encountered in the past year involved key components of incident THE NEW (IF DECIDEDLY NOT ‘FINAL’) FRONTIER OF ARTIFICIAL The week of April 19 was an eventful one for practitioners following the evolution of potential artificial intelligence (AI) enforcement both in the United States and abroad, answering some questions regarding which regulators were going to take a more active and prospective role in regulating and advising on AI use and what those roles might look like. KEY CHANGES TO NEW YORK BREACH NOTIFICATION AND DATA The New York SHIELD Act, officially titled the Stop Hacks and Improve Electronic Data Security Act, amends New York’s existing data breach notification law in several significant ways and adds a number of data security protection requirements. The amended data breach notification obligations went into effect on Oct. 23, 2019, with the data security requirements going into effect on WAS OFAC'S ADVISORY AN OCTOBER SURPRISE OR MORE OF THE In 2018, the average ransom amount was $28,920. In 2019, the average ransom amount increased to $302,539. Ransom demands have continued to grow in 2020, and as our next report will reflect, we are seeing demands in excess of $50 million. Exfiltration is an issue in a growing number of incidents (whereas only 6% of ransomware incidentsin 2019
WELCOME TO THE DIGITAL TRANSFORMATION AND DATA ECONOMY Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
CPRA | DATA COUNSEL
Summary Advising our clients on compliance with laws and regulations is, hands down, the most important aspect of our role as attorneys. In addition to seeking counsel on their obligations under laws and regulations, however – motivated by industry trends, utilization of and dependence on third-party services and platforms, and, this year, the COVID-19 pandemic CARES ACT SIGNIFICANTLY REVISES PART 2 RULES TO BETTER CARES Act Significantly Revises Part 2 Rules to Better Align with HIPAA. On March 27, 2020, President Trump signed the Coronavirus Aid, Relief, and Economic Security Act (the “CARES Act”) into law. While the focus of the CARES Act has been on direct financial aid to Americans, the Act also contains a number of material revisions to the EVERYWHERE COMMERCE: TOP STRATEGIES FOR MITIGATING RISK Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
NYDFS | DATA COUNSEL March is now here and with it the Cybersecurity Regulation of the New York Department of Financial Services (NYDFS) is now in full force and effect, including requirements relating to Third Party Service Providers (e.g., vendors, suppliers, agents). NEW YORK LEGISLATURE INTRODUCES CCPA CLONE WITH PRIVATE Senate Bill S567 (SB 567). SB 567 is nearly a clone of the CCPA, but notably includes a private right of action. In particular, the law specifies that a consumer who suffers an injury in fact may recover the greater of statutory damages of $1,000 or actual damages, and $3,000 or actual damages for an intentional violation. DSIR 2021 | DATA COUNSEL Posted in Data Security Incident Response. Our 2021 Data Security Incident Response Report discussed the challenges that organizations are facing with forensic investigations and ransomware recovery in the work-from-home world. Some of the greatest difficulties our clients encountered in the past year involved key components of incident THE NEW (IF DECIDEDLY NOT ‘FINAL’) FRONTIER OF ARTIFICIAL The week of April 19 was an eventful one for practitioners following the evolution of potential artificial intelligence (AI) enforcement both in the United States and abroad, answering some questions regarding which regulators were going to take a more active and prospective role in regulating and advising on AI use and what those roles might look like. KEY CHANGES TO NEW YORK BREACH NOTIFICATION AND DATA The New York SHIELD Act, officially titled the Stop Hacks and Improve Electronic Data Security Act, amends New York’s existing data breach notification law in several significant ways and adds a number of data security protection requirements. The amended data breach notification obligations went into effect on Oct. 23, 2019, with the data security requirements going into effect on WAS OFAC'S ADVISORY AN OCTOBER SURPRISE OR MORE OF THE In 2018, the average ransom amount was $28,920. In 2019, the average ransom amount increased to $302,539. Ransom demands have continued to grow in 2020, and as our next report will reflect, we are seeing demands in excess of $50 million. Exfiltration is an issue in a growing number of incidents (whereas only 6% of ransomware incidentsin 2019
WELCOME TO THE DIGITAL TRANSFORMATION AND DATA ECONOMY Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
CPRA | DATA COUNSEL
Summary Advising our clients on compliance with laws and regulations is, hands down, the most important aspect of our role as attorneys. In addition to seeking counsel on their obligations under laws and regulations, however – motivated by industry trends, utilization of and dependence on third-party services and platforms, and, this year, the COVID-19 pandemic CARES ACT SIGNIFICANTLY REVISES PART 2 RULES TO BETTER CARES Act Significantly Revises Part 2 Rules to Better Align with HIPAA. On March 27, 2020, President Trump signed the Coronavirus Aid, Relief, and Economic Security Act (the “CARES Act”) into law. While the focus of the CARES Act has been on direct financial aid to Americans, the Act also contains a number of material revisions to the EVERYWHERE COMMERCE: TOP STRATEGIES FOR MITIGATING RISK Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
NYDFS | DATA COUNSEL March is now here and with it the Cybersecurity Regulation of the New York Department of Financial Services (NYDFS) is now in full force and effect, including requirements relating to Third Party Service Providers (e.g., vendors, suppliers, agents). NEW YORK LEGISLATURE INTRODUCES CCPA CLONE WITH PRIVATE Senate Bill S567 (SB 567). SB 567 is nearly a clone of the CCPA, but notably includes a private right of action. In particular, the law specifies that a consumer who suffers an injury in fact may recover the greater of statutory damages of $1,000 or actual damages, and $3,000 or actual damages for an intentional violation.DATA COUNSEL
The FTC’s guidance begins with the data, and the 2016 guidance on big data and subsequent AI development addresses this most directly. The 2020 guidance then highlights important principles such as transparency, explain-ability, fairness, accuracy and accountability for organizations to consider. And the 2021 guidance elaborates on how UPDATED EU STANDARD CONTRACTUAL CLAUSES ARE FINALLY HERE On June 4, 2021, the European Union’s (EU) executive branch, the European Commission (EC), released their new Standard Contractual Clauses (SCCs) for compliant cross-border data transfers under the EU’s General Data Protection Regulation (GDPR), ending a long wait for revised SCCs.The new SCCs resolve certain practical issues companies faced when using the older versions but| DATA COUNSEL
As reflected in our 2021 Data Security Incident Response Report 2020 saw a sharp spike in the number of incidents involving vendors, which amounted to over 25 percent of the total incidents handled in 2020, and the trend is continuing well into 2021. DRAMATIC INCREASE IN THE NUMBER OF THIRD-PARTY VENDOR As reflected in our 2021 Data Security Incident Response Report 2020 saw a sharp spike in the number of incidents involving vendors, which amounted to over 25 percent of the total incidents handled in 2020, and the trend is continuing well into 2021. This spike resulted from companies’ increased reliance on vendors to carry out tasks involving personal information, along with an INCIDENT RESPONSE AND FORENSIC CHALLENGES IN A WORK-FROM Incident Response and Forensic Challenges in a Work-from-Home World. Our 2021 Data Security Incident Response Report discussed the challenges that organizations are facing with forensic investigations and ransomware recovery in the work-from-home world. Some of the greatest difficulties our clients encountered in the past yearinvolved key
CARES ACT SIGNIFICANTLY REVISES PART 2 RULES TO BETTER CARES Act Significantly Revises Part 2 Rules to Better Align with HIPAA. On March 27, 2020, President Trump signed the Coronavirus Aid, Relief, and Economic Security Act (the “CARES Act”) into law. While the focus of the CARES Act has been on direct financial aid to Americans, the Act also contains a number of material revisions to the CONGRATULATIONS TO SARA GOLDSTEIN Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
CCPA NOTICE REQUIREMENTS FOR STATUTORY DAMAGES CCPA Notice Requirements for Statutory Damages. Beginning on Jan. 1, 2020, companies that collect personal information of California residents need to be prepared to prevent and defend against potentially catastrophic litigation if such personal information becomes compromised. Specifically, under the California Consumer Protection Act (CCPA EVERYWHERE COMMERCE: TOP STRATEGIES FOR MITIGATING RISK Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
COMPLIANCE AND CYBERSECURITY BEST PRACTICES REWARDED WITH Compliance and Cybersecurity Best Practices Rewarded with HIPAA Safe Harbor. On January 5, 2021, H.R. 7898 was signed into law with little fanfare, thereby amending the Health Information Technology for Economic and Clinical Health Act. As the healthcare industry continues to serve as one of the top targets for cybersecurity threatactors
DATA COUNSEL
The FTC’s guidance begins with the data, and the 2016 guidance on big data and subsequent AI development addresses this most directly. The 2020 guidance then highlights important principles such as transparency, explain-ability, fairness, accuracy and accountability for organizations to consider. And the 2021 guidance elaborates on how SURVIVING THE PANDEMIC: YES, YOU MAY HAVE TO PAY A RANSOM Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
WAS OFAC'S ADVISORY AN OCTOBER SURPRISE OR MORE OF THE In 2018, the average ransom amount was $28,920. In 2019, the average ransom amount increased to $302,539. Ransom demands have continued to grow in 2020, and as our next report will reflect, we are seeing demands in excess of $50 million. Exfiltration is an issue in a growing number of incidents (whereas only 6% of ransomware incidentsin 2019
KEY CHANGES TO NEW YORK BREACH NOTIFICATION AND DATA The New York SHIELD Act, officially titled the Stop Hacks and Improve Electronic Data Security Act, amends New York’s existing data breach notification law in several significant ways and adds a number of data security protection requirements. The amended data breach notification obligations went into effect on Oct. 23, 2019, with the data security requirements going into effect on THE NEW (IF DECIDEDLY NOT ‘FINAL’) FRONTIER OF ARTIFICIAL The week of April 19 was an eventful one for practitioners following the evolution of potential artificial intelligence (AI) enforcement both in the United States and abroad, answering some questions regarding which regulators were going to take a more active and prospective role in regulating and advising on AI use and what those roles might look like. FEDERAL LAW NO. 242-FZ Back in July, President Vladimir Putin signed a law (Federal Law No. 242-FZ) that compels “data operators” to store Russian citizens’ personal data only inside Russia. Previously, Russian law allowed the storage of data relating to Russian citizens to be located on servers in foreign countries. Under the new law, companies that collect THE WASHINGTON PRIVACY ACT IS BACK Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
NYDFS | DATA COUNSEL March is now here and with it the Cybersecurity Regulation of the New York Department of Financial Services (NYDFS) is now in full force and effect, including requirements relating to Third Party Service Providers (e.g., vendors, suppliers, agents). CONTEXT MATTERS: AN ‘ESTABLISHED BUSINESS RELATIONSHIP A federal court has ruled that an “established business relationship” can be created during a call, even if that call is a “telephone solicitation” that violatesJAMES A. SHERER
By Melinda L. McLellan and James A. Sherer on May 22, 2017 Posted in Cybersecurity, Data Breaches, Incident Response, Ransomware. In our 2017 BakerHostetler Data Security Incident Response Report, we addressed the increasingly ubiquitous scourge of ransomware, one of the fastest-growing types of malware causing data security incidents.DATA COUNSEL
The FTC’s guidance begins with the data, and the 2016 guidance on big data and subsequent AI development addresses this most directly. The 2020 guidance then highlights important principles such as transparency, explain-ability, fairness, accuracy and accountability for organizations to consider. And the 2021 guidance elaborates on how SURVIVING THE PANDEMIC: YES, YOU MAY HAVE TO PAY A RANSOM Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
WAS OFAC'S ADVISORY AN OCTOBER SURPRISE OR MORE OF THE In 2018, the average ransom amount was $28,920. In 2019, the average ransom amount increased to $302,539. Ransom demands have continued to grow in 2020, and as our next report will reflect, we are seeing demands in excess of $50 million. Exfiltration is an issue in a growing number of incidents (whereas only 6% of ransomware incidentsin 2019
KEY CHANGES TO NEW YORK BREACH NOTIFICATION AND DATA The New York SHIELD Act, officially titled the Stop Hacks and Improve Electronic Data Security Act, amends New York’s existing data breach notification law in several significant ways and adds a number of data security protection requirements. The amended data breach notification obligations went into effect on Oct. 23, 2019, with the data security requirements going into effect on THE NEW (IF DECIDEDLY NOT ‘FINAL’) FRONTIER OF ARTIFICIAL The week of April 19 was an eventful one for practitioners following the evolution of potential artificial intelligence (AI) enforcement both in the United States and abroad, answering some questions regarding which regulators were going to take a more active and prospective role in regulating and advising on AI use and what those roles might look like. FEDERAL LAW NO. 242-FZ Back in July, President Vladimir Putin signed a law (Federal Law No. 242-FZ) that compels “data operators” to store Russian citizens’ personal data only inside Russia. Previously, Russian law allowed the storage of data relating to Russian citizens to be located on servers in foreign countries. Under the new law, companies that collect THE WASHINGTON PRIVACY ACT IS BACK Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
NYDFS | DATA COUNSEL March is now here and with it the Cybersecurity Regulation of the New York Department of Financial Services (NYDFS) is now in full force and effect, including requirements relating to Third Party Service Providers (e.g., vendors, suppliers, agents). CONTEXT MATTERS: AN ‘ESTABLISHED BUSINESS RELATIONSHIP A federal court has ruled that an “established business relationship” can be created during a call, even if that call is a “telephone solicitation” that violatesJAMES A. SHERER
By Melinda L. McLellan and James A. Sherer on May 22, 2017 Posted in Cybersecurity, Data Breaches, Incident Response, Ransomware. In our 2017 BakerHostetler Data Security Incident Response Report, we addressed the increasingly ubiquitous scourge of ransomware, one of the fastest-growing types of malware causing data security incidents.DATA COUNSEL
The FTC’s guidance begins with the data, and the 2016 guidance on big data and subsequent AI development addresses this most directly. The 2020 guidance then highlights important principles such as transparency, explain-ability, fairness, accuracy and accountability for organizations to consider. And the 2021 guidance elaborates on how| DATA COUNSEL
As reflected in our 2021 Data Security Incident Response Report 2020 saw a sharp spike in the number of incidents involving vendors, which amounted to over 25 percent of the total incidents handled in 2020, and the trend is continuing well into 2021. DSIR 2021 | DATA COUNSEL Posted in Data Security Incident Response. Our 2021 Data Security Incident Response Report discussed the challenges that organizations are facing with forensic investigations and ransomware recovery in the work-from-home world. Some of the greatest difficulties our clients encountered in the past year involved key components of incident ALGORITHMS | DATA COUNSEL The New (if Decidedly Not ‘Final’) Frontier of Artificial Intelligence Regulation. By James A. Sherer, Chad Rutkowski, Stanton Burke and Nichole Sterling on April 27, 2021. Posted in AI. The week of April 19 was an eventful one for practitioners following the evolution of potential artificial intelligence (AI) enforcement bothin the United
EDPB | DATA COUNSEL
Posted in GDPR. Key Takeaways From the European Data Protection Board’s New Guidance In November 2019, the European Data Protection Board (EDPB) issued its final guidance on territorial scope of the General Data Protection Regulation (GDPR), following release of the draft guidelines in November 2018 and a lengthy public consultationperiod.
KEY CHANGES TO NEW YORK BREACH NOTIFICATION AND DATA The New York SHIELD Act, officially titled the Stop Hacks and Improve Electronic Data Security Act, amends New York’s existing data breach notification law in several significant ways and adds a number of data security protection requirements. The amended data breach notification obligations went into effect on Oct. 23, 2019, with the data security requirements going into effect on THE NEW (IF DECIDEDLY NOT ‘FINAL’) FRONTIER OF ARTIFICIAL The week of April 19 was an eventful one for practitioners following the evolution of potential artificial intelligence (AI) enforcement both in the United States and abroad, answering some questions regarding which regulators were going to take a more active and prospective role in regulating and advising on AI use and what those roles might look like. CARES ACT SIGNIFICANTLY REVISES PART 2 RULES TO BETTER CARES Act Significantly Revises Part 2 Rules to Better Align with HIPAA. On March 27, 2020, President Trump signed the Coronavirus Aid, Relief, and Economic Security Act (the “CARES Act”) into law. While the focus of the CARES Act has been on direct financial aid to Americans, the Act also contains a number of material revisions to the NEW EDPB DRAFT GUIDANCE PROVIDES PRACTICAL SCENARIOS FOR Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
CJEU | DATA COUNSEL
On January 10, Advocate General Maciej Szpunar released an opinion recommending that Google and other search engines should not be forced to apply the EU’s “right to be forgotten” beyond the EU. The advocates general assist the judges of the Court of Justice of the European Union (CJEU), providing independent legal solutions to issuesDATA COUNSEL
The FTC’s guidance begins with the data, and the 2016 guidance on big data and subsequent AI development addresses this most directly. The 2020 guidance then highlights important principles such as transparency, explain-ability, fairness, accuracy and accountability for organizations to consider. And the 2021 guidance elaborates on how SURVIVING THE PANDEMIC: YES, YOU MAY HAVE TO PAY A RANSOM Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
WAS OFAC'S ADVISORY AN OCTOBER SURPRISE OR MORE OF THEFINCEN RANSOMWARE ADVISORYOFAC ADVISORYOFAC ADVISORY RANSOMWAREOFAC SHIPPINGADVISORY
In 2018, the average ransom amount was $28,920. In 2019, the average ransom amount increased to $302,539. Ransom demands have continued to grow in 2020, and as our next report will reflect, we are seeing demands in excess of $50 million. Exfiltration is an issue in a growing number of incidents (whereas only 6% of ransomware incidentsin 2019
KEY CHANGES TO NEW YORK BREACH NOTIFICATION AND DATA The New York SHIELD Act, officially titled the Stop Hacks and Improve Electronic Data Security Act, amends New York’s existing data breach notification law in several significant ways and adds a number of data security protection requirements. The amended data breach notification obligations went into effect on Oct. 23, 2019, with the data security requirements going into effect on THE NEW (IF DECIDEDLY NOT ‘FINAL’) FRONTIER OF ARTIFICIAL The week of April 19 was an eventful one for practitioners following the evolution of potential artificial intelligence (AI) enforcement both in the United States and abroad, answering some questions regarding which regulators were going to take a more active and prospective role in regulating and advising on AI use and what those roles might look like. FEDERAL LAW NO. 242-FZ Back in July, President Vladimir Putin signed a law (Federal Law No. 242-FZ) that compels “data operators” to store Russian citizens’ personal data only inside Russia. Previously, Russian law allowed the storage of data relating to Russian citizens to be located on servers in foreign countries. Under the new law, companies that collect THE WASHINGTON PRIVACY ACT IS BACK Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
NYDFS | DATA COUNSEL March is now here and with it the Cybersecurity Regulation of the New York Department of Financial Services (NYDFS) is now in full force and effect, including requirements relating to Third Party Service Providers (e.g., vendors, suppliers, agents). CONTEXT MATTERS: AN ‘ESTABLISHED BUSINESS RELATIONSHIPTCPA BUSINESS RELATIONSHIP EXCEPTIONESTABLISHED BUSINESS RELATIONSHIP TCPABUSINESS PLAN FOR ESTABLISHED BUSINESSBUYING AN ESTABLISHED BUSINESSSAMPLE LETTER TO ESTABLISH RELATIONSHIPWHEN WAS MY BUSINESS ESTABLISHED A federal court has ruled that an “established business relationship” can be created during a call, even if that call is a “telephone solicitation” that violatesJAMES A. SHERER
By Melinda L. McLellan and James A. Sherer on May 22, 2017 Posted in Cybersecurity, Data Breaches, Incident Response, Ransomware. In our 2017 BakerHostetler Data Security Incident Response Report, we addressed the increasingly ubiquitous scourge of ransomware, one of the fastest-growing types of malware causing data security incidents.DATA COUNSEL
The FTC’s guidance begins with the data, and the 2016 guidance on big data and subsequent AI development addresses this most directly. The 2020 guidance then highlights important principles such as transparency, explain-ability, fairness, accuracy and accountability for organizations to consider. And the 2021 guidance elaborates on how SURVIVING THE PANDEMIC: YES, YOU MAY HAVE TO PAY A RANSOM Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
WAS OFAC'S ADVISORY AN OCTOBER SURPRISE OR MORE OF THEFINCEN RANSOMWARE ADVISORYOFAC ADVISORYOFAC ADVISORY RANSOMWAREOFAC SHIPPINGADVISORY
In 2018, the average ransom amount was $28,920. In 2019, the average ransom amount increased to $302,539. Ransom demands have continued to grow in 2020, and as our next report will reflect, we are seeing demands in excess of $50 million. Exfiltration is an issue in a growing number of incidents (whereas only 6% of ransomware incidentsin 2019
KEY CHANGES TO NEW YORK BREACH NOTIFICATION AND DATA The New York SHIELD Act, officially titled the Stop Hacks and Improve Electronic Data Security Act, amends New York’s existing data breach notification law in several significant ways and adds a number of data security protection requirements. The amended data breach notification obligations went into effect on Oct. 23, 2019, with the data security requirements going into effect on THE NEW (IF DECIDEDLY NOT ‘FINAL’) FRONTIER OF ARTIFICIAL The week of April 19 was an eventful one for practitioners following the evolution of potential artificial intelligence (AI) enforcement both in the United States and abroad, answering some questions regarding which regulators were going to take a more active and prospective role in regulating and advising on AI use and what those roles might look like. FEDERAL LAW NO. 242-FZ Back in July, President Vladimir Putin signed a law (Federal Law No. 242-FZ) that compels “data operators” to store Russian citizens’ personal data only inside Russia. Previously, Russian law allowed the storage of data relating to Russian citizens to be located on servers in foreign countries. Under the new law, companies that collect THE WASHINGTON PRIVACY ACT IS BACK Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
NYDFS | DATA COUNSEL March is now here and with it the Cybersecurity Regulation of the New York Department of Financial Services (NYDFS) is now in full force and effect, including requirements relating to Third Party Service Providers (e.g., vendors, suppliers, agents). CONTEXT MATTERS: AN ‘ESTABLISHED BUSINESS RELATIONSHIPTCPA BUSINESS RELATIONSHIP EXCEPTIONESTABLISHED BUSINESS RELATIONSHIP TCPABUSINESS PLAN FOR ESTABLISHED BUSINESSBUYING AN ESTABLISHED BUSINESSSAMPLE LETTER TO ESTABLISH RELATIONSHIPWHEN WAS MY BUSINESS ESTABLISHED A federal court has ruled that an “established business relationship” can be created during a call, even if that call is a “telephone solicitation” that violatesJAMES A. SHERER
By Melinda L. McLellan and James A. Sherer on May 22, 2017 Posted in Cybersecurity, Data Breaches, Incident Response, Ransomware. In our 2017 BakerHostetler Data Security Incident Response Report, we addressed the increasingly ubiquitous scourge of ransomware, one of the fastest-growing types of malware causing data security incidents.DATA COUNSEL
The FTC’s guidance begins with the data, and the 2016 guidance on big data and subsequent AI development addresses this most directly. The 2020 guidance then highlights important principles such as transparency, explain-ability, fairness, accuracy and accountability for organizations to consider. And the 2021 guidance elaborates on how| DATA COUNSEL
As reflected in our 2021 Data Security Incident Response Report 2020 saw a sharp spike in the number of incidents involving vendors, which amounted to over 25 percent of the total incidents handled in 2020, and the trend is continuing well into 2021. DSIR 2021 | DATA COUNSEL Posted in Data Security Incident Response. Our 2021 Data Security Incident Response Report discussed the challenges that organizations are facing with forensic investigations and ransomware recovery in the work-from-home world. Some of the greatest difficulties our clients encountered in the past year involved key components of incident ALGORITHMS | DATA COUNSEL The New (if Decidedly Not ‘Final’) Frontier of Artificial Intelligence Regulation. By James A. Sherer, Chad Rutkowski, Stanton Burke and Nichole Sterling on April 27, 2021. Posted in AI. The week of April 19 was an eventful one for practitioners following the evolution of potential artificial intelligence (AI) enforcement bothin the United
EDPB | DATA COUNSEL
Posted in GDPR. Key Takeaways From the European Data Protection Board’s New Guidance In November 2019, the European Data Protection Board (EDPB) issued its final guidance on territorial scope of the General Data Protection Regulation (GDPR), following release of the draft guidelines in November 2018 and a lengthy public consultationperiod.
KEY CHANGES TO NEW YORK BREACH NOTIFICATION AND DATA The New York SHIELD Act, officially titled the Stop Hacks and Improve Electronic Data Security Act, amends New York’s existing data breach notification law in several significant ways and adds a number of data security protection requirements. The amended data breach notification obligations went into effect on Oct. 23, 2019, with the data security requirements going into effect on THE NEW (IF DECIDEDLY NOT ‘FINAL’) FRONTIER OF ARTIFICIAL The week of April 19 was an eventful one for practitioners following the evolution of potential artificial intelligence (AI) enforcement both in the United States and abroad, answering some questions regarding which regulators were going to take a more active and prospective role in regulating and advising on AI use and what those roles might look like. CARES ACT SIGNIFICANTLY REVISES PART 2 RULES TO BETTER CARES Act Significantly Revises Part 2 Rules to Better Align with HIPAA. On March 27, 2020, President Trump signed the Coronavirus Aid, Relief, and Economic Security Act (the “CARES Act”) into law. While the focus of the CARES Act has been on direct financial aid to Americans, the Act also contains a number of material revisions to the NEW EDPB DRAFT GUIDANCE PROVIDES PRACTICAL SCENARIOS FOR Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world addresstheir most
CJEU | DATA COUNSEL
On January 10, Advocate General Maciej Szpunar released an opinion recommending that Google and other search engines should not be forced to apply the EU’s “right to be forgotten” beyond the EU. The advocates general assist the judges of the Court of Justice of the European Union (CJEU), providing independent legal solutions to issuesDATA COUNSEL
COMMENTARY ADDRESSING RISKS AND OPPORTUNITIES THROUGH THE LIFECYCLE OF DATA, TECHNOLOGY, ADVERTISING AND INNOVATION* __
* __
* __
* __
* __
* __
__ MENU
* Home
* About
* Services
* Contributors
* Contact
* Subscribe
*
DRAMATIC INCREASE IN THE NUMBER OF THIRD-PARTY VENDOR INCIDENTS EMPHASIZES THE NEED FOR BETTER VENDOR DUE DILIGENCE PROCESSESBy Sara Goldstein
and David Kitchen
on June 3, 2021 Posted in Third-Party Vendor Incidents As reflected in our 2021 Data Security Incident Response Report 2020 saw a sharp spike in the number of incidents involving vendors, which amounted to over 25 percent of the total incidents handled in 2020, and the trend is continuing well into 2021. This spike resulted from companies’ increased reliance on vendors to carry out tasks involving personal information, along with an increased focus by threat actors on such high-value targets. Vendor incidents involved entities in all industry segments but were particularly pronounced in the education and healthcare sectors. Vendor incidents involved phishing schemes and inadvertent disclosures but primarily resulted from ransomware attacks. These ransomware attacks typically involve malware that spreads from the vendor to the customer’s environment by utilizing the vendor’s own credentials or the theft of customer data from a vendor’s environment – a continuation of the general rise of ransomware extortion that BakerHostetler saw throughout the year.
In some ransomware attacks, if a vendor did not pay the ransom, a threat actor would contact the vendor’s clients to disclose what data was taken. Continue Reading Tags: 2021 Data Security Incident Response Report, DSIR, Third-Party VendorIncidents
Comment
Tweet
Like
Email LinkedIn
CONGRATULATIONS TO SARA GOLDSTEIN – A 2021 LAW360 RISING STAR! By Theodore J. Kobus III on June 1, 2021 Posted inCybersecurity
Sara Goldstein has been named to Law360’s 2021 list of “Top Attorneys Under 40,” for her career accomplishments in the Cybersecurity & Privacy practice area. Only 180 attorneys nationwide were recognized for what Law360 describes as “legal accomplishments that transcend their age.” Sara focuses her practice on legal issues related to data privacy and security and has advised clients on responding to hundreds of cybersecurity and data privacy incidents, including several of the largest data breaches to date. Read the article (registration required).
Comment
Tweet
Like
Email LinkedIn
WELCOME TO THE DIGITAL TRANSFORMATION AND DATA ECONOMY NEWSLETTER –MAY 2021 ISSUE
By Chad
Rutkowski on May 28, 2021 Posted in Pivot. Accelerate. Transform. At the heart of digital transformation is disruption. That doesn’t always mean the kind of “disruption” that is the darling of VCs and technology blogs. Sometimes, it just means chaos. The sudden influx of software and data issues to a company or organization that is accustomed to a highly regularized way of doing business can set companies scrambling.Read More
.
Tags: Digital Transformation and Data Economy, Pivot. Accelerate. Transform.Comment
Tweet
Like
Email LinkedIn
EVERYWHERE COMMERCE: TOP STRATEGIES FOR MITIGATING RISK By Randal M. Shaheen, Amy Ralph Mudge
and Linda A. Goldstein on May 27, 2021 Posted inAdvertising
Recent changes to our way of living have made it clear just how important it is for marketers and retailers to be thinking about the convergence of brand experience and commerce and redefining how consumers shop and interact with brands online. Join us virtually from 11-3:30 ET on June 15-16 for an opportunity to connect with peers and learn from business leaders and regulators as our advertising, digital risk advisory and cybersecurity, and class action defense teams host a mix of engaging panels and breakout sessions that will cover the latest developments, enforcement trends, and risk mitigation strategies. Approved for 8.0 hours CLE credit.Read more
.
Tags: advertising,
CLE,
webinar
Comment
Tweet
Like
Email LinkedIn
THE NOT-SO-HIDDEN FTC GUIDANCE ON ORGANIZATIONAL USE OF ARTIFICIAL INTELLIGENCE (AI), FROM DATA GATHERING THROUGH MODEL AUDITSBy James A. Sherer
, Nichole Sterling
and Stanton Burke
on May 24, 2021 Posted in AI Our last AI post on this blog, the New (if Decidedly Not ‘Final’) Frontier of Artificial Intelligence Regulation,
touched on both the Federal Trade Commission’s (FTC) April 19, 2021,AI guidance
and the European Commission’s proposed AI Regulation.
The FTC’s 2021 guidance referenced, in large part, the FTC’s April 2020 post “Using Artificial Intelligence and Algorithms.” The
recent FTC guidance also relied on older FTC work on AI, including a January 2016 report, “Big Data: A Tool for Inclusion or Exclusion?,”
which in turn followed a September 15, 2014, workshop on the same topic. The Big Data workshop addressed data modeling, data mining and analytics, and gave us a prospective look at what would become an FTCstrategy on AI.
The FTC’s guidance begins with the data, and the 2016 guidance on big data and subsequent AI development addresses this most directly. The 2020 guidance then highlights important principles such as transparency, explain-ability, fairness, accuracy and accountability for organizations to consider. And the 2021 guidance elaborates on how consent, or opt-in, mechanisms work when an organization is gathering the data used for model development. Taken together, the three sets of FTC guidance — the 2021, 2020, and 2016 guidance ― provide insight into the FTC’s approach to organizational use of AI, which spans a vast portion of the data life cycle, including the creation, refinement, use and back-end auditing of AI. As a whole, the various pieces of FTC guidance also provide a multistep process for what the FTC appears to view as responsible AI use. In this post, we summarize our takeaways from the FTC’s AI guidance across the data life cycle to provide a practical approach to responsible AI deployment.DATA GATHERING
– Evaluation of a data set should assess the quality of the data (including accuracy, completeness and representativeness) ― and if the data set is missing certain population data, the organization must take appropriate steps to address and remedy that issue (2016). – An organization must honor promises made to consumers and provide consumers with substantive information about the organization’s data practices when gathering information for AI purposes (2016). Any related opt-in mechanisms for such data gathering must operate as disclosed to consumers (2021).DATA COMPILATION
– An organization should recognize the data compilation step as a “descriptive activity,” which the FTC defines as a process aimed at uncovering and summarizing “patterns or features that exist in data sets” — a reference to data mining scholarship (2016) (note that the FTC’s referenced materials originally at mmds.org are nowredirected).
– Compilation efforts should be organized around a life cycle model that provides for compilation and consolidation before moving on to data mining, analytics and use (2016). – An organization must recognize that there may be uncorrected biases in underlying consumer data that will surface in a compilation; therefore, an organization should review data sets to ensure hidden biases are not creating unintended discriminatory impacts (2016). – An organization should maintain reasonable security over consumerdata (2016).
– If data are collected from individuals in a deceitful or otherwise inappropriate manner, the organization may need to delete the data(2021).
MODEL AND AI APPLICATION SELECTION – An organization should recognize the model and AI application selection step as a predictive activity, where an organization is using “statistical models to generate new data” — a reference to predictive analytics scholarship(2016).
– An organization must determine if a proposed data model or application properly accounts for biases (2016). Where there are shortcomings in the data model, the model’s use must be accordinglylimited (2021).
– Organizations that build AI models may “not sell their big data analytics products to customers if they know or have reason to know that those customers will use the products for fraudulent or discriminatory purposes.” An organization must, therefore, evaluate potential limitations on the provision or use of AI applications to ensure there is a “permissible purpose” for the use of theapplication (2016).
– Finally, as a general rule, the FTC asserts that under the FTC Act, a practice is patently unfair if it causes more harm than good(2021).
MODEL DEVELOPMENT
– Organizations must design models to account for data gaps (2021). – Organizations must consider whether their reliance on particular AI models raises ethical or fairness concerns (2016). – Organizations must consider the end uses of the models and cannot create, market or sell “insights” used for fraudulent or discriminatory purposes (2016). MODEL TESTING AND REFINEMENT – Organizations must test the algorithm before use (2021). This testing should include an evaluation of AI outcomes (2020). – Organizations must consider prediction accuracy when using “bigdata” (2016).
– Model evaluation must focus on both inputs AND AI models may not discriminate against a protected class (2020). – Input evaluation should include considerations of ethnically based factors or proxies for such factors. – Outcome evaluation is critical for all models, including faciallyneutral models.
– Model evaluation should consider alternative models, as the FTC can challenge models if a less discriminatory alternative would achieve the same results (2020). – If data are collected from individuals in a deceptive, unfair, or illegal manner, deletion of any AI models or algorithms developed from the data may also be required (2021). FRONT-END CONSUMER AND USER DISCLOSURES – Organizations must be transparent and not mislead consumers “about the nature of the interaction” ― and not utilize fake “engager profiles” as part of their AI services (2020). – Organizations cannot exaggerate an AI model’s efficacy or misinform consumers about whether AI results are fair or unbiased. According to the FTC, deceptive AI statements are actionable (2021). – If algorithms are used to assign scores to consumers, an organization must disclose key factors that affect the score, rank-ordered according to importance (2020). – Organizations providing certain types of reports through AI services must also provide notices to the users of such reports(2016).
– Organizations building AI models based on consumer data must, at least in some circumstances, allow consumers access to the information supporting the AI models (2016). BACK-END CONSUMER AND USER DISCLOSURES – Automated decisions based on third-party data may require the organization using the third-party data to provide the consumer with an “adverse action” notice (for example, if under the Fair Credit Reporting Act 15 U.S.C. § 1681 (Rev. Sept. 2018),
such decisions deny an applicant an apartment or charge them a higherrent) (2020).
– General “you don’t meet our criteria” disclosures are not sufficient. The FTC expects end users to know WHAT specific data are used in the AI model and HOW the data are used by the AI model to makea decision (2020).
– Organizations that change specific terms of deals based on automated systems must disclose the changes and reasoning to consumers(2020).
– Organizations should provide consumers with an opportunity to amend or supplement information used to make decisions about them (2020) and allow consumers to correct errors or inaccuracies in their personal information (2016).MODEL DEPLOYMENT
– When deploying models, organizations must confirm that the AI models have been validated to ensure they work as intended and do not illegally discriminate (2020). – Organizations must carefully evaluate and select an appropriate AI accountability mechanism, transparency framework and/or independent standard, and implement as applicable (2020). – An organization should determine the fairness of an AI model by examining whether the particular model causes, or is likely to cause, substantial harm to consumers that is not reasonably avoidable and not outweighed by countervailing benefits (2021).MODEL AUDIT
– Organizations must test AI models periodically to revalidate that they function as intended (2020) and to ensure a lack of discriminatory effects (2021). – Organizations must account for compliance, ethics, fairness and equality when using AI models, taking into account four key questions(2016; 2020):
– How representative is the data set? – Does the AI model account for biases? – How accurate are the AI predictions? – Does the reliance on the data set raise ethical or fairnessconcerns?
– Organizations must embrace transparency and independence, which can be achieved in part through the following (2021): – Using independent, third-party audit processes and auditors, which are immune to the intent of the AI model. – Ensuring data sets and AI source code are open to externalinspection.
– Applying appropriate recognized AI transparency frameworks, accountability mechanisms and independent standards. – Publishing the results of third-party AI audits. – Organizations remain accountable throughout the AI data life cycle under the FTC’s recommendations for AI transparency and independence(2021).
Tags: AI, Algorithms,Artificial
Intelligence
Comment
Tweet
Like
Email LinkedIn
PODCAST: AD-TTORNEYS@LAW: THE FUTURE OF CONSUMER REDRESS AFTER SUPREMES RULE IN AMG CAPITAL MANAGEMENT V. FTC By Randal M. Shaheen on May 19, 2021 Posted inPodcast
In a highly anticipated recent Supreme Court decision in the case of AMG Capital Management v. FTC, the court ruled in favor of putting the brakes on consumer redress and the commission’s ability to protect consumers from unfair or deceptive practices in the marketplace. BakerHostetler partner Randy Shaheen discusses the ramifications. Questions and Comments: rshaheen@bakerlaw.com Listen to the episode.
SUBSCRIBE TO BAKERHOSTSAPPLE PODCAST
PODCAST
| IHEARTRADIO
| SPOTIFY
| STITCHER
| TUNEIN
DOWNLOAD EPISODE TRANSCRIPT Tags: Consumer Redress,Podcast,
SCOTUS
Comment
Tweet
Like
Email LinkedIn
INCIDENT RESPONSE AND FORENSIC CHALLENGES IN A WORK-FROM-HOME WORLD By Joseph L. Bruemmer on May 18, 2021 Posted in Data Security Incident Response Our 2021 Data Security Incident Response Report discussed the challenges that organizations are facing with forensic investigations and ransomware recovery in the work-from-home world. Some of the greatest difficulties our clients encountered in the past year involved key components of incident response — communicating with employees, resetting remote user passwords, and deploying endpoint detection and response (EDR) tools at scale. There are steps that organizations can (and should) take to put themselves in a position to respond to incidents efficiently and effectively in a remote-workparadigm.
First, as part of your incident response plan (IRP), identify the partners you are going to engage to help you respond to an incident. The top three are your legal counsel, forensic firm, and recovery support or “helping hands” provider. Your carrier likely has an approved panel of providers for some or all of these services. Research who they are, include their contact information in your IRP, and maintain a copy of your IRP off your network. Continue Reading Tags: 2021 Data Security Incident Response Report, DSIR 2021, IncidentResponse,
IRP, Work-From-HomeComment
Tweet
Like
Email LinkedIn
EXECUTIVE ORDER ON IMPROVING THE NATION’S CYBERSECURITY: WHAT DOES IT MEAN FOR BUSINESS?By Sara Goldstein
and Jessica Lowery
on May 13, 2021 Posted inCybersecurity
In response to recent highly publicized cybersecurity incidents, President Biden signed an Executive Order on May 12, 2021, that contains eight key initiatives aimed at modernizing the federal government’s response to cyberattacks. Although the initiatives outlined in the Executive Order only apply to federal contractors (many of which already comply with agency-specific cybersecurity rules), all companies and organizations should pay attention to them, as they could be used as models for other laws and as the “baseline” for what security measures businesses will be expected to implement. REMOVING BARRIERS TO SHARING THREAT INFORMATION / NATIONAL SECURITYSYSTEMS
_Overview:_ The Executive Order calls for updates to federal information technology and operational technology service contract terms to allow federal contractors to share threat intelligence and information about cybersecurity incidents with different federal agencies. Specifically, the Executive Order is asking that such contracts be designed to ensure that these contractors “collect and preserve data, information, and reporting relevant to cybersecurity event prevention, detection, response, and investigation on all information systems over which they have control, including systems operated on behalf of agencies.” Continue Reading Tags: Biden Administration,cybersecurity,
executive order
Comment
Tweet
Like
Email LinkedIn
THE SCOURGE OF RANSOMWAREBy Craig A. Hoffman
and Elise Elam
on May 13, 2021 Posted in Data Security Incident Response Our 2021 Data Security Incident Response Report (DSIR) described ransomware as a scourge. There are stories every day about new threat actor groups and their victims. There are task forces, law enforcement initiatives, discussions by legislators about laws to help address the problem, and real-world impact from operational disruption (such as panic-buying of gas). Most organizations are aware of the risk of ransomware and the need to prepare for an event. But organizations that have not experienced a ransomware event are uncertain about what actually occurs, which hinders preparation. Building a ransomware playbook and conducting a tabletop exercise facilitated by a person experienced in responding to ransomware events are good preparation measures. To help with both, you can use the ransomware matter data from the DSIR and the list of considerations an organization facing a ransomware attack may have to address all at once on the first day of a ransomware matter. ContinueReading
Tags: 2021 Data Security Incident Response Report,DSIR, Ransomware
Comment
Tweet
Like
Email LinkedIn
CONGRATULATIONS TO SARA GOLDSTEIN, A 2021 PROFESSIONAL EXCELLENCEAWARD WINNER!
By Theodore J. Kobus III on May 4, 2021 Posted inPrivacy
Sara was recognized as part of the 2021 class of Professional Excellence Award winners by _The Legal Intelligencer_. The honorees were chosen based on a variety of factors, including service to the bar, peer recognition, distinctions and accomplishments, thought leadership, and other legal work of note.Read more
.
Comment
Tweet
Like
Email LinkedIn
Older Posts __
STAY CONNECTED
* __
* __
* __
* __
* __Subscribe By Email Your website urlProcessing…
BREACH NOTIFICATION LAW INTERACTIVE MAP EU GDPR DATA BREACH NOTIFICATION RESOURCE MAP 2021 BAKERHOSTETLER DATA SECURITY INCIDENT RESPONSE REPORTTOPICS
Topics Select Category Advertising AI Antitrust Application Security Automotive Industry Behavioral Advertising Big Data Biometrics Blockchain Breach Notification CBD CCPA CDPA Children’s Privacy Cloud Computing Consumer Data CPRA Cybersecurity Data Analytics Data Breach Notification Laws Data Breaches Data Counsel Data Protection Data Security Incident Response Digital Transformation Education Emerging Technology Enforcement EU EU-U.S. Privacy Shield Framework Events Federal Legislation Financial Privacy Forensics GDPR Geolocation Healthcare HHS HIPAA/HITECH Identity Theft Incident Response Information Governance Information Security Infrastructure International Privacy Law Internet of Things Malware Marketing Medical Privacy Mobile Privacy News Online Privacy Payment Card Industry Phishing Pivot. Accelerate. Transform. Podcast Privacy Privacy by Design Privacy Class Actions Privacy Litigation Ransomware Retail Industry Risk Assessments Social Media State Legislation Supply Chain Tax Telephone Consumer Protection Act Third-Party Vendor Incidents Virtual Currency Weekly Privacy Rewind Wire Fraud Workplace PrivacyARCHIVES
Archives Select Month June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 BAKERHOSTETLER BLOGS * AD-ttorneys Law Blog * Antitrust Advocate * The Blockchain Monitor * Class Action Lawsuit Defense * Discovery Advocate * Employment Class Action Blog * Employment Law Spotlight* Health Law Update
* IP Intelligence Report* Ohio Clock
* WealthDirector
RECENT UPDATES
* Dramatic Increase in the Number of Third-Party Vendor Incidents Emphasizes the Need for Better Vendor Due Diligence Processes * Congratulations to Sara Goldstein – a 2021 Law360 Rising Star! * Welcome to the Digital Transformation and Data Economy Newsletter– May 2021 Issue
* Everywhere Commerce: Top Strategies for Mitigating Risk * The Not-So-Hidden FTC Guidance on Organizational Use of Artificial Intelligence (AI), from Data Gathering Through Model AuditsDATA COUNSEL
Atlanta,
Chicago,
Cincinnati,
Cleveland,
Columbus,
Costa Mesa,
Dallas,
Denver,
Houston,
Los Angeles,
New York,
Orlando,
Philadelphia,
San Francisco,
Seattle,
Washington, DC
* __
* __
* __
* __
* Privacy Policy |
* Service Terms |
* Infringements |
* About Ads |
* Disclaimer
ABOUT BAKERHOSTETLER Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world address their most complex and critical business and regulatory issues. With six core practice groups — Business, Digital Assets and Data Management, Intellectual Property, Labor and Employment, Litigation, and Tax — the firm has nearly 1,000 lawyers located coast to coast. For more information, visit bakerlaw.com . Copyright © 2021 Baker & Hostetler LLP. All Rights Reserved. Strategy, design, marketing & support by LexBlogCOOKIE PREFERENCES
When you visit our website, we and third parties store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we and third parties are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). If you click on the “Cookie Preferences opt-out” heading below you can learn more about Performance Cookies and Targeting cookies, and opt-out of one or both of these non-necessary categories. Or, you can just toggle slide the toggle next to the “Cookie Preferences opt-out” heading to opt-out of both. More informationAllow All
DO NOT SELL PREFERENCES STRICTLY NECESSARY COOKIESAlways Active
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.Cookies Details
COOKIE PREFERENCES OPT-OUT Cookie Preferences Opt-out Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. We do not believe that we sell personal information. Although there is not yet an industry consensus, we do not believe that data collected by third-party cookies, such as those that enable personalization of your experience with targeted ads, constitute a sale by us of your personal information. However, you can block non-necessary third-party cookies, which may include some that collect, use, and/or share data for their own or third-party purposes (i.e., that are not operated by our service providers only to perform services for us) by using this toggle switch. If you opt out we will not be able to offer you personalized ads and some features and functionality of our website may not be available or perform as intended. Alternatively, you can opt-out of Performance Cookies or Targeting Cookies separately as noted below. For more information on cookies, additional choices available regarding cookies and the limitations of opting out, see our Privacy Policy and CA Privacy Notice.*
PERFORMANCE COOKIES
Switch Label
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors movearound the site.
*
TARGETING COOKIES
Switch Label
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targetedadvertising.
Cookies Details
BACK BUTTON BACK
Vendor Search Search IconFilter Icon
Clear
checkbox label labelApply Cancel
Consent Leg.Interest checkbox label label checkbox label label checkbox label label*
33ACROSS
HOST DESCRIPTION
VIEW COOKIES
*
Name
cookie name
Confirm My Choices
We use cookies for purposes such as to enhance user experience and to analyze performance and traffic on our website. Third parties may also use cookies in connection with our website for social media, advertising and analytics and other purposes. Click hereto view our
California Privacy Notice.Cookie Preferences
Details
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0