Author

Brian Hengesbaugh

Browsing

A flaw in a widely used software threatens system security and makes companies vulnerable to cyber threats. The Apache Software Foundation released an advisory that Apache Log4j versions up to and including 2.14.1 has a defect that may allow threat actors to execute arbitrary code and deploy viruses including ransomware on that IT infrastructure. Entities that directly or indirectly leverage this software should act with haste to mitigate the risk of a data incident. These…

In this episode of Connect On Tech, your host Brian Hengesbaugh is joined by Stephen Reynolds, data privacy and security partner in our Chicago office, to highlight developing trends surrounding the Log4j security vulnerability. In this episode, you will learn about: Log4j: what it is and why it’s importantWhat organizations should be doing to prepare for and prevent a security eventLegal risks and potential issues associated with this vulnerability https://open.spotify.com/episode/79ufz5Zr1z9MDDrCnbYdEm Want to Learn More?Stay tuned…

On Wednesday, October 6, 2021, Baker McKenzie partners Harry Valetk and Brian Hengesbaugh, Global Chair of the Firm’s Data Privacy & Security Business Unit, presented at the Global Data Protection Boot Camp 2021 hosted by the Practising Law Institute. The boot camp boasted an impressive line-up of data privacy experts from both government and industry to share practical insights. The half-day program was comprised of the following four segments: Introduction and Legislative Developments in Data Protection LawsNuts and Bolts…

As predicted in our Connect on Tech discussion in March, the U.S. Securities and Exchange Commission (“SEC”) is ramping up its examination and enforcement focus on cybersecurity at financial institutions, including scrutiny on actual implementation and deployment of published procedures in response to discovery of cyber breach incidents. Furthermore, the SEC appears to signal its expectation that multi-factor authentication (“MFA”) for email accounts containing sensitive client and customer information should be in place. Email Account…

Colorado has joined the growing list of US states passing new comprehensive privacy laws by enacting the Colorado Privacy Act (the “CPA”). Governor Jared Polis signed the CPA into law on July 7, 2021, making it the third comprehensive state privacy law enacted in the US. With other states also considering proposals on comprehensive privacy legislation, CPA is another signal that companies must be prepared for more (not less) privacy regulatory risks. Like the California…

In this Connect on Tech episode, Brian Hengesbaugh is joined by Ben Slinn to discuss the increased focus on and heightened protection around children’s data in the UK. Ben, a leading privacy attorney in our London office, reviews the new UK Age Appropriate Designs Code, intended to address key areas affecting data of children under the age of 18 with respect to online services. The Code, which companies are required to comply with from September 2, 2021, includes 15…

Brian Hengesbaugh and Julia Wilson, a leading employment and privacy partner in our London office, join for this episode of Connect on Tech to discuss privacy in the work place and key issues employers are facing.  In this podcast, Brian and Julia take a deep dive into four key areas employers must carefully navigate in the data and privacy realm – i) the processing of testing and vaccination data, ii) employee monitoring in various guises from clever…

*Article originally posted on IAPP.org* The European Commission recently issued its decision approving revised standard contractual clauses for data transfers to third countries in the official journal. The new SCCs arrive at a critical juncture in the regulation of cross-border data transfers, as there is significant uncertainty in the market around how to address cross-border data transfer restrictions. What is the legal context for the introduction of the new SCCs? The new SCCs are a…

The new standard contractual clauses for data transfers to third countries (“Ex-EU SCCs”) and standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”) issued by the European Commission provide for, both, chances and challenges for EU service providers supporting EU and non-EU customers, some of which are outlined below. 1. When do the Ex-EU SCCs apply? EU service providers supporting non-EU customers might want to enter into the new Ex-EU SCCs with…