Author

Brian Hengesbaugh

Browsing

Adding to an emerging trend of federal cases addressing privilege in the context of forensic reports, the DC District Court ruled last month that forensic reports created in response to a cybersecurity incident were not subject to attorney-client privilege nor attorney work product protection because the reports were created in the ordinary course of business. This decision has significant implications for organizations preparing to respond to cybersecurity incidents and continues a pattern of increased scrutiny…

Brian Hengesbaugh and Partner Paul Glass dissect the recent guidance issued by the ICO in response to the SoldWinds cyber attack. Listen to hear: an overview of what the guidance sayswhy the ICO decided to release guidance in regards to this incidenthow companies should best approach the 72-hour notification rule https://open.spotify.com/episode/5ufO2qYMt4rPOQiVOKHo4n?si=ZMqpxKVpRvKsT8G7jo6o-A

Happy Data Protection Day! The 28 January each year is celebrated as Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2021, we have summarised some of the key trends and developments in the EU, UK and beyond from a data protection perspective and looking ahead to what to expect for 2021. You can jump to specific country…

Harry Valetk, a partner in our New York office, joins Brian Hengesbaugh to discuss the global privacy issues surrounding COVID-19 vaccinations. Tune in to hear: the immediate privacy issues to consider in regards to the vaccinewhether a privacy impact assessment is warrantedthe privacy perspective on employers mandating vaccination. https://open.spotify.com/episode/3WevOBKvsQ8pIb9aZMz0F2?si=nyOjalKeS7qLmn0MWdg3Aw

In the privacy world, there is no rest for the weary. In California, while most companies were just getting their programs running to address the California Consumer Privacy Act (“CCPA”), including some last minute changes to address the final version of the regulations issued in late fall 2020, the California Privacy Rights Act (“CPRA”) was officially certified on December 16, 2020 following voter approval in another privacy referendum in the November 2020 elections. CPRA sharpens…

Disruptive cyber-attacks aimed at supply chains are on the rise, as the recent SolarWinds security breach has so prominently brought to light. While your immediate IT infrastructure may not have been directly impacted by that breach, now may be a good time to check-in with you key service providers. If they host or in any way process digital assets on your behalf, there is reason for concern in light of the devastating SolarWinds security breach.…

Brian Hengesbaugh is joined by Jessica Nall, partner in Baker McKenzie’s San Francisco/Palo Alto office. Jessica and Brian discuss the series of cybersecurity incidents former giant Yahoo experienced in 2013 and 2014, and Jessica’s lessons learned as a lead attorney representing individuals in those cases in the following government investigations in 2016. Listen in to hear: What went wrong in the case, and why those failures remain relevant todayHow companies can avoid becoming a target…

Based on preliminary election results, Californians voted to enact the California Privacy Rights Act (“CPRA”), expanding and revising the California Consumer Privacy Act of 2018 (“CCPA”) effective January 1, 2023 with a one-year look-back to January 1, 2022 for some provisions. Companies around the world with business ties to California should start updating vendor contracts and prepare for new requirements under the statute and revised regulations to be issued by a new California Privacy Protection…

Partners Brian Hengesbaugh and Harry Valetk hosted Practising Law Institute’s Global Data Protection Boot Camp 2020. The program – now in its fifth year – brings together individuals charged with formulating their organization’s global privacy compliance strategy. Harry Valetk chaired the 4-hour* program, which has been designed to help privacy practitioners within every organization – legal, compliance, IT security, and audit –obtain practical information and gain insights into key substantive and procedural compliance recommendations in relation…

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued an advisory to alert companies about potential sanctions risks when making payments in response to ransomware attacks. The advisory is in response to the demand for ransomware payments during the COVID-19 pandemic as cyber criminals have severely debilitated systems that merchants rely on to continue to conduct business. A Threat to National Security Ransomware is a form of malicious software designed…