ETRM Group

05/23/2022

[Update Extract] On March 15, 2022, President Biden signed new bipartisan legislation which enacted the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). The new Act mandates that the Department of Homeland Security define Critical Infrastructure for purposes of reporting a significant cyber incident. CIRCIA also requires that covered incidents must be reported to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours.

Read the complete update from Kenya Dixon of the ETRM Group at https://buff.ly/3Pvr4Fr.

Governance

On March 15, 2022, President Biden signed new bipartisan legislation which enacted the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA).

05/20/2022

[Article Extract] TAR has been revolutionary for helping eDiscovery teams achieve better efficiency, but not all lawyers and firms are on board with the increasingly complex technology and its capabilities. Some lawyers can’t live without it, while others think it’s time the technology retires. Ultimately, it comes down to using the tool correctly. Like other technology solutions, TAR is intended to enhance, and it needs to be used correctly to see its benefits. (National Law Review)

Read the complete article at: https://www.natlawreview.com/article/what-technology-assisted-review-tar.

05/18/2022

[Article Extract] We’re all familiar with the importance of avoiding the inadvertent disclosure of attorney-client communications, work product or sensitive, proprietary or confidential business information. However, our obligations don’t end there. In addition to protecting this information, we also need to consider how to handle personal identifying information (“PII”).

Read the complete article at https://buff.ly/3lDV9oF.

We’re all familiar with the importance of avoiding the inadvertent disclosure of attorney-client communications, work product or sensitive,...

05/16/2022

[Article Extract] Privacy and online safety go hand in hand. And when you’re using the internet, it’s important to have control over how your sensitive, personally identifiable information can be found.

Open access to information is a key goal of Search, but so is empowering people with the tools they need to protect themselves and keep their sensitive, personally identifiable information private. That’s why we’re updating our policies to help people take more control of their online presence in Search.

Read the complete article at https://buff.ly/38w8GLl.

On Search, we’re updating our policies to allow people to request the removal of additional types of sensitive, personally identifiable information.

05/13/2022

[Alert Recommendations] MSPs and their Customers: The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities recommend MSPs and their customers implement the baseline security measures and operational controls listed in this section. Additionally, customers should ensure their contractual arrangements specify that their MSP implements these measures and controls. (CISA)

Read the complete alert at https://www.cisa.gov/uscert/ncas/alerts/aa22-131a.

05/11/2022

[Article Extract] It appears that the privacy tidal wave starting on the west coast has made its way eastward and continues to pave the way for other similarly-minded states to pass comprehensive privacy laws. Will this tidal wave spur Federal action to harmonize disparities amongst these laws?

Read the complete article athttps://www.jdsupra.com/legalnews/where-is-the-tipping-point-9219753/.

Connecticut becomes the fifth state to pass a comprehensive privacy law. Are you prepared for state privacy law compliance required in 2023?

05/09/2022

[Update Extract] A vulnerable spot in global commerce is the supply chain: It enables technology developers and vendors to create and deliver innovative products but can leave businesses, their finished wares, and ultimately their consumers open to cyberattacks. A new update to the National Institute of Standards and Technology’s (NIST’s) foundational cybersecurity supply chain risk management (C-SCRM) guidance aims to help organizations protect themselves as they acquire and use technology products and services.

Read the complete update at https://buff.ly/38XL6aG.

A new update to the National Institute of Standards and Technology’s foundational cybersecurity supply chain risk management (C-SCRM) guidance aims to help organizations protect themselves as they acquire and use technology products and services.

05/06/2022

[Article Extract] Although the United States allows substantial – some would argue excessive – discovery of data in civil litigation, the US Federal Rules of Civil Procedure provide mechanisms for limiting discovery, and courts use the protective order provisions of Rule 26(c) to protect privacy.

Read the complete article by David Horrigan and published by Artificial Lawyer at https://buff.ly/3KRvC5n.

By David Horrigan, Relativity. Many privacy advocates around the world applauded when Europe’s General Data Protection Regulation (GDPR) became effective in May 2018. The grand plan to harmonise an…

05/04/2022

[Article Extract} New cyber incident reporting rules are set to come into effect in the U.S. on May 1. Banks in the country will be required to notify regulators within the first 36 hours after an organization suffers a qualifying "computer-security incident." The regulation was first passed in November 2021. (Bank Info Security)

Read the complete article at https://buff.ly/3KGr9T6.

New cyber incident reporting rules are set to come into effect in the U.S. on May 1. Banks in the country will be required to notify regulators within 36 hours

05/02/2022

[Article Overview] Law firms, like all industries, should brace themselves for the aftershocks of the Russia-Ukraine conflict. From keeping up with government guidelines on Russian hacking tactics to never assuming you're safe, here are some precautions firms should take now to strengthen their cybersecurity.

Read the complete article at https://www.law.com/legaltechnews/2022/04/29/ukraine-russia-conflict-prep-4-ways-firms-should-strengthen-their-cybersecurity-efforts/.

Law firms, like all industries, should brace themselves for the aftershocks of the Russia-Ukraine conflict. From keeping up with government guidelines on Russian hacking tactics to never assuming you're safe, here are some precautions firms should take now to strengthen their cybersecurity.

01/08/2021

Take a look into some of the cyberattacks that the legal industry endured in 2020 to keep in mind as 2021 begins: https://www.law.com/legaltechnews/2020/12/29/a-difficult-year-the-cyberattacks-that-pervaded-the-legal-industry-in-2020/

A look back at the evolving cyberthreats, public breaches and eight-figure ransom demands that struck law firms, legal tech companies, bar exams and others in 2020.

01/07/2021

Here are some and cases to watch in 2021!

Class actions stemming from Marriott and Capital One's data breaches and facial recognition app Clearview AI's alleged privacy abuses top Law360's list of cybersecurity and privacy litigation to watch in 2021.