TAG Southeastern Software Association: MegaTrends – Nov. 9th

November 9th, 2016
Data Security-Privacy

Join the TAG Southeastern Software Association and a panel of industry experts, including MMM’s Alex Woollcott, for the annual forum on the impact of emerging issues and trends in the software industry.

This conference will examine the two issues of the need for computer security versus the requirement to protect privacy of data and people’s information.

In today’s world, information security is a very significant issue technically and from

Read More


Brexit and EU Privacy

June 28th, 2016
Data Security-Privacy

By Paul Arne

The decision of the United Kingdom to leave the European Union certainly has raised a large number of questions about what things will look like both when and before the dust settles. One issue that will need to be resolved relates to personal privacy. After exit from the EU, will the UK’s laws related to privacy allow personal data to be sent from the EU to the UK? What will the UK require for data transfers to the U.S.?

Currently, protecting the privacy of personal information is mostly governed by the EU’s “Data Directive” (Directive 95/46/EC). 

Read More


Status of the EU-US Privacy Shield Framework

April 26th, 2016
Data Security-Privacy

The eagerly awaited successor to the defunct EU US Safe Harbor Framework for transfer of personal data of EU citizens into the United States was approved by regulators from the United States and the European Union (EU) on February 2, 2016.  The new framework, however, does not become effective until approved by the EU member states.

The new framework – known as the “EU-U.S. Privacy Shield Framework” — was designed by U.S. and EU regulators to provide a framework for transfer of personal data from the EU to the United States that supported transatlantic commerce while giving significantly stronger

Read More


European Court of Justice invalidates US-EU Safe Harbor program – How to continue transferring data in light of ruling

On October 6, 2015, the European Court of Justice (“ECJ”) invalidated the US-EU Safe Harbor Framework (“Safe Harbor”). This ruling will have far-reaching consequences. The Safe Harbor allowed U.S. companies to receive EU citizens’ personal data from the EU if the U.S. companies complied with the Safe Harbor requirements.  The Safe Harbor greatly facilitated the transfer of private personal data from the EU to the U.S. by avoiding the necessity of U.S. organizations having to comply with the much stricter EU Data Protection Directive and by allowing the U.S. Federal Trade Commission and Department of Transportation to enforce

Read More


Data Security & Corporate Governance: What Is The Individual Liability Of Officers & Directors?

by Larry Kunin, Partner and Chair of MMM Data Security & Breach Practice
     Brian Levy, Associate and Member of MMM Data Security & Breach Practice

A lot has been publicized regarding the need for data security, and the damages and tasks that face a company when a breach happens.  What about the individual liability officers and directors?   Do they face an individual legal obligation to ensure the data breach risks are at a minimum?  Do they face ultimate liability?

Officers and directors have a fiduciary duty to their corporations, including using competent business judgment, exercising good

Read More


California Amends Data Security Breach Notification Law

February 12th, 2015
Data Security-Privacy

by Larry Kunin and Patrick McKenzie

Continuing a growing nationwide trend in adopting more stringent data breach laws, California recently amended its security breach notification law—California Civil Code Section 1798 et. seq.—effective January 1, 2015. While this law applies to companies doing business in California, companies in other states that have an office in California will also have to comply.  Minnesota and Florida also amended data security laws over the past several months in response to highly publicized data breaches such as the one involving Target.

The California security breach notification law requires persons or businesses that own

Read More


SEC Pushes Cybersecurity Awareness with OCIE Cybersecurity Initiative

On April 15, 2014, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert (the “Risk Alert”) pertaining to its initiative to assess cybersecurity preparedness in the securities industry. The OCIE willbe conducting examinations of more than 50 registered broker-dealers and registered investment

Cyber Security Updateadvisors, focusing on areas related to cybersecurity. This initiative is designed to assess cybersecurity preparedness in the securities industry and to obtain information about the cyber threats that have recently affected the industry. C-level executives, in-house counsel, security officers and risk management officers should

Read More


MMM Announces Data Security & Breach Practice

data security practiceAtlanta, April 8, 2014 – Morris, Manning & Martin, LLP has formed a Data Security & Breach Practice to address the myriad of legal issues companies and organizations face with respect to data privacy and security issues. The number of data breach incidents has increased exponentially in the past few years and promise to continue their upward trajectory. Given the costs associated with a data breach or cyber-attack, either in real dollars or in terms of reputational damage, companies need law firms with significant regulatory, risk management and

Read More


Case Summary: Jackson v. Deen

March 31st, 2014
Data Security-Privacy

In this series, MMM attorney Shannon McNulty presents key information on noteworthy cases that have made, or could potentially make, a large impact on the current legal landscape.

Jackson v. Deen, No. CV412-139, 2013 WL 1911445, at *1-17 (S.D. Ga. May 8, 2013)

The court found, among other things, that the attorney-client privilege had been waived regarding certain communications between defendants’ in-house counsel at the time and certain employees of defendants because these communications were made in the presence of individuals other than the client.  Because the court found that the privilege had been waived, defendants were ordered to

Read More


Case Summary: JBCHoldings NY v. Pakter

March 17th, 2014
Data Security-Privacy

In this series, MMM attorney Shannon McNulty presents key information on noteworthy cases that have made, or could potentially make, a large impact on the current legal landscape.

JBCHoldings NY, LLC v. Pakter, 931 F. Supp. 2d 514 (S.D.N.Y. 2013)

Case Study

The court, following a narrower interpretation of the Computer Fraud and Abuse Act (CFAA), stated that an employer did not have a claim against an employee under the CFAA when the employee misused access to the employer’s computer that he had been granted because the employee

Read More