Category Archives: Data Breach

Privilege Requires Precision: Sixth Circuit’s Reminder for Internal Investigations

In a recent decision, the Sixth Circuit offered a timely reminder for legal teams conducting internal investigations: attorney-client privilege is powerful—but only when used with precision. In In re FirstEnergy Corp., No. 24-3654, 2025 WL 1234567 (6th Cir. Aug. 7, 2025), the court examined whether FirstEnergy could shield communications related to its internal investigation into alleged misconduct. …

Continue reading “Privilege Requires Precision: Sixth Circuit’s Reminder for Internal Investigations”

OCR Settles HIPAA Security Rule Enforcement Action with Heritage Valley Health System Stemming from Ransomware Attack

On July 2, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement with Heritage Valley Health System (Heritage Valley), a healthcare provider operating in Pennsylvania, Ohio, and West Virginia. This is the OCR’s third ransomware settlement and is based on allegations of potential violations of the Health …

Continue reading “OCR Settles HIPAA Security Rule Enforcement Action with Heritage Valley Health System Stemming from Ransomware Attack”

Texas Attorney General Launches Major AI, Data Privacy, and Security Initiative

FOR IMMEDIATE RELEASEJune 4, 2024www.texasattorneygeneral.govPRESS OFFICE: (512) 463-2050Communications@oag.texas.gov Attorney General Ken Paxton Launches Data Privacy and Security Initiative to Protect Texans’ Sensitive Data from Illegal Exploitation by Tech, AI, and Other Companies  AUSTIN – Texas Attorney General Ken Paxton has launched a major data privacy and security initiative, establishing a team that is focused on aggressive …

Continue reading “Texas Attorney General Launches Major AI, Data Privacy, and Security Initiative”

Discussion on Cyber Security and Cyber Law Identity Governance Matters for #AuditTuesday Show

It was great to be a guest on the YouAttest #AuditTuesday show to talk about Cybersecurity and Cyber Law Identity Governance Matters. If you enjoyed this video, please join the discussion here on LinkedIn! https://youtu.be/wwEphvc7mN4?si=fa5yRK1dKUQAqIpO

Texas Bar Journal 2023 Cybersecurity & Data Privacy Year in Review

I am happy that I was able to provide the Texas Bar Journal’s 2023: The Year In Review – Cybersecurity & Data Privacy Update which addressed the following issues: how the Texas “hacking laws” and issue of “consent” impact the discovery of evidence of child pornography whether sending a malicious phishing email violates “hacking laws” …

Continue reading “Texas Bar Journal 2023 Cybersecurity & Data Privacy Year in Review”

Neural Privacy is Where It’s At — Brain Scanning Technology is Causing States to Look at Protecting the Privacy of Our Thoughts

UPDATES 2024.03.15 Neuralink is now being used to play chess! https://www.youtube.com/watch?v=LfwzfP8cp3A This morning I read an article about how brain scanning technology is causing Colorado and Minnesota to propose legislation that is aimed at establishing rights and protections for information collected from our thoughts through the neural signals that can be scanned and collected from …

Continue reading “Neural Privacy is Where It’s At — Brain Scanning Technology is Causing States to Look at Protecting the Privacy of Our Thoughts”

DFW Area Friends – Join Me to Talk Real World Cyber Incident Response and Preparation at Tech Titans’ Cybersecurity Forum

Your organization has been breached, now what? That’s the title of our discussion at Tech Titans’ Cybersecurity Forum this Thursday, December 14, 2023, from 3:30 – 6:00 PM in Richardson, Texas. This event is available for both members of Tech Titans and non-menbers and you can register at this link: https://business.techtitans.org/events/details/cybersecurity-forum-december-14-2023-4826?calendarMonth=2023-12-01 I will be moderating …

Continue reading “DFW Area Friends – Join Me to Talk Real World Cyber Incident Response and Preparation at Tech Titans’ Cybersecurity Forum”

SEC Continues to Emphasize Importance of Cybersecurity and Cyber Risk Governance

“While this is an oversimplification of all of the requirements and nuances of the forthcoming SEC rules, the SEC’s objectives are to require companies to provide meaningful and actionable information to shareholders to better understand companies’ cyber risks and how companies are managing and responding to them. From a very high level, this can be …

Continue reading “SEC Continues to Emphasize Importance of Cybersecurity and Cyber Risk Governance”

Shawn Tuma Provided Texas Bar Journal 2022 Cybersecurity & Data Privacy Year in Review Update

Shawn Tuma provided the Texas Bar Journal’s 2022: The Year In Review – Cybersecurity & Data Privacy Update which addressed the following issues: updated Texas cyber event notification requirements for Texas state banks Texas AG enforcement of data protection laws federal and state hacking laws former owner of company accessing company network attorney immunity for …

Continue reading “Shawn Tuma Provided Texas Bar Journal 2022 Cybersecurity & Data Privacy Year in Review Update”

“Data is the hot potato!” — some data governance lessons from the Twitter Whistleblower Testimony

Hopefully you saw my recent post “Data is the hot potato!” and data minimization lessons from the FTC’s Drizly case and it reinforced in your mind just how important it is to focus on the data when we are talking about cyber and privacy risk management. If it didn’t, that’s ok, here’s another reminder. My …

Continue reading ““Data is the hot potato!” — some data governance lessons from the Twitter Whistleblower Testimony”