GDPR, snooping tech, and data privacy — what does this all mean? Shawn Tuma explains

The EU’s GDPR, devices and services snooping on our privacy, and data privacy law – what does this all mean?

Shawn Tuma explains to CW33’s Morning Dose why the EU’s General Data Protection Regulation (GDPR) can be a positive step in the long run for simplifying data security and data privacy when compared to the multitude of different federal, state, and local laws in the United States.

Shawn Tuma discusses on The Michelle Mendoza Show on Seattle’s 820 AM, The Word

 

The EU’s GDPR, attorney Shawn Tuma discusses on the Steve Gruber Show

 

See also: INTEGRATING AMAZON’S “REKOGNITION” TOOL WITH POLICE BODY CAMERAS — SHAWN TUMA DISCUSSES ON CW33 MORNING DOSE

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Integrating Amazon’s “Rekognition” Tool with Police Body Cameras — Shawn Tuma Discusses on CW33 Morning Dose

There has been an outcry over law enforcement using Amazon’s “Rekognition” facial recognition tool and integrating it with their body cameras for nearly real-time identification capabilities. CW33’s Morning Dose had cybersecurity and data privacy attorney Shawn Tuma on as a guest to discuss this issue, as seen on this video:

 

Here is another story with additional commentary by Tuma (2:01 mark):

 

See also:  The EU’s GDPR, devices and services snooping on our privacy, and data privacy law – what does this all mean? Shawn Tuma discusses on The Michelle Mendoza Show on Seattle’s 820 AM, The Word

 

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

FMCNA to Pay $3.5 Million for Non-Compliance with HIPAA’s Risk Analysis and Risk Management Rules

Fresenius Medical Care North America (FMCNA) has agreed to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and to adopt a comprehensive corrective action plan, in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. FMCNA is a provider of products and services for people with chronic kidney failure with over 60,000 employees that serves over 170,000 patients. FMCNA’s network is comprised of dialysis facilities, outpatient cardiac and vascular labs, and urgent care centers, as well as hospitalist and post-acute providers.

Read the full article on HHS’ website and pay careful attention to the 6 specific issues the OCR’s investigation identified as a basis for the fine:

  1. Failed to conduct an adequate risk analysis.
  2. Provided unauthorized access for a purpose not permitted by the Privacy Rule.
  3. Failed to implement policies and procedures to address security incidents.
  4. Failed to implement policies and procedures for devices containing ePHI inside and outside of the facility.
  5. Failed to implement policies and procedures to safeguard their facilities and equipment therein from unauthorized access, tampering, and theft.
  6. Failed to encrypt ePHI in appropriate circumstances.

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Allscripts EHR Ransomware Attack is Huge–How Will it Impact Healthcare Practices?

OCR LogoSee recommendations below

On January 19, 2018, cybercriminals were successful in a ransomware attack on Allscripts, an electronic healthcare record (EHR) provider for healthcare providers across the United States. The attack encrypted some of Allscripts systems and prevented those healthcare providers who use those systems for their EHRs from being able to access their patient records. Not only is there the obvious impact this has had on those healthcare providers’ ability to treat their patients, but also, under HIPAA, the Office of Civil Rights presumes that all cyber-related security incidents where protected health information was accessed, acquired, used, or disclosed are reportable breaches unless certain criteria are satisfied. (See checklist in this post and this post for further explanation).

TMLT LogoThe Texas Medical Liability Trust (TMLT)’s blog post, Allscripts EHRS Falls Victim to Ransomware Attacks, goes into much greater detail in describing the facts of this event and what has taken place since the initial attack. The blog also provides an excellent analysis of the Business Associates considerations in a situation such as this and the post features several important recommendations for what practices need to do now from my friend and excellent cybersecurity and data privacy attorney Adrian Senyszyn (LinkedIn) and myself. So, what are you waiting for, go read the TMLT post … and hope and pray that you planned ahead and have cyber insurance!

See Also:

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

The Most Positive Cybersecurity Trend I Have Seen in Nearly 20 Years!

business-1989131_1920In the last quarter of 2017, I have observed a cybersecurity trend that has given me more hope than any that I have seen previously. Let me explain.

As an attorney, I have been practicing what can generally be described as cyber law or cybersecurity law since 1999, which means that my practice has evolved a lot over the years. It also means that I have seen a lot over the years.

My practice has been divided into three distinct areas over the last several years:

  1. Proactively, by helping clients assess and understand their overall cyber risk and then developing, implementing, and maturing a strategic cyber risk management program that prioritizes their efforts to help minimize their cyber risk.
  2. Reactively, by leading companies through the cyber incident response and data breach response process (e.g.,  as a “breach guide” or “breach quarterback”) and regulatory investigations and enforcement actions.
  3. Reactively, by representing clients in litigation involving cyber-related claims like data loss, data theft, computer hacking, and business to business disputes concerning responsibility for cyber incidents.

For nearly twenty years, the number of clients that have hired me to help in a reactive role, such as with incident response and litigation of cyber claims, has towered above those who have sought my help for proactively assessing their cyber risk and developing and implementing a cyber risk management program. It has not even been close.

This has not been due to a lack of effort on my part. I have always done my best to encourage clients to be responsible when it comes to cybersecurity by being proactive and focusing first on risk management and prevention but this has generally fallen on deaf ears. They did not want to be cyber responsible — or, even if they did want to be, they were not willing to invest resources into being cyber responsible.

But in the last quarter of 2017, this has changed.

The trend that I have observed developing over the last Quarter of 2017 is outstanding! For the last few months I have had substantially more clients hire our firm for helping them with a proactive cyber risk management program than we have ever seen in the past, so much so that the amount of work we are now doing on these programs is equal to or greater than the amount of work we are doing on incident response and litigation.

What makes this trend so great? The answer is simple: it shows that companies are finally starting to get it! They are finally seeing that it is better for them to invest resources into proactively preventing cyber incidents and data breaches from happening than it is to sit back and wait with the only strategy being to hope that it will not happen to them — because it will happen to them if they do nothing to stop it.

I hope that the trend that I am seeing is consistent across the industry. If it is, we just may be turning the corner in the war on cybercrime that is destroying our companies and decimating our individual privacy.

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Complimentary Webinar: Countdown to #GDPR – Compliance for Non-EU Companies

Countdown to GDPR Compliance is a complimentary webinar that I will be moderating on Thursday, December 7, 2017, at 12:00 PM Central.  This is the second webinar in a three-part series sponsored by Mackrell International and will focus on Compliance for Non-EU Companies. You don’t want to miss it!

Moderator: Shawn Tuma
Presenter: Marta Stephanian, Ten Holter/Noordam
Presenter: Henrik Nilsson, Wesslau Söderqvist Advokatbyrå

 

COUNTDOWN TO GDPR COMPLIANCE: Compliance for Non-EU Companies
Sponsored by Mackrell International
Thursday, December 7, 2017 @ 12:00 PM CT
LINK for more information
Register via email: GDPR@hogefenton.com

GDPR Invite 2 11_21

I hope you are able to attend the webinars and find the information helpful in your business. As always, please let me know if you have any questions or if I can help you.

Shawn E. Tuma | Scheef & Stone, L.L.P.
Cybersecurity & Data Privacy Attorney
2600 Network Blvd., Suite 400, Frisco, TX 75034
214.472.2135 (direct) | 214.726.2808 (mobile)
Email: shawn.tuma@solidcounsel.com
Firm: www.solidcounsel.com
Blog: www.businesscyberrisk.com

Tips for Staying #CyberSecure While Shopping Online for #CyberMonday

Cybercriminals need shopping money for the Holidays and one of their favorite times to get yours is when you are shopping on #CyberMonday.

Use these tips to help stay #cybersecure while shopping online for #CyberMonday and at any other time:

  1. Credit or debit? Use credit cards, not debit cards, for your online shopping. Debit cards are tied directly to your bank account so if there is a problem, your money is gone. With credit cards, it is borrowed money, plus, if you have a problem with the merchant or order, the credit card company can act as your intermediary in the dispute. If possible, have one credit card that is used solely for online shopping in case you need to cancel it.
  2. Secure Internet connection. When shopping online, it is best to avoid free WiFi or other forms of open WiFi in public locations. When you are out, it is best to use your own data plan or, if you must use public WiFi, use a VPN to help minimize the risk of having your information stolen.
  3. Credible merchants. Only shop at online merchants that are credible and well-established. Anyone can put up a website in a short amount of time, make sure you know you’re dealing with a trusted merchant with a history of doing business.
  4. Scams – too good to be true (merchants). Be wary of deals that seem too good to be true and do not get too greedy because if a “deal” seems that good, it almost certainly is and the person behind the scam is either outright stealing your money or they are trying to steal your information.
  5. Saving information with merchant. While it is more convenient to save your personal information and payment information with the merchant, doing so also means that information is now stored in their database and can be compromised. It is best to not save your information with merchants.
  6. Scams – too good to be true (click here). Be wary of emails or social media posts that advertise deals that seem too good to be true and then tell you to “click here” on a link to see more information. Those are usually phishing emails that are designed for the sole purpose of getting you to click the link so they can either steal your information or deposit malware on your device. Cybercriminals can perfectly clone emails from legitimate merchants such as FedEx, PayPal, Amazon, and others so just because the email looks legit doesn’t mean it is — don’t click on the links!
  7. Scams — the sad story. While not limited to online shopping, a close relative to the “too good to be true” scam are the scams that play on your sympathy and generosity during the Holidays. An example of these is chain emails that tell of a tragedy that has befallen people and asks for donations. Criminals know how to play on our sympathies and use our emotions to manipulate us into doing things we would never do otherwise, such as sending money because someone asked for it in an email or social media post. Unless you know the people first hand, do not let your emotions overtake your judgment and stick with reputable charitable organizations with an established history.
  8. Good Cyber Hygiene. Whether for shopping on #CyberMonday or otherwise, it is best to always use good #CyberHygiene to protect yourself online. Here is a free Checklist for Good Cyber Hygiene.

For more discussion of these tips for staying safe while shopping online see 5 tips for Avoiding the Cyber Grinch this Cyber Monday! and Cyber Monday: Online safety tips from a cybersecurity expert.

SEE ALSO

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Uber’s Settlement With FTC Emphasizes Companies’ Need for Cyber Risk Management Programs

The FTC and Uber have settled the enforcement action the FTC brought against the company. This action stems from Uber’s data breach of more than 100,000 individuals’ PII despite its promises that their data was “securely stored within our databases.” The FTC found this promise was misleading when compared with the actions the company was really taking. In settling the dispute, Uber entered into a Consent Decree that Continue reading “Uber’s Settlement With FTC Emphasizes Companies’ Need for Cyber Risk Management Programs”

Invitation for 2 Webinars: Protecting Data Exchanged in Discovery and Securing IoT Data

I thought you may like an invitation to attend two complimentary webinars that I will be doing this coming week:

YOURS, MINE, OURS: Protecting the Data Gathered and Exchanged in Litigation, Association of Certified E-Discovery Specialists (ACEDS)
Monday, August 7, 2017 @ 12:00 CDT
LINK for more information FULL VIDEO (see below)

Securing IoT Data: Compliance, Privacy, and New Regulations, SecureWorld (webinar panel with Andrew Lance of Thales e-Security, Jay Irwin of Teradata, and Craig Spiezle of the Online Trust Alliance)
Wednesday, August 9, 2017 @ 12:00 CDT
LINK for more information

I hope you are able to attend the webinars and find the information helpful in your business. As always, please let me know if you have any questions or if I can help you.

Shawn E. Tuma | Scheef & Stone, L.L.P.
Cybersecurity & Data Privacy Attorney
2600 Network Blvd., Suite 400, Frisco, TX 75034
214.472.2135 (direct) | 214.726.2808 (mobile)
Email: shawn.tuma@solidcounsel.com
Firm: www.solidcounsel.com
Blog: www.businesscyberrisk.com

Does the U.S. Need a Data Protection Authority? (a few of my thoughts)

I had a wonderful discussion about privacy in the US vis-a-vis privacy in the EU with Katherine Teitler (@katherinert15) in connection with her MIS Training Institute article Does the U.S. Need a Data Protection Authority?

As with most things, I do not propose to have all of the answers. In fact, in our hour or so conversation, I probably said, “I really do not know the answer” to more of Katherine’s deep and evocative questions more times than I was able to give an answer.

What I do know, however, is that if privacy is to be taken more seriously here in the US, it simply must start with the people and the only way it is going to start with the people is if we begin to intelligently discuss the issues without all of the emotion, hysteria, spin, and agenda-driven blinders. Instead, we must have the goal of being objective in our quest and finding what is true and right — especially when it does not fit within our preconceived agenda. This applies equally to all sides of the discussion.

Katherine’s article is a great starting point to begin thinking about and discussing these issues so go give it a read!

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.