Get more information about our Red Cross lifeguard instructors. #redcross #ltny #nassaucounty #suffolkcounty #longisland #savealife #lifeguard #cpr #firstaid #training lifeguardtrainingny.com/about-us.html

seen from Canada
seen from T1

seen from United States
seen from United Kingdom
seen from Germany

seen from United States

seen from Malaysia
seen from Venezuela
seen from Russia

seen from United States
seen from Yemen

seen from United States
seen from Russia
seen from Malaysia

seen from United States
seen from United States
seen from United States
seen from T1

seen from United States

seen from United States
Get more information about our Red Cross lifeguard instructors. #redcross #ltny #nassaucounty #suffolkcounty #longisland #savealife #lifeguard #cpr #firstaid #training lifeguardtrainingny.com/about-us.html
Jason Atchley : Strategies for Protecting Trade Secrets in the Cloud
jason atchley
Strategies for Protecting Trade Secrets in the Cloud
From the Experts
Dana J. Finberg, Corporate Counsel
February 18, 2014 |0 Comments
Brian Jackson - Fotolia
Recent studies estimate that trade secrets may account for up to two-thirds of most companies’ information portfolios, and that the annual cost of trade secret misappropriation to U.S. companies ranges between $45 and $300 billion. Given the importance of trade secrets to many companies’ competitive success, it is no surprise that trade secret litigation is booming. Indeed, federal courts have seen it doubling roughly every decade for the past 30 years, and jury verdicts in the hundreds of millions are becoming almost commonplace. Not long ago, many companies’ trade secret protection policies consisted of erecting physical barriers preventing unauthorized access to information typically maintained in hard-copy form, and in limiting employee access to the most sensitive information on a “need-to-know” basis. While such measures are still important, in today’s digital world, where an ever-increasing amount of trade secret and commercially sensitive information is maintained in electronic form, these policies are dangerously outdated. Growing reliance on cloud computing—broadly defined as providing services and/or information over a digital network (typically the Internet)—has led to greater opportunities for trade secret theft as more and more businesses store such information in the cloud. Today companies must balance promoting easy and remote access to information, enabling a diverse workforce spread across geographies to innovate and cooperate, with protecting the intellectual property that drives their businesses. This is no easy task, particularly where companies have increasingly mobile workforces. The idealized notion of a “company man/woman” who stays with one employer for his or her entire career is becoming a thing of the past. One government study found that a person born in the later years of the Baby Boom (between 1957 and 1964) held an average of 11 jobs between the ages of 18 and 42. Anyone following trade secret disputes can see that companies are suing former employees for alleged theft of proprietary data maintained in electronic format with almost alarming frequency. The primary source for most states’ trade secret laws is the Uniform Trade Secrets Act (UTSA), originally adopted in 1979 and now enacted (with some jurisdictional variations) in 47 states, the District of Columbia and the U.S. Virgin Islands. To qualify for protection as a trade secret under the UTSA, information must meet three requirements:
It must be secret; i.e., not generally known or readily ascertainable.
It must derive independent economic value from its secrecy.
It must be the subject of efforts that are reasonable under the circumstances to maintain its secrecy.
Litigation concerning misappropriation of trade secrets stored in the cloud will inevitably focus on the “reasonable measures” requirement and will raise questions of whether it is ever reasonable to allow trade secrets to be stored in the cloud—and, if so, what security measures are required to maintain secrecy. Despite the proliferation of litigation involving cloud-enabled misappropriation of trade secrets, courts have yet to provide definitive answers to these questions. At this point, it is helpful to draw a distinction between internal clouds—networks set up and administered by companies owning trade secret information—and third-party data-hosting services. Many companies have established internal clouds to help pool computing resources and foster higher employee utilization and efficiency. While internal clouds might be advantageous for data protection, because it is easier for companies to track workflow and ensure the implementation of security guidelines, the trade-off relative to economies of scale can be significant. Many smaller companies and start-ups simply lack the financial resources to set up internal clouds with sufficient bandwidth to meet the needs of their employees, and therefore turn to third-party hosts as a matter of necessity. The UTSA does not require trade secret owners to maintain information in absolute secrecy. However, to avoid running afoul of the “reasonable measures” requirement, when trade secrets are entrusted to third-party data hosts the owner must ensure that either an express or implied duty of confidentiality is created; i.e., the data host must know or have reason to know that it is receiving trade secret information. Generally, the relationship between data hosting services and their customers are controlled by the Terms of Service (TOS) promulgated by the services. The dilemma for trade secret owners using these services is that many—if not most—of the TOS for third-party data hosts expressly disclaim responsibility for the security and secrecy of information stored in their systems. While larger enterprises representing significant accounts may have sufficient leverage to negotiate terms providing additional safeguards for any information entrusted to the host, the current reality is that smaller companies (and individuals) lack such ability. Absent modifications to the TOS, in most instances the relationship between a trade secret owner and a third-party data host is not one that will create an express or implied duty of confidentiality. Lacking that, can a trade secret owner allow its trade secrets to be hosted by a third party without risking disclosure of that information? There are competing views on what constitutes a disclosure of information sufficient to deprive it of trade secret status. On the one hand, the “third-party rule” would dictate that any disclosure of trade secret information to a third party not subject to a duty of confidentiality automatically destroys the information’s trade secret status. On the other, Roger Miligrim (one of the leading commentators on trade secret law and the author of the leading treatise on the subject), suggests that no waiver of trade secret protection occurs until there is an actual disclosure and the information becomes “generally known or readily ascertainable.” While no published opinions have addressed whether merely allowing a third-party cloud company to host trade secrets destroys the protected status of the information, prior opinions finding that protection is not automatically lost when information is posted on a website, or is kept in the public files of a court’s Clerks Office, provide strong support for Miligrim’s position that no waiver occurs until there is an actual disclosure. While cautious advice might be to identify trade secrets and never store them in the cloud, in today’s digital workplace such advice may not be commercially feasible. In a study published in February 2013, the Poneman Institute released the results of a survey of 4,000 people in seven countries about their companies’ data-encryption projects. The study found that more than half of the respondents said that their companies transfer sensitive data to the cloud, and 31 percent said that their companies would likely do so within the next 12-14 months. See Poneman Institute, 2012 Global Encryption Trends Study [PDF] (February 2013). As more sensitive information moves to the cloud, the critical issue becomes what security measures will be deemed “reasonable” for protecting the information from disclosure. To determine reasonableness, courts often examine: (1) the nature of the information; and (2) the circumstances under which it will be stored and used. The more sensitive the information at issue, the more sophisticated the data-security measures may be required to meet the reasonableness standard. While no published opinions explain what will constitute reasonable measures to protect the secrecy of information entrusted to a third-party data host, prior cases involving information maintained in electronic format suggest that the following security measures—individually or used in concert—may be appropriate:
Hardware security modules to manage data encryption and security keys.
Electronic tagging of trade secret information, coupled with a data segregation application (such as a firewall), which would prohibit uploading of the most sensitive trade secrets to a cloud server.
Encryption of data during transfer from the company to the cloud host, and from the host to authorized users.
Maintaining the data in encrypted form while in the cloud.
Use of regularly variable secure passwords or sign-ins to limit access to the cloud platform on a need-only basis.
Electronic monitoring systems to monitor and record access to files stored on the cloud, which provide alerts when files are electronically transmitted via email, uploaded to the cloud or copied on external media (such as thumb drives).
Finally, companies should regularly train employees on their established data protection and trade secrets policies, and take timely steps to cut off or restrict departing employees’ access to trade secret information—whether stored on an internal or third-party cloud—as soon as resignations are tendered or other circumstances suggest a departure is imminent. Dana Finberg is a partner in the San Francisco office of Arent Fox, where he is a member of the firm’s Complex Litigation and Intellectual Property practices. He serves as trial counsel in trade secret, patent, trademark, trade dress and copyright litigation throughout the United States.
Companies, agencies mentioned: Terms | Poneman Institute
Law firms mentioned: Arent Fox
Filed Under: Intellectual Property , Trade Secrets
Read more: http://www.corpcounsel.com/id=1202643069354/Strategies-for-Protecting-Trade-Secrets-in-the-Cloud#ixzz2tggP4quB
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Posted by Jason Atchley at 9:22 AM
Jason Atchley : Statistics? Rule 26? TAR???
jason atchley
Vendor Voice: Statistics, Rule 26(g) and Getting Stuck in TAR
The TAR process must be implemented with a consistent eye toward certification requirements.
Karl Schieneman & Thomas Gricks III, Law Technology News
February 14, 2014 |0 Comments
Anyone who has ever tried to use a technology-assisted review or predictive coding tool usually starts by talking to a vendor—or a handful of vendors—who immediately suggest these tools are exceedingly simple to use and speed up the time and lower the costs of litigation. While no doubt true, attorneys in federal court are held to a standard of “reasonable inquiry” as dictated by Rule 26(g) of the Federal Rules of Civil Procedure. If attorneys do not keep a mindful eye on the process, the easy button of TAR can raise unintended Rule 26(g) challenges by the opposing party or unilaterally by the Judge in the case.
The Implications of Rule 26(g) on the Use of Technology-Assisted Review was recently published in the Federal Courts Law Review. The article analyzes five phases of the TAR process that, if not fully considered and properly executed can engender Rule 26(g) arguments. These stages are collection, disclosure, training, stabilization, and validation. For example, during the collection phase, attorneys seldom consider the impact of the richness of the collection upon the reasonableness of the inquiry under Rules 26(g). Since the advent of the recent federal rules and the warnings of Zubulake V (Zubulake v. UBS Warburg 229 F.R.D. 422 (S.D.N.Y. 2004), attorneys have been fearful of sanctions for not preserving and collecting all relevant electronically stored information. The knee jerk reaction has been to preserve and collect broadly, and then throw more data into a review tool than is even remotely tied to a case. This is compounded by the fact that requesting parties, recognizing the relative ease of searching ESI (as compared with hard copy documents) tend to make overly broad document production requests.
As a practical matter, this can make it more difficult to implement a technology-assisted review, which depends on the development of a language model to distinguish between relevant and non-relevant documents. This is generally accomplished by the algorithmic analysis of language patterns in documents which are coded responsive versus documents which are coded not responsive. If relatively few of the documents in a collection are responsive, it becomes a challenge finding enough documents to develop the model. If you use a seeding approach of finding and picking exemplar documents, much like we use key words, you run the risk of not finding the documents that, while perhaps relevant and even important to the case, are not sufficiently like the seed documents to be uncovered by the tool.
If you use a machine assisted or random approach, it may be necessary to code a significant number of documents to develop the model. For example, if only 1 percent of the collection is relevant, a completely random selection of documents may require a review of 20,000 to 50,000 documents. While this will typically be a very small fraction of the entire collection, it can be difficult for senior attorneys to devote the necessary time to the review.
This situation also implicates the Rule 26(g) certification. TAR productions are often validated to a confidence level of 95 precent and a confidence interval of ±2 percent by reviewing just under 2,400 documents. For a reasonable collection in which 10 percent of the documents may be relevant, the actual confidence interval would be closer to ±1.2 percent, or just 12 percent of the anticipated value.
However, in a poor collection in which only one percent of the documents are expected to be relevant, the confidence interval, while only ±0.4 percent, would actually equate to 40 percent of the estimated value. The article discusses the implications of this situation on the Rule 26(g) certification, because the producing party is uniquely situated to manage the results of the TAR process.
The article also addresses other situations, such as the challenges implicit in effecting cooperation and transparency when lawyers are typically accustomed to sharing as little information as necessary with opposing counsel. In cases such as In Re Actos and Global Aerospace v. Landow Aviation, L.P. dba Dulles Jet Center, et al, the parties agreed to share documents coded as non-responsive which were fed into the TAR tool, in order to gain an agreement from opposing counsel and to reduce the risks of a challenge to the training process.
The concept behind sharing this information is similar to the idea behind sharing key words with opposing counsel. Any agreement reduces the risk of being challenged for not having undertaking a “reasonable inquiry.” Cases spawned by 75 years of manual review do not require this level of transparency and cooperation, and courts have been slow to move in that direction. See In Re Biomet. Nevertheless, deficiencies in training the TAR tool, can only be discovered by an adversary who has not been the beneficiary of transparency and cooperation after the time and expense of training have been incurred by the defendants. Any deficiencies in the production may be viewed negatively under Rule 26(g) if the court sees transparency as a way to reduce the cost of litigation and improve the value of discovery. This is especially true if the producing party opposed transparency during the course of the litigation. The article explains how transparency can serve as an insurance policy against a Rule 26(g) challenge.
The key takeaway: Rule 26(g) implicates every aspect of the TAR process, and the process must be implemented with a consistent eye toward certification requirements. Equally as important is the notion that linear review (which is typically conducted on electronic data) may well become subject to the same types of considerations as attorneys attempt to impose validation requirements on modern document productions. As Rule 26(g) moves to the forefront, lawyers who do not fully appreciate the background sampling and statistics risk finding themselves stuck in “tar” of the reasonable inquiry standards of Rule 26(g)
Attorney Karl Schieneman is president of Review Less ([email protected]); Thomas Gricks III is head of predictive coding and a shareholder at Schnader Harrison Segal and Lewis ([email protected]). Both are based in Pittsburgh, Pa., and participated in the Global Aerospace case.
Companies, agencies mentioned: TAR | Global Aerospace | Federal Rules | Use of Technology-Assisted | L.P. dba Dulles Jet Center
Law firms mentioned: Schnader Harrison Segal & Lewis
Filed Under: Civil Procedure , Discovery
Read more: http://www.lawtechnologynews.com/id=1202642979755/Vendor-Voice%3A-Statistics%2C-Rule-26%28g%29-and-Getting-Stuck-in-TAR#ixzz2tb8nlGSB
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Posted by Jason Atchley at 10:38 AM
Jaason Atchley : Protect this Data House!!!
jason atchley Get Your Data House in Order—Or Else In-House Straight Sherry Karabin, Corporate Counsel February 14, 2014 |0 Comments Sergey Nivens You’re heading out for a meeting with a client when suddenly you realize you can’t find an important document. Did it get deleted or simply misplaced? Scenarios like this are one example why Baker & Hostetler attorneys Judy Selby and James Sherer are urging firms and others in the legal profession to get their data houses in order. In a blog posted in Information Security on the firm’s website they discuss “Information Governance.” Selby and Sherer argue data security concerns, privacy, compliance and e-discovery costs are just some of the reasons that sound policies to efficiently manage information must be in place. Their key points: Policy must be consistent with “enterprise-wide strategic and business goals,” they say. It should include “all relevant stakeholders and take into account the enterprise’s organization and culture, legal/regulatory concerns, business operations and technology.” Special data challenges like the retention of personal health information or the management of streaming social media data must be addressed. Most data likely has no business value. Implement a defensible deletion plan guided by considerations, such as the effect of legal holds, regulatory and compliance requirements etc. Include guidelines for management of retained information and eliminate redundancies, creating classification and organizational systems so things can be retrieved quickly. Filed Under: Internet Law Read more: http://www.corpcounsel.com/id=1202643085378/Get-Your-Data-House-in-Order%26%238212%3BOr-Else#ixzz2tKXKpR8d
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Posted by Jason Atchley at 2:33 PM
Jason Atchley : How to Reduce Risk of Data Breach
JASON ATCHLEY HOW TO REDUCE DATA BREACH AND CYBER SECURITY RISK FOCUS: Most companies will have an information security breach in most years, so businesses should focus on preparing for incidents, because they are inevitable. 13 Feb 2014 IT Security Data protection TMT Sourcing TMT Financial Services Insurance and wealth management Advanced Manufacturing & Technology Services The increase in the volume of data that businesses now store; the growing use of mobile devices, and the trend of users connecting their own devices to corporate networks are factors making data breaches more likely. And proposed changes to EU law mean that organisations will no longer be able to keep breaches a secret. Government research has found that 87% of all UK SMEs and 93% of firms with more than 250 staff had experienced at least one security breach in 2012. This means that nobody can escape data breaches. What will increasingly matter is how well prepared you are and how you deal with them. Many organisations still try to hide the fact that breaches exist and manage them behind closed doors, but changes to EU law mean that this option is about to be removed. EU governmental bodies are wrangling over a General Data Protection Regulation that is likely to force many more organisations to report publicly on many more data breaches. This means that keeping a breach a secret will no longer be an option, and it means that organisations will have to be clearer than ever about how they deal with them. Organisations might not welcome the development, but evidence shows that those with detailed data breach and cyber security plans are the ones that deal best with the fallout from a breach. Those plans must become a priority for the boards of organisations of any significant size. Those at the very top of organisations need to recognise the real risks facing their businesses and take steps now to minimise those risks by preparing more fully for breaches. What causes the risk? Cyber security and data breaches happen when people get access to data and systems that they shouldn’t. It might be customer data; credit card details; medical information or even just a list of email addresses – any large amount of data in the wrong hands can cause significant damage. This can happen when people hack into systems, but it is more likely to be opportunistic or due to negligent employees. A lost or stolen laptop, phone or memory stick or a carelessly unsecured IT network can lead to significant breaches. System failures, third party faults, hacking attacks, insider or rival theft can also result in personal data, confidential or commercially sensitive information, such as businesses’ trade secrets, being compromised. The fall out can be huge. Reports by companies such as Huawei, Verizonand Marsh, as well as the Bank of England have warned about the scale and potential cost of data breaches, whilst a global security report by Trustwave even identified the industries most susceptible to being compromised – the retail sector was especially attractive to hackers due to the ability to make money from selling stolen payment card data, it said. According to Symantec, businesses are experiencing increasing costs as a result of data breaches. In 2011 the average cost of data breaches to an organisation was £1.75 million. Last year that figure rose 15% to £2.04m. So costs can be significant, and they may include regulatory penalties. A recent case ruled on by the Information Commissioner’s Office (ICO) highlighted that businesses with some security measures in place may still fall foul of UK data protection rules. The ICO fined Jala Transport Limited £5,000 when a hard drive containing customer data was stolen. The fine was smaller than it otherwise would have been because the company self-reported the breach. The fact that access to the hard drive was password-protected was not enough for the company to be said to have met its obligations with regards data security. The company should have used further encryption methods to secure the information stored, the ICO said. The Sony case – where the company was fined £250,000 after its PlayStation Network was hacked – showed, though, that organisations of different sizes and resources will be held to different security standards. An emerging source of risk is the prospect of ‘collective redress’, where a collection of people bring group proceedings against an organisation. Proposed changes to UK consumer protection legislation would, if introduced, enable a larger range of consumer groups to bring claims on behalf of individuals. The draft General Data Protection Regulation would, if introduced, also provide a right of redress for individuals against businesses where they believe their privacy rights have been impinged on. If security or data breaches were the subject of collective redress actions then this could increase the cost and complexity of the risk arising from those breaches; moving another step closer to US style class actions. Why doesn’t every organisation have a plan? Despite these repeated warnings many executives still don’t take cyber and data breach risks seriously enough. They underestimate how frequently such incidents arise, typically assuming that it will not happen to their business. When incidents do happen it is common for them to sweep them under the carpet to preserve the organisation’s reputation and consumers’ trust. They are entitled not to disclose breaches in a lot of cases. While UK data protection law says that organisations must take “appropriate technical and organisational measures” to prevent the “unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data”, it does not force them to go public when there is a breach. This is likely to change soon, though. EU law has already placed anobligation to disclose data breaches on telecoms companies, and a new Network and Information Security Directive would require public administrators and ‘market operators’, such as banks and energy companies, to notify designated regulators of “significant” cyber security incidents that they experience and in some cases to report them to the public. The General Data Protection Regulation in its current draft would create an obligation for all businesses to report breaches to regulators and affected consumers in certain circumstances. Regulators could levy fines of up to the higher of €100 million or 5% of businesses’ annual global turnover for non-compliance. Making a plan Businesses may feel frustrated at the new laws proposed, but if they have the effect of forcing organisations to plan for information disasters, then that is a positive effect. Symantec said that businesses can save on costs associated with such incidents if they establish and implement a “formal incident response plan”. Having a plan for how to deal with incidents is a major factor in reducing risk and lowering the eventual cost of the breach. A good starting point would be to implement the Government-backed 10 steps to cyber security (20-page / 3.12MB PDF). The steps include developing a “mobile working policy” for staff, ensuring devices contain security features that “protect data both in transit & at rest”, engage in cyber attack testing and limiting who can access key information. Businesses should also monitor for the finalising of the new organisational standard on cyber security that the Government is creating. It has said that none of the ISO27000-series of standards quite fit its requirements, but it plans to base the new standard on that suite of existing guidelines. Businesses are, generally, not protecting themselves properly against their exposure to costs associated with a data breach. They need a comprehensive plan to turn to should the worst happen, but this is something many companies lack. The plan should including having access to a network of experts that can help address the variety of issues that arise following a data breach – from communicating with consumers, running forensic IT examinations, and providing credit monitoring services. Should the worst happen, businesses should be prepared to consider self-reporting incidents to the ICO. Self-reporting does not guarantee that businesses will avoid fines over data breaches – something an Upper Information Rights Tribunal recently confirmed – but the ICO is on record as saying that it is minded to treat businesses that self-report data breaches more favourably than those that don’t when determining what level of penalty to levy, or even whether to impose a fine at all. In the insurance market, a growing range of products are being made available to businesses to insure themselves against data and security risk. Products may offer insurance against data breach costs, damage done by hackers, and other cyber liabilities, such as the cost of regulator penalties, where insurable, and litigation initiated by consumers affected. The market for cyber insurance products has been more active in the US than in Europe. There, regulators such as the Securities and Exchange Commission require disclosure of some incidents, whilst adoption of the policies was also triggered by the publicity generated by the data breach experienced by discount clothes retailer TJX, where credit card information was stolen from more than 45 million customers. However, the price of those policies, and difficulties in interpreting what precisely they provide cover for, mean that many organisations do not currently purchase them. They will not fit every organisation’s needs, but many insurers offering data breach and cyber liability products also provide policyholders with access to the network of experts they would otherwise need to individually seek out and contract with for help in the management of incidents. Board-level engagement and sponsorship of cyber security initiatives is critical, as is securing a budget for it. To achieve this, data protection officers, privacy counsels, CIOs, CTOs or others that may be responsible for ensuring regulatory compliance and systems security should consider producing a two-page document ready to present to the board summarising the risks their business faces, the current plans and processes in place to deal with them and an outline about what future procedures and processes are required to address the threats and mitigate the risk. Businesses cannot afford to delay or be complacent, particularly as forthcoming changes in regulation threaten to expose those that are unprepared and the age of big data, cloud computing and the internet of things drives consumer-focused response by industry. Ian Birdsey is a technology, media and telecoms law expert at Pinsent Masons, the law firm behind Out-Law.com
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Posted by Jason Atchley at 9:47 AM
Jason Atchley : Consumer Data Security
Jason Atchley Business Groups Band Together to Protect Consumer Data Andrew Ramonas, Corporate Counsel February 13, 2014, 12:35 PM |0 Comments Teamwork works together to build a gear system alphaspirit - Fotolia Major trade groups for the retail and financial services industries have joined forces to fight hackers, announcing on Thursday a cybersecurity partnership intended to better protect consumers after the massive data breaches at Target Corp. and Neiman Marcus Group Ltd. The 13-member coalition will encourage information sharing, new payment-card security tools, and collaboration on protections for payments made with mobile phones and other devices. The partnership includes the Retail Industry Leaders Association, Financial Services Roundtable, American Bankers Association, American Hotel & Lodging Association, Clearing House Association and Payments Co., Consumer Bankers Association, Food Marketing Institute, Independent Community Bankers of America, International Council of Shopping Centers, National Associations of Convenience Stores, National Grocers Association, National Restaurant Association and National Retail Federation. "We are committed to working together to ensure customer personal and financial information is secure and protected," said former Minnesota Gov. Tim Pawlenty (R), Financial Services Roundtable's chief executive officer. "Exploring avenues for increased information sharing and collaborating on innovative technologies and safeguarding data will be critical in defending against common enemies." As part of the digital-security partnership, the trade associations will create working groups to discuss areas of agreement and disagreement in an effort to hash out their differences and find solutions. The working groups will focus on "increasing threat information sharing, innovative technologies that adds safeguards [sic] to protect consumers within the payment system and other areas like national data breach laws," according to a news release. Members of Congress last week questioned Target and Neiman Marcus executives about moving from magnetic-stripe debit and credit cards to cards containing smart-chip technology and creating a national standard for notifying customers of data breaches. Target backs the chip technology, and plans to offer the system to its customers by next year, said John Mulligan, executive vice president and chief financial officer for the company. Neiman Marcus has no such plans at this time, said Michael Kingston, senior vice president and chief information officer for the retailer. But he agreed that the technology could help retailers better safeguard their customers' personal information. As for a national breach notification standard, Mulligan said he would support it over the existing balkanized regulatory framework. At present, 46 states and the District of Columbia, Guam, Puerto Rico and the Virgin Islands enforce differing standards for data breach notifications, according to the National Conference of State Legislatures. Kingston said he didn't have an opinion on the creation of a national standard. But he urged "flexibility." Despite their differences, Target and Neiman Marcus, which both belong to trade groups in the cybersecurity partnership, are committed to safeguarding their customers' data, their executives said. “Retailers place extraordinarily high priority on protecting customers’ personal information,” said Sandy Kennedy, president of the Retail Industry Leaders Association. “This partnership will improve collaboration across the payments ecosystem allowing us to work together to develop near- and long-term solutions that will enhance security for our customers.” Companies, agencies mentioned: Retail Industry Leaders Association | Financial Services Roundtable | Target Corporation | Clearing House Association | The Neiman Marcus Group Inc. | Food Marketing Institute | International Council of Shopping Centers | National Retail Federation | American Bankers Association | National Conference of State Legislatures Filed Under: Internet Law , Computer Crimes , Privacy Read more: http://www.corpcounsel.com/id=1202642885659/Business-Groups-Band-Together-to-Protect-Consumer-Data#ixzz2tF2rBAef
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Posted by Jason Atchley at 3:59 PM
Jason Atchley : 6 Ways for GCs to Do More With Less
JASON ATCHLEY : CORPORATE LAW : SIX WAYS FOR GCS TO DO MORE WITH LESS Jason Atchley 6 WAYS FOR GCS TO DO MORE WITH LESS From the Experts Christine Helwick, Corporate Counsel February 12, 2014, 01:11 PM |0 Comments The legal department in every organization is being asked to do more with less. Below is a checklist of six practices employed in a university general counsel’s office that may be helpful to make your office more cost effective: 1. REGULARIZE THE ROUTINE Common questions that come up repeatedly consume precious time that could be used by attorneys more productively elsewhere. That wasted time can be recaptured if clients become accustomed to consulting a manual, handbook, form, FAQ sheet or other resource with information that responds to these common issues. Preferably posted on an intranet, where it can be accessed any time day or night, the responsive information can also include broader background about the subject matter to educate the clients more deeply and help them understand the reasons for the responses. Clients can return to this information over and over again, as questions recur and responses are forgotten. Of course, the website should also remind clients that they are welcome to pursue more complex questions directly with the legal department. But this practice will ensure that follow-up questions are more deserving of attorney time. Getting clients trained to refer to the general counsel’s website as first resource for most legal issues will not only save time, but allow the website to develop into a broader communication tool. 2. ENCOURAGE THE OFFICE NETWORK All legal offices store information for future use, whether in hard copy or an electronic matter management system. These systems can be great references when the same legal issues arise in different contexts. But no matter how carefully created and indexed, old-fashioned office networking should never be underestimated as an additional means to access information quickly. The lunch dates or hallway conversations in which attorneys casually share with each other the projects they are working on, or emails circulated throughout the office such as, “Has anyone dealt with ___?” are practices that should be encouraged, as they can sometimes provide quicker access than researching the files. If not, of course, the traditional files are always still available. Encouraging the office network also builds a broader spirit of generosity, where attorneys become true colleagues and are willing to assist each other in their work. This spirit can be broadened, and individual attorneys formally assigned responsibility for particular topics; they can then become the office specialists, relied upon to keep the office current as new developments arise. Collaboration inevitably improves the overall office work product and also results in greater office efficiency. 3. PROTECT THE OFFICE MISSION There is a temptation in every organization to “borrow” the lawyers for nonlegal work. It happens for a lot of understandable reasons—the lawyers are smart, they are respected, they are efficient and logical, they are good writers and/or they lack turf. Sometimes it is efficient and useful. Often it is not, and instead is the product of individual lawyers making decisions about their own work boundaries, wanting to be liked or not trusting those to whom the work is assigned to do it “right.” Lawyers can end up doing many tasks that are better done by employees with lesser training—e.g., investigations, minor administrative hearings, performance reviews, disciplinary charges, government forms and so on. It is in the best interest of the office to have systems in place to monitor work assignments to protect the office mission, and to make certain that lawyers are only “borrowed” when it is useful and meets the highest-priority goals of the organization. 4. MAKE TRAINING STRATEGIC Proactive training of the workforce is important and one of the functions of the general counsel’s office. No matter how important the subject matter, however, when it is provided gratuitously across-the-board to all employees, it is rarely useful. Carefully assessing where the weaknesses that could profit from targeted training are within the organization will not only save time, but will be more effective and appreciated by clients. Of course, it needs to be presented in a supportive and helpful way, and not experienced as punitive. Once the audience and subject matter are identified, the time necessary to plan the training, however, cannot be shortchanged. Every meaningful training requires significant advance planning and usually calls for skills that lawyers did not learn in law school—e.g., working interactively with an audience, preparing captivating visuals or even being funny. Talking heads are generally a flop. Videotaping an effective training for future use may help recoup some of this necessary preparation time. 5. DEVELOP LITIGATION STRATEGIES EARLY Litigation can only be cost-effective where there is a big-picture strategy developed at the outset, when the facts are fresh and the relevant players are still available. It is important to set aside time to do this, as soon as the complaint comes in, rather than allowing the case to lapse into the myriad legal activities that can feel like progress but don’t genuinely advance the case. The most important issue to be addressed at the outset is whether the desired endgame is trial or settlement. The activity in the case will be different, depending on the intended goal. Most cases settle, in which case there is no advantage to delay. An immediate phone call or letter can sometimes surprisingly end a dispute before it even gets off the ground. Where motions or discovery work are necessary to improve the settlement environment, or get the plaintiff to the table, they should still be strategic and selective. A partial deposition, for example, starting in the middle and skipping over the full chronological development of facts, may be enough to get the necessary information; it can always be completed later, if that becomes necessary. An early mediation may help shape the plaintiff’s expectations, even if it does not settle the case in the first round. Many summary judgment motions can be filed long before all of the discovery is complete. The initial choice of strategy may need revision as the case unfolds, but without a clear focus and an intended goal at the outset, litigation will always meander, cost more and produce a less satisfactory result. 6. MAKE MAXIMUM USE OF OFFICE PARALEGALS With technology, today’s secretaries can do much of what used to be considered paralegal work. Similarly, today’s paralegals can do some of what used to be considered the lawyers’ work. Paralegals can certainly perform the traditional tasks of retrieving and organizing documents. With a little training, most can also interview witnesses, develop written factual statements, dispense routine advice, draft preliminary opinions, write letters, prepare routine motions and keep the general counsel’s website up to date. Under supervision, paralegals can even be assigned full responsibility for office response in a particular subject area. They should not be limited just to litigation assistance tasks. It can be an interesting (and sometimes surprising) exercise to ask a paralegal what additional work s/he believes s/he can take on to save the lawyers’ time. Making good use of office paralegals on every project will inevitably save lawyer time that can be used elsewhere. The pressure on the general counsel’s office to be more productive, and contribute meaningfully to the bottom line, is not likely to subside any time soon. These six practices can contribute to trimming costs by ensuring that the time and talent of the lawyers is used most effectively. Christine Helwick is of counsel at Hirschfeld Kraemer in California and former general counsel for the California State University system. She can be reached at [email protected] or via the firm’s website. Companies, agencies mentioned: Training Strategic Proactive | California State University Read more: http://www.corpcounsel.com/id=1202642692393/6-Ways-for-GCs-to-Do-More-With-Less#ixzz2tDqyGpXm
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Posted by Jason Atchley at 11:05 AM
Jason Atchley : LTNY Highlights
12 on 12: Favorite Moments at LegalTech New York
Judicial insight, Edward Snowden, high fashion, fear and magic were among the highlights of LegalTech extravaganzas.
Monica Bay, Law Technology News
February 12, 2014, 10:58 AM |1 Comments
From left, attorney and forensic technologist Craig Ball, U.S. District Judge Shira A. Scheindlin, U.S. Magistrate Judge James C. Francis, U.S. Magistrate Judge Andrew J. Peck, U.S. Magistrate Judge John M. Facciola.Photograph by Margarita Corporan
For February's 12 on 12, we asked attendees about their favorite moments at LegalTech New York and ReInvent Law NYC. Here are a dozen responses:
1. The Great Debate:
a) My favorite moment from LTNY was the screening of filmmaker Cullen Hoback’s documentary “Terms and Conditions May Apply” at the Law Technology News Innovation Awards. The film was an enjoyable but disturbing exploration of the erosion of personal privacy in the digital age. One of the particularly interesting examples in the film of the consequences of not reading terms and conditions in online agreements was the story of a company in the U.K. that, as a joke, included a provision in its terms and conditions that said that by placing an order, the consumer was granting the company the right to claim the consumer’s immortal soul. In one day, 7,000 people placed orders and agreed to those terms and conditions. I also enjoyed hearing Hoback’s comments during the Day 3 keynote, "Security & Privacy." — Gail Gottehrer, partner, Axinn, Veltrop & Harkrider, New York and Hartford, CT.
b) The classic moment for me was the Day 3 keynote and the look on filmmaker Cullen Hoback's face upon learning that Hunton & Williams partner Lisa Sotto (a last minute substitute for Trevor Hughes, who was grounded by the snow storm) had written thousands of the very contracts he was examining in his film, and that she consideredEdward Snowden to be a villain. Probably a much different dynamic than you'd have had with Hughes—and high entertainment value. —Name withheld by request.
c) This was my favorite LegalTech yet (and I've been attending for almost 20 years). The highlight for me personally came during the Day 3 Keynote when I found myself in the moderate position on the panel—between two strong personalities (the aforementioned Sotto and Hoback) with opposing points of view. All in all, everything about the show resonated and I came home motivated, focused and hungry to learn more about so many technologies.— Donna Payne, CEO, PayneGroup, Inc., Seattle.
d) My most memorable moment of Legal Tech 2014 can be described as both riveting and appalling at the same time. Given the increased emphasis this year on privacy and security, the documentary about "loss of innocence and loss of privacy" by Cullen Hoback was a home-run—a disturbing wake-up call for all Internet users. It exposes how Internet companies are constantly manipulating users to blindly "accept" terms and conditions of use that in turn not only exposes their personal information for gain, it allows companies and the government to turn the Internet into a "surveillance state." It is a "must see" movie that no one will like but everyone will remember.— Kevin Brady, partner, Eckert Seamans Cherin & Wilmington, Del. (Winner: 2013 LTN Innovation Award—Champion of Technology.)
2. Networking! The best part of LegalTech—always—is catching up with old friends and making new ones! —Attorney George Socha, Socha Consulting, St. Paul.
3. Start Your Engines: During Joshua Kubicki's talk at ReInventLaw NYC, he brought every founder of a legal tech startup to the stage. It was a powerful moment. There was such a diversity of companies represented therein. Josh wore a shirt that said, "legal means business." It does indeed. It also means startups and the startup activity in our industry is among the most important developments taking place in legal. There are 414 companies on Angel List and $458 million dollars in recent investment. — Daniel Martin Katz, co-director, ReInvent Law Laboratory at Michigan State University School of Law, East Lansing, Mich.
4. Fashion Show: Jason R. Baron wrapping up a great panel discussion on information governance by putting on his new Information Governance Initiative T-shirt. IG is here to stay. — Judy Selby, partner at Baker & Hostetler, New York.
5. From the Bench:
a) It doesn't get any better than "The Judges Panel" keynote on Wednesday, featuring federal Judge Shira Scheindlin and Magistrate Judges John Facciola, James Francis and Andrew Peck. The discussions were far-ranging and reflected the diversity of opinion and even disagreement among judges on key discovery issues. The judges dealt with nitty gritty—data on mobile devices and how to get it, whether or not to use a particular motion or not and what it should say—with humor and plenty of personality.— David Whelan, manager, legal information, The Law Society of Upper Canada, Toronto.
b) Listening to the panel of judges disagree about the proposed federal e-discovery rules, especially Judge James Francis’ succinct comments regarding proposed Rule 37(e): “it would curtail the ability of innocent parties to obtain relief when they are prejudiced by the destruction of information potentially relevant to litigation.”—attorney, educator Michael Arkfeld, Phoenix.
6. Scare Us: At the opening day keynote, I loved Thomson Reuters' Chief Innovation Officer Jason Thomas' exploration of the underworld of the Internet— something I've never seen before and hope to never see again. As a paranoid Internet civil libertarian, I was challenged by contemplating the freedoms people take advantage of online when they have total anonymity.— Larry Port, CEO, Rocket Matter, Boca Raton.
7. Gourmet Adventures: Our Electronic Discovery Institute dinner with 100 of our dearest friends and Lidia Bastianich at her Manhattan restaurant, Becco. A favorite moment was Jennifer Hamilton (senior and global e-discovery counsel at John Deere) reminding me that “Bring Your Own Device” is really “Share Your Own Device” because BYOD tends to ask an employee to provide personal resources to their employer. — Patrick Oot, general counsel, EDI; senior special counsel, the Security & Exchange Commission, Washington, D.C.
8. Magic: While no actual magicians performed at LegalTech, my favorite moment was when AccessData vice president Lee Reiber came close to pulling rabbits out of a digital hat at a super session in which he demonstrated the firm's mobile forensics software that makes "wiped" files on mobile devices, including data stored on and hidden in apps, reappear. Impressive, and a bit frightening. With a used Android phone he bought on eBay for $150, Reiber deftly proved that a shocking amount of information may remain discoverable on a device thought to be purged of data. Pretty much on the spot, Reiber retrieved the Droid owner's texts, contact information, e-mail, photos, and—gasp—even Snapchat images. The lessons? Wiped or deleted data may not be gone. (Everyone sort of knows this, but do we really believe it?) Your firm's retention policies may need revising. And e-discovery, more and more, includes stuff stored in smart devices and mobile apps. — Jesse Londin, lawyer, freelance writer, (author of LTN's App Bar column), New York.
9. Winter Paradise: After slogging a whole block and a half to breakfast, my colleague and I were utterly drenched and filthy from the snow and sludge. We walked into the fancy hotel restaurant looking like two drowned water rats, and our client who was in town for the show said, "It's great to see you!" — Sandra Serkes, president and CEO, Valora Technologies Inc., Bedford, Mass.
10. Prescient: My favorite moment was at the podium with AIG's Cliff Dutton and Jason R. Baron in our panel, "Have We Reached a John Henry Moment in Evidentiary Search?" panel. I was laying out my vision of a future use of predictive coding to detect and prevent lawsuits before they happen, something I had not shared with my panelists during preparation, when I realized this was not so "far out" after all. Not only did my fellow panelists instantly get it, but so did the audience. Baron quickly said that was a part of his vision of information governance, and maybe it is, but I prefer to think of it as the ultimate in litigation preparedness, namely litigation avoidance.— Ralph Losey, partner, national e-discovery counsel, Jackson Lewis, Orlando.
11. Get Well Wishes: For LegalTech, my most memorable moment was having the privilege to stand in a “We miss you” photo for DLA Piper partner Browning Marean (who was under-the-weather and could not attend LTNY) with many other LegalTech veterans. At ReInvent Law, Lisa Damon, listening to partner and national chair of the labor and employment department at Seyfarth Shaw. I was very impressed and invigorated by her presentation and her ability to light up the crowd. Her point was to not be afraid to go out there, ignite your passion for innovation. I spoke to her briefly and learned that she is in Minneapolis every other month or so to work with one of Seyfarth’s clients. I was so excited about what she had to say that I asked her to speak at our Women in E-Discovery chapter meeting. — Amy Juers, CEO, Edge Legal Marketing, Minneapolis.
12. Big Big Data: In contrast to the last few years, bringing up Big Data to the LTNY crowd (vendors, firms, consultants, etc.) did not invoke blank stares or disinterested yawns. Folks were willing and able to talk Big Data shop—mostly about ongoing analytics initiatives (primarily around legal spending and pricing) and e-discovery vendor-driven data mining and enterprise search efforts. Of the 10 or so Big Data technology/service vendors we spotted, many of them are also adding information governance to the conversation.— Jobst Elster, head of content, InsideLegal.com, Atlanta.
Compiled by Monica Bay, editor-in-chief of Law Technology News and a member of the California bar. Twitter: @LTNMonicaBay @lawtechnews
Companies, agencies mentioned: Information Governance Initiative T-shirt | Accessdata | Electronic Discovery Institute | American International Group Inc. | Valora Technologies | Security & Exchange Commission | PayneGroup | Axinn, Veltrop & Harkrider | Well Wishes | eBay Inc. | Michigan State University School
Law firms mentioned: Baker & Hostetler | DLA Piper | Eckert Seamans Cherin & Mellott | Hunton & Williams | Jackson Lewis | Seyfarth Shaw
Read more: http://www.lawtechnologynews.com/id=1202642665694/12-on-12%3A-Favorite-Moments-at-LegalTech-New-York#ixzz2t9ePDusy
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley Jason Atchley
Jason Atchley Jason Atchley Jason Atchley Jason Atchley