Law Offices of Shaun Whitehead

From The Desk of Shaun Whitehead

GET 1 LAw Today

Technology & The Law: Focus on Privacy *

 Shaun E. Whitehead, ESQ, Attorney at Law

The law related to technology and privacy is changing fast. The European General Data Protection Regulation (GDPR) has an impact far beyond the EU alone and goes into effect May 2018.  US companies doing business in Europe need to pay close attention to GDPR.   The way you obtain consent is vital to compliance and new reporting guideline means companies must act fast.  Failure to comply could result in fines for this act can be upwards of 20M EURO.  We estimate that the average cost to litigate a compliant under GDPR to be $214K, per complaint based on our survey sample of 318 similar privacy actions.

Also, in March 2018, US the Clarifying Overseas Use of Data (CLOUD) Act passed in the dark of night now further regulating cross-board data requirements in the US.   But, there are still many unanswered questioned about privacy and the law.   Corporations, big or small, can’t afford to go at it alone.  Navigating this complex roadmap requires a multidisciplinary team to translate requirements and priorities into action.  
Consumers are increasingly concerned about data privacy related to personal smart devices. The scale of data with discrete privacy data points continues to grow exponentially.  Many smart device consumers are concerned about companies selling their personal data and want more controls to opt-in and out data sharing.  In fact, tech firm Gartner highlights that 1:3 consumers report switching brands after a data breach.   Privacy isn’t just an issue for the courts but one that impacts your brand long term.

Social Engineering & Product Liability
With tech giants like Facebook making headlines corporations must ask the questions around social media platforms and consumer liability.  Cybercriminals, state actors and even your employees are exploiting social media platforms like Facebook to conduct mildly sophisticated social engineering attacks.  Social engineering is essentially the art of attaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques. For example, a social engineer might obtain the basic password reset data from social media platforms like Facebook.  Questions like where you went to college or your favorite color are easily accessible.  Attackers then, use this information to gain access to your corporate enterprise.  Beyond Facebook, all social media platforms stand as entry points to hackers, all using the data points below to make your corporation more vulnerable.

As social media becomes a bigger part of corporations business models, the question of protecting your enterprise against these types of hacks must be top of mind.

Fake Apps – Social Media
Fake applications is another rising problem on social media that can put your company at risk.  For example, on October 21, 2016, Twitter, Spotify, the New York Times, Netflix and other high-profile brands simultaneously became inaccessible on the internet. Dyn, the company that maintains the web address directories of these and some other well-known companies, saw the most extensive Distributed Denial of Service (DDOS) cyber-attack ever witnessed.  Hundreds of thousands of home devices connected to the internet sent billions of data packets to knock out the registry called the Domain Name Service (DNS). Most of the IoT devices involved was either poorly password-protected or completely unguarded: smart meters, smart cameras, smart watches, smart TVs, intelligent coffee makers and more.   Many times these attacks involve the criminal setting up a fake app, advertising via a social media platform, with a name similar to the existing product.  Consumers download the application, believing it to be trusted, and provide personal data that puts them at risk.  In addition, attacks like these tarnish company brands and impact your bottom-line

What Can Be Done?
First, realize there is no one size fits all solution.  While there are a number of outstanding cybersecurity offerings to protect your company and its reputation, there is no perfect solution.  The right legal team is critical.  Regulations are changing dynamically and criminal are finding new opportunities each day.  Develop an aggressive takedown process for phony apps and protect your brand.   
Remember, the right answer starts with accessing your company’s risk and understanding the regulatory environment which you operate.  Proactive risk management is best, but also having a plan when your best efforts fail.   Plan with an experienced attorney that can help you craft communication, social media presents and crisis strategy so you don’t become the next headline

*This blog is not legal advise, as each case may vary