Testing: The War Exclusion Rule in Cyberinsurance [Part 1]

Testing: The War Exclusion Rule in Cyberinsurance [Part 1]

Case:  Merck & Co. Inc. vs. Ace American Insurance Co. et al., N.J. Super. Ct., No. L-002682-18, summary judgment 1/13/22. As Russia continues its invasion of Ukraine, cybersecurity experts are watching to see if the country will test a clause commonly found in cyber insurance policies that exclude damages caused by acts of war. If successful, this could set a dangerous precedent for future…

View On WordPress

FoxBusiness: Amazon Ring Users Shouldn't Cut the Cord Too Soon

FoxBusiness: Amazon Ring Users Shouldn’t Cut the Cord Too Soon

republished from FoxBusiness Network

Homeowners should seek more details on an Amazon worker’s claim that Ring security devices threaten their privacy before disconnecting them, experts say.

Just days after an engineer working for the shopping behemoth took a swipe at the home security company Ring citing privacy concerns, digital forensic expert Philip Rosenthal told FOX Business that consumers…

View On WordPress

Fox Business: Fitbit Devices Being Used in Criminal Cases, to Catch Cheating Spouses

Fox Business: Fitbit Devices Being Used in Criminal Cases, to Catch Cheating Spouses

Republished from FOXBusiness by Stephanie Pagones

Fitbit and other fitness tracking devices have expanded their capabilities far beyond just counting steps

a few takeaways:

1. Not withstanding privacy concerns, the pursuit of the quantified-self helps law enforcement efforts set context to a possible crime.

2. Important data such as location and interaction with other smart devices allow for…

View On WordPress

On Vacation in the European Union? The GDPR May Apply to You [The GDPR Series (20)]

On Vacation in the European Union? The GDPR May Apply to You [The GDPR Series (20)]

read more @ frivolousutility.com

Summary: Not selling or targeting EU customers/citizens does not discharge an organization’s obligation to the GDPR. An organization should not only get consent from all visitors to their website but also, understand how personal data is handled within the organization.

Even if you don’t sell to the EU, if your organization is “established” in the EU, you are…

View On WordPress

Lost

This one‘s for Reverend Green.

View On WordPress

Can GDPR Stop Browser Fingerprinting? [GDPR Series (20)]

Can GDPR Stop Browser Fingerprinting? [GDPR Series (20)]

Article excerpts from a forthcoming book – 99 Articles on the GDPR

Summary: Browser fingerprinting is an accurate method of identifying unique browsers and tracking online activity. The GDPR aims to create a more transparency on how data controllers and processors utilize fingerprinting.

Browser fingerprinting collects pseudonomysous data to create a user profile.

GDPR aims to control data…

View On WordPress

More Letters: Does PCI DSS and GDPR Complement One Another? [the GDPR Series (19)]

More Letters: Does PCI DSS and GDPR Complement One Another? [the GDPR Series (19)]

Article excerpts from a forthcoming book – 99 Articles on the GDPR

Summary: A PCI DSS compliant organization can rest assured that the demands of PCI DSS regarding the technology, processes, and procedures can be extended into this new arena of GDPR compliance.

PCI DSS is an industry standard while GDPR is a legal regulation.

PCI DSS compliance, a payment industry standard, aids in GDPR…

View On WordPress

Will Artificial Intelligence Be Required to Enter an Age of Transparency (Article 22) [The GDPR Series 18]

Will Artificial Intelligence Be Required to Enter an Age of Transparency (Article 22) [The GDPR Series 18]

It’s increasingly becoming evident that digital transformation not only entails changes in business models but also the automation of tasks. So while improvements in business may continue to arise, much of this transformation requires existing data to be used for future decision-making processes. At times, personal data may be used without consent or knowledge of that person’s data. To protect…

View On WordPress

Will Artificial Intelligence Be Required to Enter an Age of Transparency (Article 22) [The GDPR Series 18]

Will Artificial Intelligence Be Required to Enter an Age of Transparency (Article 22) [The GDPR Series 18]

It’s increasingly becoming evident that digital transformation not only entails changes in business models but also the automation of tasks. So while improvements in business may continue to arise, much of this transformation requires existing data to be used for future decision-making processes. At times, personal data may be used without consent or knowledge of that person’s data. To protect…

View On WordPress

Can International Partnerships Be Regulated? [the GDPR Series (17)]

Can International Partnerships Be Regulated? [the GDPR Series (17)]. Yes through business-to-business agreements that state necessary steps and consequences for non-compliance to the GDPR.

Article excerpts from a forthcoming book – 99 Articles on the GDPR

Summary: Yes through business-to-business agreements that state necessary steps and consequences for non-compliance to the GDPR.

Partnerships put organizations at risk due to non-compliant data transfers

Take care in accepting PII data from partners

EU personal data should be protected through agreements and compliance requests…

View On WordPress

The GDPR Series (16): Does It Really Matter Whether There is a Hard or Soft Brexit?

The GDPR Series (16): Does It Really Matter Whether There is a Hard or Soft Brexit?

Summary: No. By complying with the GDPR, UK organizations will be in compliance before and after Brexit.

Brexit Day is on March 29, 2019

Brexit will not effect UK organizations as there is a UK-specific version of the GDPR, DPA 2018

The UK still needs to negotiate terms on transferring of EU personal data

Article excerpts from a forthcoming book – 99 Articles on the GDPR

It may have been…

View On WordPress

the GDPR Series (15): Data Processing Addendums

My 🖌: the GDPR Series (15): Data Processing Addendums. DPA's are important to create transparency and shared liability amongst organizations.

As much as the GDPR is intent on creating data prioritization and privacy within an organization, it must not be forgotten that the regulation is also meant to apportion risk and responsibility to vendors, consultants, and other third parties with access to an organization’s network and data. While most organizations have been focused on their GDPR preparedness, they may have overlooked how a…

View On WordPress

the GDPR Series (14): How Can I Add Value? (Customer Contact Centers)

the GDPR Series (14): How Can I Add Value? (Customer Contact Centers)

Summary: A focus on customer contact centers and GDPR can allow businesses to build strong bonds of trust and drive incremental revenue streams and ultimately competitive edge.

I’ve been advising a fantastic startup in the customer success space, Cleo. Through interactions with the team, I realized that contact centers (i.e. customer success and customer service) have long been an avenue to…

View On WordPress

the GDPR Series (13): The 3 Day Rule [Article 33]

the GDPR Series (13): The 3 Day Rule [Article 33]

Summary: The 72-hour breach reporting requirement will require coordination between people, process & technology for success in the EU and abroad.

Article 33 of the GDPR requires a mandatory 72-hour breach reporting requirement. In the event of a personal data breach, data controllers notify the appropriate supervisory authority “without undue delay and, where, feasible, not later than 72 hours…

View On WordPress

the GDPR Series (12): Data Shred Ahead of May 25th

the GDPR Series (12): Data Shred Ahead of May 25th

Summary: Data shredding should be one of the key components of an organisation’s plan for remaining GDPR compliant.

My personal thoughts after listening to C-level executives at the CxO Roundtable Series sponsored by Intel, IBM, HyTrust & ReedSmith. For an invite, please reach out to me.

According to an IBM survey of 1,500 business leaders, 76% of respondents see the GDPR as a chance to create…

View On WordPress

the GDPR Series (11): Watch out for the Opt Out

the GDPR Series (11): Watch out for the Opt Out

Summary: The transition from “opt-out” to “opt-in” consent will effect the close and delight states of the marketing lifecyle.

My personal thoughts after listening to C-level executives at the CxO Roundtable Series sponsored by Intel, IBM, HyTrust & ReedSmith. For an invite, please reach out to me.

The GDPR is expected to give organizations and EU citizens a real chance to renegotiate the terms…

View On WordPress

the GDPR Series (10): Don’t Forget about Privacy Policies

Summary: Privacy policies will become more simplified and transparent as organizations comply with the GDPR Articles 12, 13 & 14.

Summary: Privacy policies will become more simplified and transparent as organizations comply with the GDPR Articles 12, 13 & 14.

My personal thoughts after listening to C-level executives at the CxO Roundtable Series sponsored by Intel, IBM, HyTrust & ReedSmith. For an invite, please reach out to me.

The GDPR regulation comes into effect in a bit over 2 weeks and while companies are fretting…

View On WordPress