While the world was quarantining, the privacy and data security world was busy. Now the California Consumer Privacy Act is in full swing with final regulations, the U.S./EU Privacy Shield is no longer valid, and the attorney-client privilege in data breaches has been challenged. With most purchases and interactions happening online, online businesses and virtual meeting spaces are in the crosshairs. Even your old trusty vendor agreement is at risk. All of these changes have significant implications for your clients and your practice, and it is easy to feel behind the curve. Your NCBA Privacy and Data Security Committee has your back! We’ve created a full day seminar (6 MCLE credits*) to get you up to speed. You’ll get ethics and technology credit as well. And with safety in mind, the seminar will be 100% virtual. If you are one of the first 30 people to sign up, you’ll receive a $65 discount. You can sign up here.
Hope to “see” you there!
*6.00 MCLE Hours Includes 1.00 Ethics/Professional Responsibility and 1.00 Technology Training Qualifies for NC State Bar Privacy & Information Security Law Specialization
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Privacy and Data Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngPrivacy and Data Security2020-09-03 10:29:542020-09-03 14:48:48A Lot Has Changed in Privacy and Data Security This Year. Do You Feel Up to Date?
Greetings Privacy and Data Security Section members, and welcome to the 2020-2021 bar year! It is my honor and privilege to serve as Chair this year, and I am looking forward to working with an amazing and highly invested group of council members, committee co-chairs, and NCBA staff. I’m also very excited about this year’s top-notch programming, activities, blog content, and other valuable benefits our Section provides our members.
While this year may look a little different in light of the unique challenges that we are all navigating during the COVID-19 pandemic, the Section leadership is committed to providing the same excellent CLE programming, social and professional benefits, and practical tips and discussions with colleagues in this evolving area of law.
Below is an update on the Section’s activities this year and some opportunities for members to get involved in the Section’s work.
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngSecurity2020-08-20 16:55:122020-08-20 16:55:12A Message from the Chair of the NCBA Privacy and Data Security Section
Over the past few weeks, parents all over the country let out a collective sigh of relief when the school year ended. They could relinquish their new duties as at-home [insert subject here] teacher. Meanwhile, college and graduate students sat for final exams remotely, shifted to pass/fail grading rubrics, and mourned lost graduations and rites of passage.
Educational institutions from elementary schools to law schools are now considering whether to go fully or partially online in the fall of 2020 and beyond. While privacy has long been a conversation in the education sector, data privacy and cybersecurity issues should be front and center for not only decision-makers but also educators, faculty, and administrators as they make these decisions. Data privacy and cybersecurity issues will not be new to those in the education sector, but what may be novel are all the different parties who may now have access to personal information. These include technology vendors who are not familiar with the student data regulatory landscape, as well as new sources of data as more online tools are leveraged in the distance learning environment. The shifting privacy and cybersecurity landscape makes this a daunting task even for the most tech-savvy institutions. So, where should one start? As discussed in detail below, educators and administrators should ground themselves in applicable requirements under federal and state privacy laws, conduct due diligence on all education technology vendors, and implement or update distance learning policies.
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngSecurity2020-07-09 11:15:002020-08-12 17:17:40School’s Out for Summer! (School’s Out Forever?): Distance Learning Policies and The New Normal
Thanks to social distancing mandates, teleconference platforms have experienced a huge surge in site traffic as new users around the world participate in telehealth, telework, and many other teleservices that have now been transitioned online.[1] As virtual capabilities become more important to our daily lives than ever before, now is also the time to focus on the importance of our daily digital hygiene by gearing up with VPN and encryption services in the same way as we do with our masks and gloves.
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngSecurity2020-05-20 15:59:022020-05-20 16:24:15Why VPNs and Encryption Services Are Our Digital Masks and Gloves
On March 9, 2020, the U.S. Department of Health and Human Services (HHS) finalized two rules (now released for publication in the Federal Register, as of April 21, 2020) intended to give patients additional access to their health data. The rules, issued by the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC), implement interoperability and patient access provisions of the 21st Century Cures Act as well as the Administration’s MyHealthEData initiative.[1] The heart of CMS’ rule is to support data flowing freely and securely between payers, providers, and patients, and to truly achieve coordinated care, improved health outcomes, and reduced costs.[2]
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngSecurity2020-04-23 12:30:142020-04-24 11:43:18Hey Health Plan, I Want _______ App to Have My Health Data!
Ransomware has been an ongoing threat to law firms for years.[1] Once impacted by this form of attack, law firms struggle with issues such as how to pay ransom, which often requires some form of cryptocurrency (e.g., bitcoin). Alternately, if the firm elects not to pay the ransom, the issue becomes how to provide continuous service to its clients while staff cannot access important files from a down computer network.
While ransomware is a more recent threat compared to other forms of malware, the delivery vehicle used for such attacks has been around for decades. Most ransomware attacks start with a phishing email. Prior to ransomware, most phishing emails captured account credentials that attackers then repurposed for spam attacks. But with the advent of ransomware, attackers found a more lucrative outlet for their “creative” ideas. Studies predict there will be a ransomware attack on businesses every 14 seconds by the end of 2019, and by 2021, it’s projected that attacks will increase to every 11 seconds.[2] Educating users not to click on phishing emails is more important than ever and is a critical first step in preventing ransomware attacks. But what is the most effective way to train users to avoid the 1.5 million new phishing sites that are created each month?[3] In addition to regular security awareness training that explains how to pick a strong password, companies should amend their training to include phishing awareness.
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngSecurity2020-04-15 09:19:082020-04-15 12:12:15Educated Users Are the Best Defense Against Phishing And Ransomware
We are in unprecedented times with COVID-19 (Coronavirus). It is now more important than ever that we help our neighbors and those who are not as fortunate. I am confident that each of you is doing your part.
Even in the best of times, however, over 1.5 Million North Carolinians struggle with hunger—of those, nearly half a million are children. With public schools and many religious and nonprofit organizations that traditionally serve the food insecure in our communities being closed for indefinite periods, and government leaders calling for social distancing to help limit the spread of Coronavirus, that need is never more pressing than now.
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngSecurity2020-03-23 10:54:032020-03-24 09:08:55Fight Hunger, Help Others in the COVID-19 Pandemic - Participate in the Legal Feeding Frenzy and Support Your Local Food Bank!
Greetings Privacy and Data Security Section members! It’s hard to believe we’re more than halfway through our inaugural year as a Section.
Following the Section Council’s February meeting, I wanted to provide an update on the Section’s activities and highlight some opportunities for members to get involved in the Section’s work.
Annual Meeting and CLE – Planners Needed
On October 24, 2019 the Section held its first Annual Meeting and CLE at the Bar Center in Cary. The meeting was jam-packed with useful content and was well-received by attendees. Thanks again to the speakers and to Karin McGinnis and Kate Kliebert, the co-chairs of the CLE committee, for their work in making the program a resounding success.
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngSecurity2020-03-10 08:18:092020-03-10 15:31:32A Message from the Chair of the NCBA Privacy and Data Security Section
What a year it has been! As one year closes and another begins, let us take a moment to reflect on the significance of 2019. It may not be an exaggeration to say that 2019 brought some of the most important changes in privacy and data security law that most of us have seen in our professional careers.
Yet, with all the momentum toward heightened consumer data protection, there remain conspicuous absences: Congress again considered, and again failed to deliver, a comprehensive privacy and data security bill. The North Carolina General Assembly declined to meaningfully revise the State’s core privacy and cybersecurity statute (the Identity Theft Protection Act or ITPA); House Bill 904, the most recent incarnation of Representative Jason Saine’s and Attorney General Josh Stein’s bipartisan update to the ITPA, languishes in the General Assembly. The General Assembly did, however, approve some modest updates to the data security laws affecting North Carolina government entities, in HB 217/SL 2019-200, giving the State Chief Information Officer greater oversight of State agencies’ cybersecurity controls.
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngSecurity2019-12-31 13:47:302022-01-10 09:37:23Was 2019 the “Year of Privacy” in the U.S.? (Or Will It Be 2020?)
In June of this year, Alex Pearce and Sean Fernandes wrote on this blog about the increasing role of state AGs in data security enforcement actions. Boy were they right!
Just a month later, on July 22, 2019, the attorneys general of fifty U.S. states and territories, including North Carolina, the Federal Trade Commission (FTC), and the Consumer Financial Protection Bureau (CFPB) announced a settlement with Equifax, Inc., following what has been reported as the largest-ever breach of consumer data in the U.S.[1]
The Equifax Breach
In September 2017, Equifax, one of the “big three” consumer reporting agencies, announced a data breach affecting more than 147 million consumers—a number that represents nearly half of the population of the United States. The information reportedly exposed included consumers’ names, social security numbers, dates of birth, addresses, credit card numbers, and driver’s license numbers.
Attorneys general from the across the U.S. moved quickly to organize a coalition to undertake a multi-state investigation of the breach in conjunction with federal regulators. The investigation found that Equifax had failed to implement adequate security measures to protect consumers’ sensitive personal information.[2]
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngSecurity2019-10-17 15:49:162019-10-17 15:50:45Equifax and the Increasing Role of State Attorneys General in Data Privacy Regulation and Enforcement
By 
By 
By 
By 
By