MT>3
  • Home
  • About
  • People
  • Services
    • e-Discovery
    • Managed Review
    • Information Governance
    • Due Diligence
  • Blog
  • News
  • Contact

Can Cybersecurity Protection Obviate the Need for Information Governance?

30/3/2015

 
On March 10th, Hillary Clinton held a press conference to defend her use of her own email server for State Department communications (see our March 11th blog). One of the things she said during that press conference was that she was sure the clintonemail.com server had never had a security breach. Clearly Ms. Clinton doesn’t realise that it is possible for the server to have been hacked, and not discovered.

Case in point. Last week, Premera Blue Cross, who provides health insurance in the U.S. Pacific Northwest and Alaska, 
announced that they had suffered a hack in May, 2014, exposing claims and clinical data affecting 11 million customers. The breach was apparently uncovered on January 29 of this year, seven months after the incident occurred it was only discovered after a related insurer discovered that they too had been breached, causing Premera to check its own servers for tattletale signs.

Cybersecurity professionals are increasingly saying that the emphasis should be placed on 
catching attackers in the act rather than trying to prevent them from breaching the walls in the first place, since it’s becoming apparent that the walls won’t always prevent the attack.

​Setting traps and catching hackers in the act is fine, but only if you detect the breach in the first place. To truly protect information, it has to be secured even if it’s stolen. This is where information governance comes into play. By eliminating what you don’t need (so it’s not there to steal) and identifying your crown jewels (so that you can lock them away using encryption), if an attack is not detected in time, you can still rest assured that all the hackers stole was a bunch of undecipherable gibberish.

Wortzman on Document Review as Legal Work in Law Times

27/3/2015

 
​Read what Susan Wortzman has to say about why document review is generally legal work in the March 23, 2015 Law Times article “Lawyers Confused at Stance on Document Review”.  In the article, Wortzman says that “(t)he document review that Wortzmans typically does involves making assessments of relevance, privilege, significance, and maybe classifying documents by issues”.  In those cases, she says “what we have are lawyers exercising or using their legal judgments to make determinations as to whether particular records are relevant and/or producible in litigation. So in my view, that’s legal work.” Click on this link to read the whole article:

​http://www.lawtimesnews.com/201503234557/headline-news/lawyers-confused-at-stance-on-document-review).

The Mounting Costs of a Data Breach

25/3/2015

 
Target has reached a settlement of the class actions brought against it as a result of the data breach the company suffered in November 2013.  On March 19, 2015, a US court granted preliminary approval to a proposed settlement that would see Target pay US$10 million to class members as well as implement measures to better protect customer data (see In re: Target Corporation Customer Data Security Breach Litigation, 2015 U.S. Dist. LEXIS 34554 (D. Minn. 2015)).  The final hearing to approve the settlement will be in November 2015.

Under the proposed settlement, affected customers are eligible for damages up to a maximum of $10,000, provided they have documentary evidence of actual losses that were ‘more likely than not’ caused by the data breach. The settlement also requires Target to implement business measures to protect customer data.  The company has agreed to appoint a Chief Information Security Officer, maintain an information security program and procedures for monitoring and responding to information security events. It has also agreed to implement employee training about why and how to secure customers’ personal information.

The costs of the settlement are a drop in the bucket compared to the initial costs of responding to the breach that Target reported last August.  At that time, those costs were reported at $148 million. Release of that information was quickly followed by a drop in Target’s share price (see: 
http://www.forbes.com/sites/samanthasharf/2014/08/05/target-shares-tumble-as-retailer-reveals-cost-of-data-breach/).

​There is a high price to data breaches.  Being proactive, rather than reactive will reduce that risk. Organizations should implement information management and security measures before those unnecessary costs are incurred.

<<Previous

    Categories

    All
    Artificial Intelligence
    Blockchain
    Cyber Security
    E Discovery
    Information Governance
    Legaltech
    Privacy
    Social Media
    Technology


    Archives

    February 2021
    November 2020
    October 2020
    July 2020
    June 2020
    April 2020
    March 2020
    February 2020
    January 2020
    November 2019
    October 2019
    September 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    May 2018
    April 2018
    March 2018
    September 2017
    August 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    October 2013
    September 2013
    August 2013
    July 2013
    June 2013
    May 2013
    April 2013
    March 2013
    February 2013
    January 2013
    December 2012
    November 2012
    October 2012
    September 2012
    August 2012
    July 2012
    June 2012
    April 2012
    March 2012
    February 2012
    January 2012
    December 2011
    November 2011
    October 2011
    September 2011
    August 2011
    June 2011
    April 2011
    March 2011
    February 2011
    January 2011
    December 2010
    November 2010
    October 2010
    September 2010
    August 2010
    July 2010
    June 2010
    May 2010
    March 2010
    February 2010
    January 2010
    October 2009
    September 2009
    August 2009
    December 2008
    March 2008
    November 2007
    October 2007

130 Adelaide Street West Suite 2020
Toronto, Ontario M5H 3P5
​ ​
t: 416-642-2220  
tf: 1-877-642-2220  
f: 416-868-0673
Contact MT>3
@MT>3 2018. All Rights Reserved
Picture

Privacy Policy and Terms of Use

  • Home
  • About
  • People
  • Services
    • e-Discovery
    • Managed Review
    • Information Governance
    • Due Diligence
  • Blog
  • News
  • Contact