Protenus, Cyber Risk and Liability Trends in the Healthcare Realm (March 2023)
Insurance Roundtable of Baltimore, Fowler Seminar, Privacy and Data Security - A Sea of Change (October 2022)
Columbia University Pre-College Program, Law at the Cutting Edge of Technology (August 2022)
Cybersecurity Association of Maryland, Inc., Communicating through a Crisis (March 2022)
Maryland State Bar Association Labor & Employment Law Newsletter, Privacy Implications of Vaccine Credentialing Systems (Winter 2022)
Bowie State University Cyber Day, Cyberspace Social Media: The Law, The Tech and The Human Element, Panel (October 2021)
Law Society of Ontario Annual Program, Cybersecurity: What You Need to Know, COVID and Beyond, Virtual Panel (March 2021)
bwtech@UMBC, Webinar: Ransomware 101 (December 2020)
NAPHSIS 2019 Identity & Security Conference - Legal Aspects of Data Sharing (November 2019)
Nonprofit Risk Management Center’s 2019 Risk Summit - Cyber Liability: Forming and Facilitating an Incident Response Team; Cyber Survivor – Surviving and Thriving in the Wake of a Data Breach Claim (October 2019)
Diocesan Fiscal Management Conference’s Annual Meeting - Navigating a Sea of Data Privacy + Security Risk (October 2019)
ASAE Annual Meeting & Exposition - A Primer for Understanding Your Association's Cyber Risk (August 2019)
Cybersecurity Association of Maryland, Inc. Maryland Cyber Breakfast Club - Risk Mitigation Strategies for Cybersecurity Product and Service Providers (June 2019)
Veterans Institute for Procurement - IP Risks and Protection When Doing Business Outside of the USA (June 2019)
bwtech@UMBC: European Privacy Invasion (GDPR) One Year In, California Privacy Takeover (CCPA) Six Months Out (May 2019)
Association of Commercial Financial Attorneys Continuing Legal Education Weekend - Navigating a Sea of Data Privacy + Security Risk (May 2019)
bwtech Executive Workshop for Int'l CyberSecurity Companies - What are the TOP Things a Foreign Company Should Know When Establishing a Business in the US? (April 2019)
ID Agent Webinar - Canadian-U.S. Legal Landscape (February 2019)
Edwards Project Solutions’ Cyberbytes Series - Cyber Realities In Corporate America Panel (January 2019)
bwtech@UMBC Cybertini, Baltimore, MD - Cybersecurity Issues in Healthcare (October 2018) (moderator)
Financial Executives International, Hunt Valley, MD - What Executives Need to Know About Cyber Security (June 2018) (speaker)
LeadingAge Maryland Finance & Strategy Symposium, Frederick, MD - What You Don't Know CAN Hurt You - Cybersecurity for Senior Living (November 2017) (presenter)
Association of Corporate Counsel, Baltimore, MD - Balancing Privacy Law Compliance with Safeguards Against Insider Data Security Threats, (May 2017) (presenter)
Panthera Technologies Seminar, Owings Mills, MD - The Roadmap to Sustained Security & Compliance: Overcoming the Challenges of Getting Started, (May 2017) (presenter)
ASAE’s 2017 Marketing, Membership & Communications Conference, Washington, D.C. - “Surviving and Thriving a Cyber Security Breach: A Guide for Membership, Marketing and Communication Association Executives” (May 2017) (presenter)
ASAE Law Symposium, Washington, D.C. – Compliance + Mitigation in a Sea of Data Security Risk (Oct. 2016) (panelist)
Katz Abosch Government Contracting Symposium, Arundel Preserve - Creating Marketplace Diversification with your Technology Service Offerings (Nov. 2016) (panelist with Spencer Wilcox and Dan Larkin)
CRTC Commercial Cyber Event – Insider Threats (Nov. 2016) (panelist with Mike Miller and Shawn Thompson)
Cyber Maryland, Baltimore - Good, Bad or Wacky? Recent Changes in Global Privacy & Security Laws (with Howard Feldman) (Oct. 2016)
CRTC Commercial Cyber Forum, Baltimore – Insider Threats (Nov. 2016)
BrightTALK Webinar - Privacy v. Security: Balancing Vulnerability Awareness & Incident Prevention (Oct. 2016) with Tim Vogel of Xtium and Kevin Lancaster of ID Agent
ALM cyberSecure, New York, NY – The Dark Web: A Black Market for Exploiting your Stolen Data (Sept. 2016) (moderator)
Risk Summit, Chicago, IL - Solving The Puzzle: How To Prepare For And Respond To Data Security Threats (Sept. 2016)
Retail Solution Providers Association, Grapevine, TX - Compliance + Mitigation in a Sea of Data Security Risk (Aug. 2016)
ASAE Association Law for Non-Lawyers, webinar – Data Security Breach Response Best Practices (May 2016)
Association Trends Finance Live, Washington, DC – Data Security Risk Management: How to Prepare for and Respond to Data Security Threats (May 2016)
Private Client Presentation – Panama Papers (April 2016)
Cybersecurity Association of Maryland + Chesapeake Regional Tech Council , Baltimore, MD – Identifying, Quantifying, Insuring & Mitigating Cyber Risk (April 2016) (with PSA Insurance, Ernst & Young LLP, and NFP Property & Casualty)
ASAE law Symposium, Washington, D.C. - Data Security Breach Response: Best Practices (Oct. 2015) (with DataStreet)
Association Trends Finance Live, Washington, D.C. – How to Find a Silver Lining in an AMS Cloud Contract (Sept. 2015)
ASAE Annual Meeting, Detroit, MI – Help! I’ve Been Hacked! (August 2015)
Association Trends, Webinar – Negotiating Association Software Contracts: Effective Business and Legal Strategies (May 2015)
Percona Live, Santa Clara, CA – Data Security - Emerging Legal Trends (April 2015)
Private Client Presentations, New York + Baltimore - GPL + LGPL Presentations for Executive Management (August 2014; Nov. 2014; April 2015)
Ft. Meade Alliance Industry Day, Baltimore – Commercial Cyber Discussion (March 2015) (with Exelon) (moderator)
bwtech@UMBC, Baltimore - The Startup Yellow Brick Road: Going from Service to Product Company (Feb. 2015) (moderator)
Private Presentations for Accounting Firms, Baltimore - Cyber Security for Accountants – (2014)
Association Execs, Webinar – Protecting Your Association’s IP (Dec. 2014) (with Jeff Glassie)
ASAE Law Symposium, Washington, D.C. - The Impact of Data Breaches, Cloud Computing, Tech. Contracts + Cyber Insurance (Oct. 2014) (with Spotkick)
PSA Insurance, Hunt Valley, MD – Understanding, Preparing for & Responding to Cyber Threats (Sept. 2014) (with Tangible Security)
Association Trends Finance LIVE: Technology Initiatives in Nonprofits, Washington, D.C. – Could this be You? (Sept. 2014)
NYSE Governance Services, Washington, D.C. – Thought Leadership Roundtable on Cyber Security (May 2014)
ASAE Tech Conference, Washington, D.C. - Understanding, Preparing for, and Responding to Legal Risks that Cyber Threats Pose to Associations and Nonprofit Organizations (Nov. 2013) (with APhA and Howard Feldman)
Corporate Board Member: The Board IT Challenge, Atlanta – Battling Cyber Crime: Do you Know your Enemy? (Oct. 2013)
ASAE Law Symposium, Washington, D.C. – Cybersecurity Threats + Legal Risks (Sept. 2013) (with NACHA and Howard Feldman)
Association Trends Finance Live, Washington, D.C. – An Update on Legal Issues in Technology (Sept. 2013)
bwtech@UMBC, Baltimore – Cybersecurity Threat Info. Sharing Executive Order (May 2013) (with NIST and others) (moderator)
Association of Corporate Counsel, Baltimore – Practical Lessons learned: An Overview of Cyber Law & Information Governance (Feb. 2012) (with Feldman)
Corporate Board Member: The Board IT Challenge, Chicago – An Overview of Cloud Computing Risks (Oct. 2012)
Cyber Maryland, Baltimore – Demystifying Cyber Policy: What Every Executive Should Know (Oct. 2012) (panel)
Whiteford Blog - Are Associations and Nonprofit Organizations the Next Big Target for Cyber Attacks? (Sept. 2012)
Cyber Security Summit, Baltimore Business Journal (2011)
International Information Privacy Compliance, eZ Systems Conference, Skein, Norway (2006)
Managing Success in a Post-9/11 World, techcenter@UMBC (2004)
Understanding Open Source & Its Business Implications, Greater Baltimore Tech Council (2004)
U.S. & Int'l IP Protection Strategies, Loyola College Exec. MBA Program (2005, 2004, 2003, 2002 & 2001)
Issues in Technology Contracting, Maryland Judicial Institute for Judges Assigned to Business & Technology Case Management Program (2003)
Whose Design Is it Anyway?, Whitmore Lunch & Learn Series (2003) & AIGA Seminar (2002)
Assessing & Managing Your IP Risk, Marsh/Whiteford Seminar (2002)
Open Source Software Licensing, U. Balt. School of Law (2002)
Maryland IP Law Update, U. Balt. School of Law (2001)
Emerging Privacy Laws (2001); Facets of Law as Applied to Technology, Loyola College Exec. MBA Program (2000 & 1999)
IP Issues in the Workplace, Lorman Seminar on Covenants Not to Compete (2000)
International IP & Technology Transfer Strategies, Ukraine Technopark Managers Course, Loyola College Int'l Technology Research Institute (2000)
Practical Legal Issues in e-Commerce, MICPEL Seminar (2000) (also, co-chair)
Facing E-Commerce Head On; International E-Commerce: Order Out of Chaos, IP Licensing Skills Workshop, Whiteford Technology and IP Legal Issues Workshop (1999)
Trademarks, Digital Signatures & Privacy Issues on the Internet, MSBA Annual Meeting, (1999)
Electronic Commerce and the New Millennium - Current Issues From a Practitioner's Perspective, U. of Baltimore School of Law IP Law Society (1999)
Strategies for Protection of U.S. IP; Webpage Do's & Don'ts; Fundamentals of Trademark Law, Whiteford Technology and IP Legal Issues Workshop (1998)
Electronic Commerce, MICPEL (1998)
IP Issues in the Workplace, Whiteford Employment Law Seminar (1998)
Computer Software Copyright Infringement Analysis and Resolution, IP Committee of MSBA Business Section (1998)
Selected Internet Domain Name and Jurisdiction Issues, IP Committee of MSBA Business Section (1997)
U.S. Trademark Registration Practice, full-day lecture to Chinese IP Lawyers and Judges (1996)
UCITA Spells Controversy, The Business Monthly (2001) and The Maryland Bar Journal (2000)
Kids Say The Darnedest Things, The Advocate, (1999)
Businesses May Get Burned By New Online Law, Baltimore Business Journal (1999)
The New Millennium: Don't Let It Bug Your Practice, TortSource (1999) and Bar Bulletin (1999)
Who's Minding The Store?; Protecting Your Company's Trade Secrets, The Business Monthly (1998)
The Internet: Spamming, Framing and Free Speech, The Maryland Bar Journal (1998)
ARTICLES
June 12, 2024
The Federal Trade Commission (FTC) issued a final rule to amend its Health Breach Notification Rule (HBN Rule). The HBN Rule requires certain entities that handle unsecured personally identifiable health data to notify individuals, the FTC, and sometimes, the media of a breach of security.
May 29, 2024
On May 9, 2024, Governor Wes Moore signed into law the Maryland Online Data Privacy Act of 2024 (“MODPA”). MODPA will take effect on October 1, 2025, but will not apply to personal data processing activities occurring before April 1, 2026. MODPA is the latest in a series of state data privacy laws that impose comprehensive obligations on businesses that collect, process, or sell personal data of consumers and otherwise meet certain jurisdictional thresholds.
May 2, 2024
In addition to its well-publicized move to prohibit more than 150 million Americans from posting embarrassing dance videos of themselves on
TikTok (at least while it is Chinese-owned), the U.S. federal government recently adopted two significant federal data transfer prohibitions: (1) the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (“PADFA”); and (2) an Executive Order entitled “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” Any organization that currently shares, or is considering sharing, sensitive personally identifiable information with anyone in China, Russia, Iran or any other “foreign adversaries” of the United States should determine whether these new prohibitions require them to change their data transfer activities.
February 26, 2024
On January 16, 2024, New Jersey became the fourteenth state to enact comprehensive privacy legislation after the passage of the New Jersey Data Privacy Act (“NJDPA”), adding to the growing national focus on consumer personal data protections, albeit at the state level.
September 20, 2023
On September 11, 2023, Delaware became the latest state to enact comprehensive privacy legislation, following the recent enactments of data privacy laws in Iowa, Indiana, Florida, Montana, Tennessee, Texas, and Oregon.
August 23, 2023
Under final regulations updated on March 1, 2023 and effective as of September 1, 2023, the National Credit Union Administration (“NCUA”) imposed stringent new cyber incident reporting requirements on federally chartered corporate credit unions and federally insured, state-chartered corporate credit unions (“FICUs”). FICUs that experience a cyber incident that rises to the level of a “reportable cyber incident” must now notify the NCUA (a) as soon as possible; and (b) no later than 72 hours after the FICU reasonably believes that it has experienced a reportable cyber incident or received a notification from a third party regarding a reportable cyber incident.
August 21, 2023
The U.S. data privacy regulatory framework is complex and is becoming more so with each passing day. On July 18, 2023, Oregon became the eleventh state to enact comprehensive privacy legislation, joining five other states (Iowa, Indiana, Montana, Tennessee, and Texas) that have passed “comprehensive” privacy legislation this year.
July 14, 2023
The Federal Trade Commission (“FTC”) is poised to issue updated Guides Concerning the Use of Endorsements and Testimonials in Advertising (the “Guides”) following a comment period on the proposed changes. This alert provides an overview of the proposed updates, which will impact all businesses that engage in any form of advertising and especially those advertising through social media and other online advertising channels.
June 27, 2023
On June 18, 2023, Texas became the eleventh state to enact comprehensive privacy legislation after the recent passage of the Texas Data Privacy and Security Act (“TDPSA”). Texas now joins Tennessee as the latest entry into an increasingly complex web of state privacy laws. On May 11, Gov. Bill Lee signed into law the Tennessee Information Protection Act (“TIPA”), which itself follows recent enactments of data privacy laws in Iowa, Indiana, Florida, and Montana.
June 6, 2023
The Federal Trade Commission (“FTC”) recently brought its first enforcement action under the Health Breach Notification Rule (“HBNR”). The associated record contains important lessons for app developers, privacy professionals, and other organizations in the health technology industry.
February 23. 2023
If your organization collects or uses, or is thinking about collecting or using, biometric data, such as fingerprints, DNA scans, retinal scans or voice prints obtained from customers, employees or others, the Maryland Biometric Data Privacy Act (the “Biometric Act”) currently under consideration by the Maryland General Assembly should be of keen interest to you. If adopted,
House Bill 33 (“HB 33”) (and its companion, Senate Bill 169), would regulate “private entities’” which collect or possess biometric data and subject those who violate those regulations to investigations and claims brought by the Maryland Attorney General or private litigants.
October 5, 2022
Effective October 1, 2022, Maryland has adopted
Senate Bill 207, a data security law applicable to insurance carriers.
September 29, 2022
The Maryland Personal Information Protection Act was amended by
House Bill 962 during the 2022 legislative session; the amendment goes into effect on October 1, 2022 and expands the definition of personal information to include genetic information about individuals.
July 25, 2022
With the passage of the Virginia Consumer Data Protection Act (Va. Code Ann. §§ 59.1-575 to 59.1-585) (“VCDPA”) on March 2, 2021, Virginia residents now have certain rights regarding their personal information, while business entities conducting business in Virginia may have new and additional data collection and protection obligations, if they meet certain jurisdictional thresholds.
VCDPA will become effective on January 1, 2023. As a result, organizations conducting business in Virginia may need to review their data collection and processing obligations for applicability of the VCDPA, and in preparation for the VCDPA taking effect.
This brief article is intended to highlight certain key requirements of the VCDPA.
July 11, 2022
If you operate a mobile app or any other online platform that features consumer reviews, there are important rules you need to know when it comes to procuring, organizing, or editing consumer reviews of your products or services.
The risks are real. Any actions you take that have the effect of distorting or misrepresenting consumer reviews may give rise to allegations of potentially deceptive conduct and enforcement actions by the Federal Trade Commission (“FTC”) under Section 5 of the FTC Act.
As a matter of general guidelines, a few key principles emerge from Section 5 of the FTC Act. Namely, companies (1) should be transparent about their review-related practices and (2) should treat consumer reviews in a way that truly reflects the feedback received from legitimate customers, presenting a true and holistic picture of the consumers’ experiences and interactions with the companies’ goods or services.
While these guiding principles may seem straightforward enough, many companies have engaged in practices that are, in fact, illegal. It’s important to know that, if adopted, these practices can give rise to significant liabilities. This brief article is intended to highlight, and help you avoid, some common pitfalls.
October 7, 2021
At a time when contractors are attempting to implement shifting and unclear cybersecurity requirements, the United States Department of Justice (DOJ) is now promising to wield the False Claims Act when it – in its sole discretion – finds contract performance wanting.
September 8, 2021
On September 8, 2021, an ordinance prohibiting use of facial recognition technology in Baltimore City took effect. The law, City of Baltimore Ordinance 21-038: Surveillance Technology in Baltimore, was passed by the Baltimore City Council in June and signed by Mayor Brandon Scott on August 9. In passing the law, Baltimore joins a small number of local jurisdictions – including Portland, Oregon and New York City – and states – including Illinois, Texas and Washington – in regulating the use of certain biometric technology.
June 17, 2021
Europe began the trend, California followed suit shortly after, and now the flood gates have opened. Colorado is the third state that is on the brink of enacting a strict and extensive privacy law that has significant implications for a wide variety of organizations that control or process personal data.
May 14, 2021
In the wake of the Colonial Pipeline Hack, on May 12, 2021, the Biden Administration issued an Executive Order (EO) on Improving the Nation’s Cybersecurity. The Government is proposing broad changes to the Federal Acquisition Regulation (FAR) and Department of Defense FAR Supplement (DFARS) in two areas. What do government contractors need to know?
April 28, 2020
A recent amendment to the District of Columbia’s data breach notification law (the “D.C. Breach Law”) highlights the nation’s increased focus on data security standards. Generally, the changes to the D.C. Breach Law fall into three categories: (1) expanding what is considered a reportable incident; (2) expanding the notification requirements for breaches; and (3) emphasizing proactive data security measures.
April 13, 2020
The Children’s Online Privacy Protection Act (“COPPA”) generally requires that operators of commercial websites and online services take certain steps to protect online privacy and safety of children under the age of 13. Those steps include COPPA’s requirement that companies covered by COPPA provide notice of their data collection and use practices and obtain verifiable parental consent before collecting certain data and that they maintain reasonable data security safeguards.
April 7, 2020
A side effect of the current global pandemic is the skyrocketing popularity of video-teleconferencing services. Among them, Zoom is a rockstar. Per its own estimates, Zoom grew its user base from 10 million to over 200 million, and counting, in the span of two months.
March 31, 2020
The Office of Civil Rights (“OCR”) recently issued bulletins with important guidance for health care providers during the COVID-19 pandemic.
The OCR has recognized that, during the COVID-19 national emergency, health care providers may seek to communicate with patients, and provide so-called “telehealth” services, through remote communications technologies. Some of these technologies, and the manner in which they are used by HIPAA-covered healthcare providers, may not fully comply with the requirements of the HIPAA Rules. However, in light of the national emergency, the OCR said that it will not impose penalties against covered health care providers for the lack of a HIPAA business associate agreement (“BAA”) with video communication vendors, or any other noncompliance with the HIPAA Rules that relates to the good faith provision of telehealth services during the COVID-19 nationwide public health crisis.
March 25, 2020
With everyone’s attentions devoted to the COVID-19 crisis and the disruptions it has caused to the normal rhythms of business and personal affairs, it should come as no surprise that criminals and scammers are seeking to take advantage of the situation.
June 8, 2016
On May 11, 2016, President Obama signed into law the Defend Trade Secrets Act (DTSA) creating a cause of action under federal law for trade secret misappropriation which previously had been governed by state common law and each state’s adoption of the Uniform Trade Secrets Act. The law took effect immediately upon signing.
October 6, 2015
On October 6, 2015, the European Court of Justice — the highest court in Europe — invalidated an international privacy agreement between the United States and the European Union, known as the US-EU Safe Harbor. The US-EU Safe Harbor allowed companies engaged in international business activities to transfer personal data from the European Union to the U.S. in compliance with the European Union Data Protection Directive (“EU Data Directive”).
November 24, 2013
You may think that most cyberattacks happen to for-profit businesses and government agencies. But don’t be lulled into a false sense of security; when it comes to collecting and storing valuable data, many trade associations and nonprofits could give a like-sized corporation a run for its money.
December 18, 2012
Data privacy laws in much of the world apply regardless of industry, source or region. In contrast, the US features an alphabet soup of sector-specific federal data privacy laws. For example, the German-Leach-Bliley Act (GLBA) applies to financial institutions, the Health Insurance Portability and Accountability Act (HIPAA) applies to healthcare institutions, the Children's Online Privacy Protection Act (COPPA) applies to online businesses collecting information from children under age 13, the Family Educational Rights and Privacy Act (FERPA) and Protection of Pupil Rights Amendment (PPRA) apply to student records, the Driver Privacy Protection Act (DPPA) applies to motor vehicle records, and the Fair Credit Reporting Act (FCRA) applies to data collected by consumer reporting agencies. Stir in 50 US state and territorial data security laws governing data breach notice, security and destruction, and you get a complex thicket of data privacy and security laws.
October 2, 2012
Like most people in our tech-inundated world, you might be a bit numb to seemingly daily reports that yet another organization has been hacked. But, as an executive or employee of a nonprofit organization or association, you may have taken notice and some comfort in the fact that the lion’s share of those attacks appear to have been perpetrated on for-profit businesses and government agencies, like Sony, Citibank, Lockheed Martin, ADP, the FBI and the CIA.
August 24, 2011
As Google and Facebook and countless others have discovered, most netizens tend to be pretty blasé about privacy – until all of a sudden they aren’t. While we all love the detailed photo views on Google Maps, the revelation that Google’s camera cars were also sweeping WiFi networks as they captured those images was met with outrage. And, Facebook users seemed to carelessly love that app’s ability to track down long-lost friends, until last week it pulled friends’ phone numbers into a handy online directory “for you”.
