Pennsylvania Supreme Court Holds Employers Potentially Liable for Data Breaches

On November 21, 2018, the Pennsylvania Supreme Court held that employers in Pennsylvania owe a legal duty to employees to protect the employee’s data from data breaches.

Read More

Ag Community Cautioned on Cybersecurity Threats to Precision Agriculture

On October 3, 2018, US-CERT cautioned agricultural producers about “Cybersecurity Threats to Precision Agriculture.” US-CERT cited a report produced by the Department of Homeland Security (DHS) about “Threats to Precision Agriculture” (PDF). The report recognizes the complexity of today’s agriculture, the use of…

Read More

Equifax Data Breach

On 7 September 2017, Equifax announced a data breach of 143 million Equifax customers involving the compromise of names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. A subset of victims, apparently, also had credit card numbers and “dispute documents” compromised.

Read More

Pennsylvania Court’s ‘Cest la Vie’ View of Data Breach Damages

The Pennsylvania Superior Court recently held in Dittman v. UPMC, that employees cannot sue employers after a data breach involving the employer’s computer systems even if the employee’s sensitive, personal information such as names, birth dates, social security numbers, tax information, addresses, salaries, and bank information…

Read More

The Unwitting Cybersecurity Trap: The Risks of Relying on Technology Consultants

Considering the increasing number of data breaches, “hacking” episodes, and cybersecurity incidents over the past few years, businesses are finally starting to take cybersecurity and data security seriously. Businesses also realize that responsibility for data security is shifting from the IT staff to the Board and senior leadership.* However,…

Read More

Is PCI Compliance Enough?

CIO Magazine recently ran an insightful article about PCI compliance. The article emphasizes that PCI “compliance” is a credit card industry minimum set of standards to protect data and to minimize data breaches. However, as the numerous data breaches…

Read More

Pennsylvania CLE Board Adds Technology Ethics Category

In October 2014, the Pennsylvania CLE Board Website added a new category for lawyer CLE programs called Ethics–Technology (new ETH10). Attorney Shannon Brown requested the additional category in light of the Pennsylvania Supreme Court’s changes to the Pennsylvania Rules of Professional Conduct effective November…

Read More

Attorney Brown Receives Cybersecurity Technical Certification

Attorney Shannon Brown passed the new, performance-based, CompTIA Security+™ certification exam on September 16, 2014. CompTIA Security+™ certification provides an industry-recognized method to objectively demonstrate technical skills in computer security, data security, or cybersecurity. The new cybersecurity certification is believed to be a first for an attorney in Pennsylvania. The…

Read More

Cybersecurity Basics for Pennsylvania Law Firms

Most Pennsylvania law firms either misunderstand cybersecurity [computer and network security] or significantly underestimate the threat of data breaches at law firms. Successful “hacks” can result in the loss of client confidential data or even losses of escrow funds. Considering the November 2013 updates to the…

Read More

The Next Battleground for Data Breaches…Shareholder Lawsuits?

Companies ill-prepared for data breaches and failing to take reasonable steps to secure data and computer systems face increasing and serious risks to the business. Specifically, companies, officers, and boards must start taking data and computer-systems security seriously or risk shareholder lawsuits. Shareholder Lawsuits for Data Breaches In two…

Read More

Pennsylvania’s New, Technology-related, Ethics Rule Changes for Lawyers

Fifteen pages of changes to the Rules of Professional Conduct (Rules) went into effect in November 2013. The changes primarily reflect the increased roles of technologies in law practice—both as important lawyering tools and as material to legal matters. Put simply, the Rule changes make express that every attorney…

Read More

Attorney Shannon Brown Presents at ShmooCon 2014

Attorney Shannon Brown presented Technology Law Issues for Security Professionals at ShmooCon 2014. The presentation provided

an overview of “what is the law?” from a legal perspective and
the basics of legal interpretation.

Emphasis was placed on understanding what the “the law” really means in a legal sense.

Read More

Attorney Brown Completes Malware Course

Not many lawyers engage in malware analysis and issues. But malware poses a formidable and emerging challenge for companies, businesses, organizations, and individuals who face cybersecurity threats, cybercrime,  cyber-espionage, identity theft, and data breaches. Attorney Shannon Brown recently completed a six week, online, graduate-level course in malware entitled Malicious Software and its Underground Economy: Two Sides to Every Story. The course covered current and emerging trends in malware including traditional malware, mobile device malware, and sophisticated malware obfuscation techniques. The course also provided lessons in detecting malware (malare is far more sophisticated than most realize) and decompiling malware using decompilation tools and machine code analysis (Attorney Brown has a significant background in computer programming and systems analysis aiding in this exercise).

Read More