Photo of Kathleen Porter

Kathy Porter's practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and privacy practices to comply with the patchwork of laws and rules applicable to the collection, use, safeguarding, sharing, and transfer of protected or personal data. She regularly structures arrangements with promoters, marketers, website exchanges, and other third parties for the purchase, sale, sharing, and safeguarding of personal data. Kathy prepares and negotiates representations, warranties, and indemnities regarding personal or protected data and privacy and data practices. She also assists clients with privacy audits and works with third-party certification organizations to obtain certification of companies' privacy practices. She guides clients through internal investigations to assess and address notice and other obligations regarding privacy breaches. Kathy often works closely with our litigation attorneys to manage external investigations such as those by federal or state regulators. Read her rc.com bio here.

A Tampa, Florida area water facility was recently hacked using a popular remote-access software tool.  The unidentified hacker also used the software to connect to an on-site computer and then used that computer to access the facility’s control panel.  Once there, the hacker programmed a 100x-increase in the levels of sodium hydroxide (lye) to be

The Irish Data Protection Commission (DPC) fined Twitter 450,000 euros (about US$546,000) for failing to timely notify the Irish DPC within the required 72 hours of discovering a Q4 2018 breach involving a bug in its Android app, and also for failing to adequately document that breach.  The bug caused some 88,726 European Twitter users’

The ADA was enacted in 1990 to prohibit discrimination against persons with disabilities. It did not include express rules about access to websites and mobile apps. But that hasn’t stopped a flood of lawsuits against companies based on claims their websites or mobile apps might not be accessible to people with disabilities, such as visual,

With more companies hiring, online recruiting scams have re-emerged to prey on job seekers and employers. The Better Business Bureau tracked more than 3,000 recruiting scams in the first 10 months of 2018 with losses in the million dollars.

The online recruiting scam works this way: the scammer fraudulently uses a company’s name and logo, and perhaps the names of the company’s employees handling recruiting or human resources, to solicit applications from job seekers for fake jobs. Many times the companies are household names or long established, which gives the scam an air of legitimacy. Sometimes the solicitation comes by email, but most often it is posted on a professional or recruiting website or social media platform. Like most phishing schemes, the scammer’s email address is similar to, but not the same as the legitimate company’s email address.
Continue Reading Recruiting Scams on the Rise

Last week, the High Court of Ireland submitted eleven questions to the Court of Justice for the European Union (CJEU) to consider about the personal data transfer regime between the European Union (EU) and the United States. This referral stems from a new claim by Max Schrems, an Austrian lawyer and privacy activist. Schrems previously

Facebook reports that the personal data of 87 million Facebook users, mostly located in the United States, “may have been improperly shared” with British data analytics firm Cambridge Analytica. Previous estimates put the possible scope of improper sharing at about 50 million users. The increased number was calculated by Facebook by totaling the friends of

On March 23, 2018, the President signed into law the Consolidated Appropriations Act of 2018 (H.R. 1625), an omnibus spending bill that includes the Clarifying Lawful Overseas Use of Data Act (the CLOUD Act). Among other provisions, the CLOUD Act amends the Stored Communications Act of 1986 (18 U.S.C. §§ 2701-2712, hereinafter the

Facebook and the English data analytics firm Cambridge Analytica (CA) are facing intense scrutiny in response to numerous reports about the possible misuse of data of 50 million Facebook accounts. The data was originally collected through a third party personality test app and later reportedly improperly transferred to CA and/or its parent company Strategic Communications