Kathleen Porter

Kathleen Porter

Kathy Porter’s practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and privacy practices to comply with the patchwork of laws and rules applicable to the collection, use, safeguarding, sharing, and transfer of protected or personal data. She regularly structures arrangements with promoters, marketers, website exchanges, and other third parties for the purchase, sale, sharing, and safeguarding of personal data. Kathy prepares and negotiates representations, warranties, and indemnities regarding personal or protected data and privacy and data practices. She also assists clients with privacy audits and works with third-party certification organizations to obtain certification of companies’ privacy practices. She guides clients through internal investigations to assess and address notice and other obligations regarding privacy breaches. Kathy often works closely with our litigation attorneys to manage external investigations such as those by federal or state regulators. Read her rc.com bio here.

Subscribe to all posts by Kathleen Porter

Big Data and Antitrust: Rethinking Competition Law in the Data Economy

As we approach calendar year end, traditionally the busiest period of the year for mergers and acquisitions, it is worth revisiting whether our existing competition law framework can and does properly assess the market power of big data. This spring, The Economist magazine joined the ranks of some antitrust regulators, particularly from the EU, in … Continue Reading

Supreme Court to Hear Microsoft Emails Case

In an order issued on October 16, 2017, the U.S. Supreme Court granted certiorari in United States v. Microsoft Corporation, a case with potentially far-reaching implications for the privacy of electronic data maintained by technology companies across the globe. The case, which Robinson+Cole has previously discussed here, here, and here, arises from a warrant obtained … Continue Reading

EU-Japan’s Major Trade Pact Includes Agreement to Review Restrictions on Personal Data Flows Between The European Union and Japan

Japan and the European Union announced an agreement in principle on major components of a substantial free trade deal on the eve of the recent G20 summit in Hamburg. This free trade deal rivals NAFTA in scope and impact, as it will impact 40 percent of the world’s trade. Once finalized, this free trade pact … Continue Reading

Twitter Updates its Privacy Policy

Twitter recently announced updates to its Privacy Policy. The updates are effective on June 18, 2017. By using the social media platform on or after that date, Twitter users will be deemed to have agreed to these updates. The updates enable Twitter to collect more user data, including about a user’s visits from Twitter to … Continue Reading

Eight Thousand Clients Affected by Data Breach at Two Massachusetts Accounting Firms

Two Massachusetts accounting firms separately recently notified the Office of the Massachusetts Attorney General and the Office of Consumer Affairs and Business Regulation of data breach incidents at their firms, resulting in the unauthorized access of their respective clients’ names, addresses and Social Security numbers. The first accounting firm, King McNamara Moriarty LLP (KMM) discovered … Continue Reading

GDPR Effective Date and Geographical Scope of Application

The GDPR will apply as of May 25, 2018. It provides a single set of very innovative rules directly applicable in the entire European Union (EU), without the need for national implementing measures—which means that any personal data processing ongoing at this date shall be in compliance with the GDPR. This leaves one year for … Continue Reading

FTC Resolves Allegations Against Three U.S. Based Companies Involving Misrepresentations of International Privacy Program Certifications

Privacy laws in Asia-Pacific countries such as Japan, Australia, New Zealand and Singapore restrict the export of personal information except when the exporter meets certain qualifying conditions. One qualifying condition is if the exporter is in compliance with the Asia-Pacific Economic Cooperation’s Cross-Border Privacy Rules System (CBPR). Under the CBPR, the exporting company would have … Continue Reading

FCC Broadband Privacy Regulations Rescinded; States Consider Adopting Measures

As was expected, President Trump signed into law the rescinding of the broadband privacy regulations adopted in 2016 by the Obama administration’s Federal Communications Commission (FCC). The now rescinded regulations would have required internet service providers (ISPs) to obtain consent from a customer before using or selling the customer’s Web browsing history, app usage history, … Continue Reading

Yahoo Breaches Cost Shareholders $350 Million From Lowered Purchase Price, CEO Forfeits $14 Million in Compensation

Yahoo’s troubles for failing to timely disclose security breaches provides rare insight into quantifying the financial and other costs to a company’s shareholders and leadership when a security breach occurs and is mishandled. In 2014, more than a billion Yahoo accounts were hacked. Then in 2015 and 2016, more than 500,000 Yahoo user accounts were … Continue Reading

WhatsApp Security Flaw, Lawsuit in Germany

Tobias Boelter, a University of California Berkeley cryptography researcher claims that last year he found a security flaw in WhatsApp’s encrypted smart phone messaging application. The flaw, which relates to the unique security keys exchanged between WhatsApp users, is reported to allow third parties, including governments, to intercept messages in transit. Mr. Boelter informed Facebook, … Continue Reading

Massachusetts Data Breach Notification History Now Available Online

The Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) has published an online list of data breach notifications issued each year to Massachusetts residents since 2007, the inception of the Commonwealth’s data breach notification law. The list identifies the entity that was breached; the number of Massachusetts residents affected; whether the breach was of … Continue Reading

Global Privacy and Data Security in 2016 and 2017

In 2016, new privacy, cybersecurity and/or data security legislation passed or became effective in a number of countries, some adopting data security measures for the first time. Several countries adopted cybersecurity focused measures with criminal penalties, hoping to more effectively combat cyber-attacks. Other countries implemented or strengthened regulations on the collection and handling of their … Continue Reading

Update on the Privacy Shield

Last July, the United States and the European Union agreed on a new framework to allow for the transfer of Europeans’ personal data to the United States. This new framework, known as Privacy Shield, replaced the Safe Harbor Principles which the European Court of Justice struck down over concerns about the U.S.’s government’s online data … Continue Reading

Authors’ Events

In addition to their legal practice and involvement with the blog, our Data Privacy + Security Team members regularly serve as presenters at topic-related seminars, and participate on panels that discuss developments in the area. Following, are several upcoming speaking engagements: October 11 & 12 – InfoGovCon in Providence, RI (Linn F. Freedman) October 24 … Continue Reading

EU-US Privacy Shield for transatlantic data transfers finalized

This article co-authored with guest blogger Peter Wainman, a partner with Mills & Reeve LLP Transfers of personal data from most European countries to the U.S. have been exposed to legal attack since October 2015, when privacy campaigner Max Schrems successfully sued the Irish authorities over data transfers made by Facebook Ireland.  The main objection with … Continue Reading

FBI reports $3.1 billion lost by businesses through “business email compromise”

This article co-authored with guest blogger David Wang, a R+C summer associate and student at Boston College Law School Wire fraud crime has long been a problem for financial institutions and banks. However, wire fraud through email is a completely different beast. Originally characterized by law enforcement as an extension of traditional wire fraud, wire fraud by … Continue Reading

Update on The Panama Papers

The International Consortium of Investigative Journalists (ICIJ) announced that on May 9, it will release selected data purported to be leaked or stolen from the internal records of the Panamanian law firm Mossack Fonseca.  ICIJ plans to release this selected data in a searchable database.  The release is expected to cover 200,000 companies and other … Continue Reading

Update on the U.S.- EU Privacy Shield

As we previously reported, this February, United States (U.S.) and European Union (EU) negotiators announced the “U.S.-EU Privacy Shield” as a replacement to the U.S. Safe Harbor. Many U.S. companies relied on the Safe Harbor to transfer data from the EU to the US. The Privacy Shield negotiations were accelerated in response to the European … Continue Reading

Council of European Union and the European Parliament approve General Data Protection Regulation; U.S. Privacy Shield faces criticism from Article 29 working group

The General Data Protection Regulation (GDPR) was recently approved by the 28 member states of the Council of European Union. By plenary vote, the European Parliament approved GDPR on April 14. The GDPR will take effect two years after publication in the E.U. Official Journal, which is expected to be in May. The GDPR, which … Continue Reading

WhatsApp adds end-to-end encryption

More than a billion people on the planet use online messaging service WhatsApp to send and receive messages, photo and videos and to make phone calls over the Internet. Most of WhatsApp’s users are outside the United States. A subsidiary of Facebook since 2014, WhatsApp just announced the addition of end-to-end encryption to every form … Continue Reading

Panama law firm Mossack Fonseca faces leak of 11 million documents exposing thousands of clients

In late 2014, an anonymous source secretly leaked to a German newspaper reporter nearly four decades of confidential and proprietary data about shell companies registered by the multinational Panamian based law firm Mossack Fonseca. The German newspaper contacted the International Consortium of Investigative Journalists (ICIJ) who assembled more than 100 other international news outlets, including … Continue Reading

Apple ordered by federal magistrate judge to assist with unlocking of San Bernardino shooter’s iPhone

Apple was ordered by a federal magistrate judge to provide “reasonable technical assistance” to federal investigators to unlock the password and access the encrypted data on a specific iPhone 5c used by Syed Farook, one of the San Bernardino shooters. The iPhone, owned by Farook’s employer, the San Bernardino County Department of Public Health (the … Continue Reading

Backdoors to encryption protocols vs. cybersecurity: weighing priorities in the U.S. and abroad

With the revelations that the Paris and San Bernardino attackers used encrypted communications to recruit, communicate and plan their attacks, the U.S. government is again pushing the tech industry to provide it backdoor access to encryption protocols. Bypassing security mechanisms through a backdoor, law enforcement believes, permits it to more effectively track users and content, … Continue Reading

Volkswagen refuses to share emails with the U.S. Investigators, citing privacy concerns

German auto manufacturer Volkswagen (VW) is reportedly using German privacy laws to resist turning over its top executives’ internal corporate emails and other communication materials to United States attorneys general and U.S. Justice Department officials investigating the company’s excess emissions scandal. VW’s position is not surprising. It is well known that Germany’s data privacy laws … Continue Reading
LexBlog