Kathleen Porter

Kathleen Porter

Kathy Porter’s practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and privacy practices to comply with the patchwork of laws and rules applicable to the collection, use, safeguarding, sharing, and transfer of protected or personal data. She regularly structures arrangements with promoters, marketers, website exchanges, and other third parties for the purchase, sale, sharing, and safeguarding of personal data. Kathy prepares and negotiates representations, warranties, and indemnities regarding personal or protected data and privacy and data practices. She also assists clients with privacy audits and works with third-party certification organizations to obtain certification of companies’ privacy practices. She guides clients through internal investigations to assess and address notice and other obligations regarding privacy breaches. Kathy often works closely with our litigation attorneys to manage external investigations such as those by federal or state regulators. Read her rc.com bio here.

Subscribe to all posts by Kathleen Porter

FBI reports $3.1 billion lost by businesses through “business email compromise”

This article co-authored with guest blogger David Wang, a R+C summer associate and student at Boston College Law School Wire fraud crime has long been a problem for financial institutions and banks. However, wire fraud through email is a completely different beast. Originally characterized by law enforcement as an extension of traditional wire fraud, wire fraud by … Continue Reading

Update on The Panama Papers

The International Consortium of Investigative Journalists (ICIJ) announced that on May 9, it will release selected data purported to be leaked or stolen from the internal records of the Panamanian law firm Mossack Fonseca.  ICIJ plans to release this selected data in a searchable database.  The release is expected to cover 200,000 companies and other … Continue Reading

Update on the U.S.- EU Privacy Shield

As we previously reported, this February, United States (U.S.) and European Union (EU) negotiators announced the “U.S.-EU Privacy Shield” as a replacement to the U.S. Safe Harbor. Many U.S. companies relied on the Safe Harbor to transfer data from the EU to the US. The Privacy Shield negotiations were accelerated in response to the European … Continue Reading

Council of European Union and the European Parliament approve General Data Protection Regulation; U.S. Privacy Shield faces criticism from Article 29 working group

The General Data Protection Regulation (GDPR) was recently approved by the 28 member states of the Council of European Union. By plenary vote, the European Parliament approved GDPR on April 14. The GDPR will take effect two years after publication in the E.U. Official Journal, which is expected to be in May. The GDPR, which … Continue Reading

WhatsApp adds end-to-end encryption

More than a billion people on the planet use online messaging service WhatsApp to send and receive messages, photo and videos and to make phone calls over the Internet. Most of WhatsApp’s users are outside the United States. A subsidiary of Facebook since 2014, WhatsApp just announced the addition of end-to-end encryption to every form … Continue Reading

Panama law firm Mossack Fonseca faces leak of 11 million documents exposing thousands of clients

In late 2014, an anonymous source secretly leaked to a German newspaper reporter nearly four decades of confidential and proprietary data about shell companies registered by the multinational Panamian based law firm Mossack Fonseca. The German newspaper contacted the International Consortium of Investigative Journalists (ICIJ) who assembled more than 100 other international news outlets, including … Continue Reading

Apple ordered by federal magistrate judge to assist with unlocking of San Bernardino shooter’s iPhone

Apple was ordered by a federal magistrate judge to provide “reasonable technical assistance” to federal investigators to unlock the password and access the encrypted data on a specific iPhone 5c used by Syed Farook, one of the San Bernardino shooters. The iPhone, owned by Farook’s employer, the San Bernardino County Department of Public Health (the … Continue Reading

Backdoors to encryption protocols vs. cybersecurity: weighing priorities in the U.S. and abroad

With the revelations that the Paris and San Bernardino attackers used encrypted communications to recruit, communicate and plan their attacks, the U.S. government is again pushing the tech industry to provide it backdoor access to encryption protocols. Bypassing security mechanisms through a backdoor, law enforcement believes, permits it to more effectively track users and content, … Continue Reading

Volkswagen refuses to share emails with the U.S. Investigators, citing privacy concerns

German auto manufacturer Volkswagen (VW) is reportedly using German privacy laws to resist turning over its top executives’ internal corporate emails and other communication materials to United States attorneys general and U.S. Justice Department officials investigating the company’s excess emissions scandal. VW’s position is not surprising. It is well known that Germany’s data privacy laws … Continue Reading

Privacy Day!

In the United States, Canada and 27 European countries, January 28 of each year is known as Data Privacy Day.  Started in Europe as “Data Protection Day” to recognize the January 28, 1981, signing of the Europe’s first legally binding international treaty dealing with privacy and data protection, known as Convention 108, Data Privacy Day … Continue Reading

Increased focus on third party risk assessment, audits and oversight in 2016

For vendors or suppliers or other companies providing outsourced services or components or supplies and for the customers of such services or suppliers, 2016 means an increased demand on your limited time and manpower to respond to or review risk information security assessments, host or perform audits, and generally oversee or be subject to oversight. … Continue Reading

2016 year of peak phishing attacks?

Early studies on the causes of data breaches found many occurred after laptops, flash drives or other mobile devices were lost or stolen. But in recent years, data breaches have largely resulted from organized online-targeted phishing, scanning or skimming attacks against individuals and companies.  The attackers sought personal and financial data to use or sell … Continue Reading

Quincy Credit Union ATM machines compromised in skimming scheme

Hundreds of Quincy Credit Union (Massachusetts) customers reported that unauthorized ATM withdrawals were made from their accounts over the holiday weekend. Officials now believe that skimmers were placed on ATM machines in early December. As is typical, the thieves waited until a weekend (and a holiday one at that) to make withdrawals because they knew … Continue Reading

NLRB: Employers cannot block employees from recording or taking photos in the workplace

The National Labor Relations Board (NLRB), in a 2-1 decision, ruled against blanket employer policies banning employees from taking photos or recordings in the workplace. Such policies would, in the view of the NLRB, having a chilling effect on employee’s ability to record or photograph workplace safety violations or actions that were discriminatory. Whole Foods’ … Continue Reading

Twitter ordered by Irish Court to disclose information about author of tweet

Twitter International Company (TIC) in Dublin, Ireland was reportedly ordered by a High Court to disclose data about the source of tweets about a whistleblower. The tweets, which included allegations of insurance fraud, are alleged to be defamatory. The whistleblower provided the government with evidence that Irish hospital staff were accepting lavish gifts from a … Continue Reading

SEC brings first cybersecurity-related enforcement action

The Securities and Exchange Commission (SEC) recently settled its first cybersecurity-related enforcement action against a Missouri based registered investment adviser, R.T. Jones Capital Equities Management, Inc. (Investment Advisor).  The Investment Advisor was censured and fined $75,000 for failing to have acceptable written policies and procedures regarding its customer records and information in place prior to … Continue Reading

NIST draft report: international cybersecurity standardization needed

An interagency working group led by The National Institute of Standards and Technology (NIST) and The Department of Commerce recently published a draft report (the Report) recommending that the U.S. government increase its efforts to develop international cybersecurity standards by coordinating with other governments and the private sector. Historically, U.S. standard setting efforts have been … Continue Reading

Canada’s amendments to PIPEDA now largely in force

Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) has been amended by The Digital Privacy Act (the DPA). DPA updates PIPEDA and modernizes Canadian data privacy and security law. DPA is now largely in force, except for certain provisions, which will come into force at a later date by order of the Governor in … Continue Reading

Warrantless access to cell phone location data may be heard by the Supreme Court

A number of courts have considered whether the Fourth Amendment requires the government to obtain a warrant to access historical and/or real time cell phone geographic location information, known as CSLI. CSLI is cell site location data your cell phone gives off when you place or receive a call. Additionally, cell phones also automatically generate … Continue Reading

What European Union privacy reform means for U.S. Companies

The European Union (EU) General Data Protection Regulation (GDPR) is one step closer to replacing the EU’s 1995 data privacy directive, known as 95/46/EU. In late June, the Council of Ministers from the EU member states approved a general approach to the GDPR. The European Parliament, the European Council and the European Commission (EC) are … Continue Reading

Security bug found in Samsung® smartphones

Samsung recently announced that more than 600 million Samsung mobile devices contained a factory installed third party software produced by SwiftKey that predicts the words you will type  on your keyboards. The issue with the SwiftKey software is its contains a flaw that permits hackers to access the device when the Keychain software is applying … Continue Reading

Oral Argument Scheduled in Microsoft Foreign Data Demand Appeal

The U.S. Second Circuit Court of Appeals scheduled oral argument for September 9, 2015 on Microsoft’s appeal of a district court opinion upholding the validity of the U.S. government’s search warrant for customer data stored on Microsoft’s affiliate’s computers outside the United States. The customer data sought is in Ireland, at a data center operated … Continue Reading

Healthcare Organizations not Immune from Criminal Attacks on Sensitive Information

This month, the Ponemon Institute released its Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data and its findings are generating a good deal of attention. In the past, the Study has found that most data breaches in healthcare organizations were caused by lost or stolen devices or due to employee inattention, mistake … Continue Reading

RadioShack bankruptcy court approves sale of personal information collected by debtor

Earlier this year, an affiliate of the hedge fund Standard General LP assumed more than 1,700 RadioShack® store leases in an auction sale in the electronics retailer’s bankruptcy. Standard General reportedly plans to partner with Sprint® to open stores within more than 1,400 of these RadioShack locations. Sprint branded mobile devices, including Boost® and Virgin … Continue Reading
LexBlog