Kathy Porter’s practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and privacy practices to comply with the patchwork of laws and rules applicable to the collection, use, safeguarding, sharing, and transfer of protected or personal data. She regularly structures arrangements with promoters, marketers, website exchanges, and other third parties for the purchase, sale, sharing, and safeguarding of personal data. Kathy prepares and negotiates representations, warranties, and indemnities regarding personal or protected data and privacy and data practices. She also assists clients with privacy audits and works with third-party certification organizations to obtain certification of companies’ privacy practices. She guides clients through internal investigations to assess and address notice and other obligations regarding privacy breaches. Kathy often works closely with our litigation attorneys to manage external investigations such as those by federal or state regulators. Read her rc.com bio here.
College and universities, like many other businesses and organizations, defend against millions of cyberattacks each day. Most recently, Penn State’s College of Engineering discovered a multi-year long cyberattack seeking usernames and passwords of students, faculty, and staff. The University hired consultant Mandiant to investigate the breach. Mandiant discovered two separate attackers and determined that at … Continue Reading
The New York State Department of Financial Services (NYDFS) recently published the results of its cybersecurity survey of more than 150 regulated small, medium, and large banking organizations. The survey asked for information the bank’s use and management of third-party service vendors with access to sensitive information. In particular, the survey asked banks whether they … Continue Reading
Shortly after the discovery of a cybersecurity breach at the health insurance company Anthem, Inc., the National Association of Insurance Commissioners (NAIC) called for a multi-state examination of Anthem’s cybersecurity practices to determine what protections were in place and what actions could have been taken to minimize data losses. The examination is currently underway and … Continue Reading
Microsoft Corporation’s (Microsoft U.S.) reply brief is due this week in its appeal of The District Court for the Southern District of New York’s order to comply with the U.S. government’s warrant requiring the turnover of a customer’s emails stored in Ireland by its Irish subsidiary. The warrant was issued pursuant to the US Stored … Continue Reading
The Indiana University Maurer School of Law recently released “The Emergence of Cybersecurity Law”, an industry whitepaper discussing the role of corporate counsel on preparing for and responding to cyberattacks. The whitepaper underscores the necessity of corporate counsel shifting from the historical role of post-security incident response to one where they are leading the company’s … Continue Reading
In recent months, the White House and members of Congress have called for an overhaul of the forty-year old Family Educational Rights and Privacy Act (“FERPA”) ((20 U.S.C. § 1232g; 34 CFR Part 99), which safeguards the privacy of students’ educational records. Originally enacted in 1974, FERPA applies only to federal funded elementary, secondary and … Continue Reading
An auction of RadioShack assets which concluded this week included the names and physical addresses of 65 million customers and email addresses of 13 million customers. The auction result and transfer of assets is still subject to bankruptcy court approval. Many states, including Texas and New York, have promised to take legal action to stop … Continue Reading