Insights on forensics

anti-virus, assessment, audit, bring your own device, bring your own device coit device encrypt incident response mobile privacy se..., byod, coit, device, encrypt, forensics, incident response, liability, Mobile, mobile privacy, privacy, Security, security breach, security program, subpoena

The Legal Implications of BYOD (Part II) - Preparing Personal Device Use Policies

By InfoLawGroup LLP on June 11, 2012

In our last "bring your own device" post we explored some of the key security, privacy and incident response issues related to BYOD. These issues are often important drivers in a company's decision to pursue a BYOD strategy and set the scope of personal device use within their organization. If the risks and costs associated with BYOD outstrip the benefits, a BYOD strategy may be abandoned altogether. One of the primary tools (if not the most important tool) for addressing such risks are BYOD-related policies. Sometimes these policies are embedded within an organization's existing security and privacy policy framework. More frequently, however, companies are creating separate personal device use policies that stand alone or work with/cross-reference existing company security, privacy and incident response polices. This post lays out the key considerations company lawyers and compliance personnel should take into account when creating personal device use policies and outlines some of the important provisions that are often found in such policies.

Breach, Cloud, contracting, forensics, Security, security breach

Data Breach in the Clouds

By InfoLawGroup LLP on March 21, 2011

As we move into 2011 it should be obvious that cloud computing is not a fad, but rather a computing model that is becoming ubiquitous. Cloud computing offers a slew of advantages including efficiency, instant scalability and cost effectiveness. However, these advantages must be balanced against the control organizations may lose over their information technology operations when they are reliant on a cloud provider to provide key processes. The issues that arise out of this loss of control are apparent when considering data breach response and liability in the cloud. When a cloud customer puts its sensitive data into the cloud it is completely reliant on the security and incident response processes of the cloud service provider in order to respond to a data breach. This situation poses many fundamental problems.

assessment, audit, Breach, breach notice, Cloud, cloud computing, Computing, contracting, contracts, Contracts Breach, forensics, incident, incident response, liability, notice, privacy, provider, Regulation, response, schedule, Security, security assessment, security breach, security schedule, service, service provider, service provider liability

What's in Google's SaaS Contract with the City of Los Angeles? Part Three.

By InfoLawGroup LLP on June 23, 2010

This blogpost is the third (and final) in our series analyzing the terms of Google's and Computer Science Corporation's ("CSC") cloud contracts with the City of Los Angeles. In Part One, we looked at the information security, privacy and confidentiality obligations Google and CSC agreed to. In Part Two, the focus was on terms related to compliance with privacy and security laws, audit and enforcement of security obligations, incident response, and geographic processing limitations, and termination rights under the contracts. In Part Three, we analyze what might be the most important data security/privacy-related terms of a Cloud contract (or any contract for that matter), the risk of loss terms. This is a very long post looking at very complex and interrelated contract terms. If you have any questions feel free to email me at dnavetta@infolawgroup.com