More Than Two Years Later, Federal Agencies Issue GLBA Final Model Privacy Form
On Tuesday, the Office of the Comptroller of the Currency (OCC), the Federal Reserve System (Board), the Federal Deposit Insurance Corporation (FDIC), the Office of Thrift Supervision (OTS), the National Credit Union Administration (NCUA), the Federal Trade Commission (FTC), the Commodity Futures Trading Commission (CFTC), and the Securities and Exchange Commission (SEC) (the

Analyzing the Risk-Based Factors of Massachusett's Data Security Law
SearchSecurity.com published an article by me yesterday (Interpreting 'risk' in the Massachusetts data protection law) concerning the risk-based elements of Massachusetts' data security regulation (201 CMR 17.00, et. al).  The gist of the article is that any company that chooses anything less than "strict compliance" with the specific written information security policy ("WISP") and control requirements of the regulation must be able to legally support their decision based on the regulation's risk elements.

NDAs: Worth the Effort?
Confidentiality or nondisclosure agreements ("NDAs") are widely used but often poorly reasoned or inadequately implemented.  When are they worth the effort?  How can they be made more effective in protecting a company's secrets or the secrets of others for which it is responsible?My seatmate on a recent cross-country flight was an entrepreneur who has established an innovative and successful online financial services business.  “I never use NDAs,” he insisted. “Too much trouble, and too hard to enforce, anyway.” That’s not an uncommon view of confidentiality or nondisclosure agreements (NDAs), at least outside the

NDAs: Worth the Effort?
Confidentiality or nondisclosure agreements ("NDAs") are widely used but often poorly reasoned or inadequately implemented.  When are they worth the effort?  How can they be made more effective in protecting a company's secrets or the secrets of others for which it is responsible?My seatmate on a recent cross-country flight was an entrepreneur who has established an innovative and successful online financial services business.  “I never use NDAs,” he insisted. “Too much trouble, and too hard to enforce, anyway.” That’s not an uncommon view of confidentiality or nondisclosure agreements (NDAs), at least outside the

Compliance as a Service (CaaS): The Enabler Role of Legal, Security and Privacy Professionals
Cloud computing promises incredible benefits for companies looking for inexpensive and scalable computing solutions without the need to do it all themselves (or the costs or personnel). However, as foreshadowed in the InfoLawGroup’s “Legal Implications of Cloud Computing” series (see Part One, Part Two and