DRJ's Spring 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 32, Issue 1

Full Contents Now Available!

Industry Hot News

Industry Hot News (343)

Navigating the Information Age Without Saving Everything

Data retention is a persistent challenge for in-house counsel, but developing workable information governance policies and procedures needn’t be a taxing exercise; in fact, they can generate measurable cost savings to the company. Here, Buckley LLP’s Caitlin Kasmar highlights the importance of being equipped with the right advice at the right time to save in-house counsel the stress of dealing with the challenges of document retention compliance.

The posture of in-house counsel toward information governance and data retention is in the midst of a noticeable and rapid shift from “are we retaining the right information?” to “please, please tell me I can get rid of some of this stuff.”

Those urgent pleas are fed not by data storage costs, which continue to decline, but by savvy in-house lawyers anticipating a subpoena or lawsuit, confronting a decade’s worth of retained emails and calculating compliance costs.

How are in-house counsel expected to advise their business clients on data retention when, in the typical company, numerous legal holds have piled up over time, executives may be effectively exempt from whatever retention/destruction policy is in place and no audit process exists to ensure records are actually deleted in compliance with the policy? The right advice at the right time can save in-house counsel the stress of dealing with these tricky — and, let’s face it, not particularly glamorous — issues.

...

https://www.corporatecomplianceinsights.com/do-i-really-need-to-keep-this/

Tuesday, 19 February 2019 15:25

'Do I Really Need To Keep This?'

(TNS) - Peggy Wood kept sitting up in bed.

She snatched a legal pad and added to a scattered list of things she used to own.

She imagined she was at her old desk in the Driftwood Inn, and jotted what she saw. Six glaze brushes, an embroidery machine, dressmaker’s scissors. A Nikon camera. Lights for that camera, and a backpack. Perfume she spritzed on before going out to shoot photos.

Each item was a chain link in a new insurance filing after Hurricane Michael ruined the Inn she and her family spent four decades building.

The Woods had received a little more than $2 million in insurance payments by January, mostly from flood policies. They still hoped for at least another $1 million from wind coverage but did not know how much it would cost to rebuild the sprawling motel and its outbuildings, 24 units in all.

$3 million? $10 million?

...

http://www.govtech.com/em/disaster/Rebuilding-After-Michael-and-Divided-Between-Emotion-and-Economics.html

Rich Campagna explores the security and compliance risks associated with data stored in – and accessible from – cloud applications, setting out best practices for assuring end-to-end protection.

With cloud adoption rapidly expanding across an immense range of industries, enterprises around the globe are eagerly embracing the benefits that can be gained from moving their mission-critical services to the public cloud.

Despite the fact that major cloud vendors invest heavily in security, with Microsoft alone dedicating more than $1 billion a year to internal security investments, companies need to understand the hidden risks associated with migrating to the cloud.

That entails senior company executives coming to grips with the security and compliance risks associated with data stored in – and accessible from – cloud applications, and who takes responsibility should the unthinkable occur.

...

https://www.continuitycentral.com/index.php/news/technology/3741-mind-the-gap-cloud-security-best-practices

Tuesday, 19 February 2019 15:22

Mind the gap: cloud security best practices

(TNS) - Cambria County Commissioners approved two contracts Thursday that will allow for new connections with other counties and improve existing ones when it comes to 911 communication.

During a regular meeting, the commissioners unanimously approved a 911 fund statewide interconnectivity grant with the Pennsylvania Emergency Management Agency (PEMA), for $439,653.

Robbin Melnyk, county 911 coordinator, said this money will be used to upgrade and renew licenses for two large pieces of equipment purchased by Cambria County and 14 surrounding counties a few years ago.

A second grant of $96,607 will go toward maintenance and monitoring of Cambria County’s software, connecting it with Blair and Somerset counties, Melnyk said.

...

http://www.govtech.com/em/preparedness/-Cambria-County-Pa-Commissioners-Approve-Grants-for-911-Improvements.html

Let’s be honest: Everything related to a traditional crisis is more likely to cause heartburn than joy.

When most people think of a traditional crisis plan, they envision something “comprehensive” that will prepare them for every conceivable situation. They think of an exhaustive process of research and planning and bulky binders filled with color-coded tabs.

The reality is far simpler. You cannot prepare for every situation. Trying to do so is a fool’s errand. The best plan provides a view from 30,000 feet. It defines the broad strokes of what to say and do (or not), determines who’s in charge of what, specifies who speaks for the organization and why it’s important not to talk out of school.

The main barrier to green-lighting a crisis plan is inertia. For two reasons. It seems arduous,  which causes procrastination. And you have so many other priorities competing for your attention and resources.

It’s time to change things up and declutter traditional crisis plans!

...

http://www.gillottcommunications.com/what-marie-kondo-can-teach-us-about-crisis-plans/

No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.

Recent advancements in machine learning and big data analytics have made data more important today than ever before. Companies are now investing heavily in protecting their customers' data; for instance, Facebook has pledged to double its safety and security team to 20,000 people.

Since the introduction of Europe's General Data Protection Regulation (GDPR) in 2018, data protection officers (DPOs) have become the subject of the latest hiring frenzy. Large organizations that are mandated to hire a DPO based on the GDPR's criteria are struggling to find the right person for the job. But how does a DPO fit into the typical security organization?

At the end of the day, a DPO should report directly to top management on all regulation and privacy topics. As such, the perfect candidate must have in-depth knowledge of GDPR and other regulations. Your DPO should also view the responsibilities of GDPR compliance as an opportunity to drive your business forward.

...

https://www.darkreading.com/endpoint/privacy-ops-the-new-nexus-for-cisos-and-dpos/a/d-id/1333878

Monday, 18 February 2019 16:56

Privacy Ops: The New Nexus for CISOs & DPOs

Preventing Legal Risks and Liabilities

The #MeToo movement has hammered home for employers the critical importance of keeping sexual harassment out of the workplace. However, a recent federal court case underscores how sexual harassment can occur in ways that defy what many employers might think of as the typical pattern. The ruling by the U.S. District Court for the Eastern District of Pennsylvania comes in a case that has nothing to do with a male boss or co-worker behaving inappropriately with a female colleague. It hinges instead on allegations that a supervisor failed to properly respond to sexual harassment of an employee by a non-employee.

That might bring to mind the Hollywood trope of a hardworking waitress forced to regularly endure catcalls or worse by a male customer, but Hewitt v. BS Transportation defies even this familiar scenario. It involves a lawsuit over alleged male-to-male sexual harassment in the world of big rigs and fuel refineries. In court documents, truck driver Carl Hewitt alleges that his supervisor at BS Transportation failed to take prompt remedial action in response to sexual harassment of Hewitt by a male worker at a fuel distribution company’s refinery. Hewitt routinely traveled to the Pennsylvania facility to pick up fuel bound for NASCAR racecars.

...

https://www.corporatecomplianceinsights.com/4-takeaways-from-an-unusual-sexual-harassment-case/

Businesses don't have sufficient staff to find vulnerabilities or protect against their exploit, according to a new report by Ponemon Institute.

For enterprise IT groups, responding to the volume of new vulnerabilities is growing more difficult – compounded by a chronic lack of skilled cybersecurity professionals to deal with the issues.

That is one of the major conclusions reached in a new report, "Challenging State of Vulnerability Management Today: Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture," published by Ponemon Institute and sponsored by Balbix.

When asked about the difficulties of maintaining an adequate security posture, 68% of the more than 600 cybersecurity professionals surveyed listed "staffing" as a primary issue. These staffing shortages don't exist exclusively at small organizations, either, with 72% of those surveyed from organizations with more than 1,000 employees.

...

https://www.darkreading.com/threat-intelligence/staffing-shortage-makes-vulnerabilities-worse/d/d-id/1333897

Backup technology has evolved over the years, but the time has come to take a completely fresh approach, says Avi Raichel. In this article Avi explains: Why backup is a CTO concern; What CTOs need to do to update the backup strategies in place; How CTOs can help the business become IT resilient.

It’s no secret that backup is one of the most important things that a business can invest in, and it’s because of this that the evolution of backup has been such a grand one. The very first computer backups were made on to large reels of magnetic tape (punch cards), and have consistently evolved – from tape, to spinning disk, and then on to flash. However, what hasn’t changed with backup is the central idea of creating ‘golden copies’ of data, to be used ‘just in case’.

This idea is now, arguably, archaic. These traditional backups that only provide a snapshot in time are no longer compatible with the modern times. In this age, businesses, particularly digital ones, need to be ‘always-on’ – 24/7, 365 days a year. Because of this, the requirement for recovery point objectives (RPOs) of seconds, and recovery time objectives (RTOs) of minutes is essential.

Essentially, a business needs to be able to recover as quickly as possible from the second it went down – not from a backup made the night before. This dependence on periodic backups, rather than continuous data protection, may be why nearly half of businesses have suffered an unrecoverable data event over the last three years according to the latest IDC State of IT Resilience report.

...

https://www.continuitycentral.com/index.php/news/technology/3732-cto-why-updating-your-backup-strategy-should-be-on-your-2019-to-do-list

Steering Clear of Antitrust Pitfalls

Knowing how to engage in competitor interactions is often more art than science. There are few clear lines of conduct to guide information exchanges made for legitimate business reasons. But broad principles do exist to help you consider your options carefully. Vedder Price’s Brian McCalmon discusses.

Throughout the country, sales managers, supervisors and executives attend antitrust trainings with varying degrees of regularity and detail. Antitrust as a corporate and individual pitfall is familiar to most doing business in the United States and abroad. If asked, most sales executives and line personnel can list the most dangerous and easily spotted scenarios to avoid: Don’t ask competitors about their pricing plans; don’t talk to competitors about customers; if competitors begin to discuss forbidden topics in a trade association meeting, stand up, announce your departure for the record and abruptly exit. This is all Antitrust 101.

But there is an Antitrust 102 and 103, and situations calling for a deeper understanding of antitrust may be thrust upon senior executives before they have had time to digest the consequences of a bad choice in the moment. Some risks may be so unobvious that the executive may never see the antitrust consequences at all. And a healthy respect for the antitrust laws, coupled with a poor understanding of them, has led to the unnecessary stifling of potentially efficient corporate initiatives. A deeper understanding of how communications with competitors, suppliers and customers may violate competition law can reduce risk and allow more efficient and procompetitive arrangements to flourish.

...

https://www.corporatecomplianceinsights.com/3-principles-for-compliant-communications-with-competitors/

Page 1 of 2