Michael R. Overly

So, you’ve had enough. You are fed up with hackers and have decided to go “active” in identifying and taking them down. While the sentiment is certainly justifiable in these difficult times, the old adage of...

When it comes to information security, all too often when entering into contracts with vendors and suppliers, the entire focus is on “show us your audit reports and security policy.” Don’t get me wrong, that...

On August 6, 2019, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) released ISO/IEC 27701 (ISO 27701), a privacy extension to ISO/IEC 27001 and ISO/IEC...

As is often the case, guidances or advisories issued by regulators in the financial services industry are frequently highly useful for all forms of businesses, whether financial services or otherwise.The most recent...

On April 4, 2019, California Assembly Member Wicks proposed sweeping changes to bill AB 1760, effectively repealing the California Consumer Privacy Act of 2018 (CCPA) and replacing it with the Privacy for All Act of...

It’s your worst nightmare. All of your most important and sensitive data, the thing your business values most, the thing your company cannot operate without, the thing your regulators require you to protect, has been...

If you listen very carefully, the age of information security as we know it ended recently, not with a bang, but with a whimper.  While that may be something of an overstatement, a recent event put us on the track to...

There is simply no avoiding it. Every business, regardless of size or type, has entered into “shrink-wrap” or “click-wrap” agreements (i.e., non-negotiable agreements provided with various types of software and...

While there is time before the California Consumer Privacy Act of 2018 comes into effect, which is January 1, 2020, businesses need to start planning now for compliance. The CCPA provides California consumers with...

In a recent blog post, I discussed limitation of liability clauses in technology contracts.  Given the favorable response to that post, I thought it would be of interest to discuss another misunderstood and frequently...

In this blog entry, we are going to be talking about a dirty word:  liability.  Specifically, we are going to be looking at vendor liability in the event of a security/data breach on their systems and networks. ...

To build upon my previous articles about security threats posed by vendors, today we focus on a very specific and frequently overlooked element of vendor risk mitigation: vendor personnel working within customer...

Engaging a third-party assessment expert in conducting a review of a business’ security measures is a cornerstone of good security practice.  Among other things, assessments can identify hidden vulnerabilities in a...

The technology environment in almost every business is composed of an amalgamation of dozens, if not hundreds, of technology products.  These products may be traditional software packages, open source software,...

It’s that time of year again.  As 2017 comes rapidly to an end, businesses should be considering potential resolutions for improving their security practices in the coming year.  Here are six action items that have...

If there is one lesson to be learned from the recent mass spate of security breaches, particularly those involving ransomware, it is this: adequate training for personnel can dramatically decrease the likelihood of a...

Take a moment from your day and pull out the last three or four cloud services agreements your company has entered into. Now, highlight the provisions in those agreements that specifically define how the vendor may use...

The age of predatory vendors is upon us. Businesses that fail to take the old Latin adage caveat emptor (“let the buyer beware”) seriously do so to their extreme peril. Even though many vendor engagements result in...

If anything, 2017 will be remembered as the year of the cyber-attack. No business is safe. No industry is exempt. The ease with which cyber-attacks can be launched and virally propagated was brought home recently by the...

In most cloud engagements these days, it is not only the customer’s data that is in the cloud, but also many key parts of the vendor contract as well.  That is, the average cloud vendor today generally places several...

Title: Big Data: A Business and Legal Guide Author: James R. Kalyvas, Michael R. Overly Length: 240 pages Edition: 1 Language: English Publisher: Auerbach Publications Publication...