It's tax filing season, but did you know that it is also phishing season? Tax phishing scams abound at this time of year, and each year they grow more sophisticated. Historically, these scams were aimed at individuals, but there are now scams involving companies as well.
In January, we hosted an event with the Northeast Chapter of the Association of Corporate Counsel (ACC) on cyber security. Matt Field, a cyber insurance expert, participated on the panel, and we are thrilled to offer you a Q&A with Matt on the basics of cyber insurance. Matt is Woodruff-Sawyer's New England practice leader. He is expert in complex risk management and insurance areas, including cyber, D&O, clinical trials and reps and warranties insurance. He works with companies ranging from start-ups to large publicly trade global entities. Find out more about Matt here.
Sullivan was a sponsor of the ACC Annual Meeting in October in Boston, and we launched InhouseGo2 during the same week. We were looking for a substantive and meaningful way to connect with ACC members at our booth in the Exhibit Hall at the Annual Meeting. Everyone at the ACC loves a good prize drawing, so we decided to give away an Apple Watch. We asked ACC members to submit a blog topic for InhouseGo2 and in return, they could enter our Apple Watch drawing. It was a tremendous success for us: We gained more than 100 topic ideas and we connected with ACC members about their challenges, questions and opportunities. One unexpected takeaway was that we got an overall sense of the issues that are keeping in-house counsel up at night. We thought it might be interesting for all of you to get a summary of what your colleagues submitted. Our respondents were from a wide variety of industries and company sizes. In addition, their seniority levels ran the gamut from more junior lawyers in large departments, to solo lawyers within small companies, to mid-level lawyers, to CLOs of large departments. Here is a snapshot of our findings:
Although no one really knows what will happen next, we thought it might be useful to outline some strategies that companies are currently using to mitigate risk in light of the European Union’s recent decision to strike down the Safe Harbor provision allowing data transfers (user web histories and other personal information) between Europe and the United States. The ruling affects any company with international users that transfers advertising and other personal information between Europe and the United States. Google and Facebook are major examples of the type of company affected. Since it’s anyone’s guess when there might be a new safe harbor agreement between the U.S. and Europe, and the current new restrictions will go into effect in January, it is wise to look into some ways of coping with tougher oversight of data transfers.
We are all learning to navigate the new and complex data security protocols and procedures, and we at InhouseGo2 thought that our experience as a firm might be helpful to our in-house clients and colleagues. We interviewed both Ilene Sunshine, our chief privacy officer and Nancy Wahl, our director of IT. They have recently led Sullivan & Worcester through a state-of-the-art data security training and have set up procedures for dealing with a data breach.
1. What do you know now that you wish you had known when you first became the firm’s chief privacy and data security officer?
Ilene Sunshine (Chief Privacy Officer): I wish I’d known how complex and scary this topic is – I might have respectfully declined the job!