The US-EU Privacy Shield Framework is a result of a shared goal of strong privacy protection from the United States and the European Union that ensures EU data subjects benefit from effective safeguards and protection as required by European legislation with respect to processing their personal data.
The United States Department of Commerce issued 15 U.S.C 1512. Osprey Security, as a premier Cybersecurity company deeply cares around the security and privacy of its customers and is proud to announce that it is one of the leading organizations certified by the United States Government. With this, we announce our commitment to all the Privacy Shield principles including notice, choice, accountability for onward transfers, security, data integrity and purpose limitation, access, and recourse/enforcement and liability. More importantly, this also ensures Osprey Security has EU GDPR readiness to meet additional obligations under GDPR, including additional accountability and program governance, broader individual rights, privacy by design and default, PIAs, and breach notification.
Here is a link to Osprey Security’s certification as published in the Privacy Shield website and the United States Government.
In the past, we shared a startup’s legal obligations. Continuing on the same theme, in general, at the early stages of starting up a tech company, legal issues are the last thing on founders’ minds. But, knowing potential problem areas can reduce the amount of time and money founders have to spend on legal matters. Here are a few things in particular that are likely to impact tech startups from a legal issue perspective:
- Confidentiality. Often, those in tech industries are expected to sign confidentiality and non-disclosure terms. Founders should review any such agreements they signed with former employers in at least the last five years to make sure that there are no clauses under which the former employer could own new developments.
- Law of Other Jurisdictions. Tech companies are likely to operate on a global scale. While the advantages of having consultants, contractors, and users in other countries is substantial, founders must make sure they comprehend applicable laws and regulations regarding privacy, tax, and intellectual property.
- Innovation. Innovation is the bread and butter of tech companies. But, new technologies bring new legal questions, and possible litigation risks. Uber, for example, arguably created a unique kind of worker that is difficult to categorize under the law as written, which led to massive litigation.
Data breaches have become increasingly more common within the last decade. Most of these intrusions have caused a great deal of consumer scrutiny and could potentially affect a company’s future business potential. These data breaches have affected some major corporate enterprises and it is important for them to consider their legal obligations from a Cybersecurity and data breach perspective. Take for example the below listed data breaches and compromises:
- In 2007 TJ Maxx was subject to an intrusion where 94 million records were compromised;
- In 2010, Sony Playstation Network suffered an intrusion where 77 million records were compromised;
- In 2013, Target was subject to an intrusion where 70 million records were compromised; and
- In 2014, JP Morgan Chase fell victim to an intrusion where 76 million records were compromised.
Unfortunately, although these corporations are obviously victims of serious crimes, these breaches have pushed the onus onto businesses to develop security measures to protect consumer information. Failing to develop potential safeguards can ultimately lead to great distrust amongst the public, or, in certain circumstances, even litigation.
After Target’s 2013 data breach, the company faced a class action for its failing to protect customer data and ultimately settled for $10 million. Such a suit leads to the question: how exactly does a corporate entity become responsible for the nefarious acts of a third-party?
Typically, if the state has not adopted legislation placing the affirmative duty upon the corporate entity to adopt security measures for the protection of consumer information (please note: Massachusetts, California, Connecticut, Rhode Island, Oregon, Maryland, and Nevada have all passed such legislation), a court will view the failure to provide sufficient protection of consumer information under a typical negligence standard. A court will, therefore, consider (more…)