Privacy And Cybersecurity CLE
Quimbee's privacy and cybersecurity continuing legal education (CLE) courses deliver the content lawyers need with engaging videos that are fun to watch.
Start your free 7-day trialQuimbee's privacy and cybersecurity continuing legal education (CLE) courses deliver the content lawyers need with engaging videos that are fun to watch.
Start your free 7-day trialIf you’re looking for a simple, engaging way to learn about privacy and cybersecurity law and fulfill your continuing legal education (CLE) requirements, look no further than Quimbee CLE online.
All Quimbee CLE online courses are built from the ground up by our world-class team of attorneys and designers. Our goal is to create a product that will not only help you meet your CLE requirements but will actually be enjoyable. Sign up for a Quimbee CLE course today!
Privacy law is an area dealing with the regulation, storage, and use of personal information - including identification, healthcare materials, and financial information - and cybersecurity is a subtype of privacy law. While U.S. law offers no universal definition of “cybersecurity", generally, cybersecurity law relates to the safeguarding of information technology and computer systems. Protecting sensitive data has become a vital imperative to many businesses across the country.
Cybersecurity laws may include laws related to cybercrime (e.g., hacking), cyber-attacks or terrorism (e.g., ransomware attacks), as well as general security practices required of businesses and government entities.
At the federal level, the United States has enacted three major cybersecurity regulations. The 1996 Health Insurance Portability and Accountability Act (HIPAA), 42 U.S.C. § 1320d–6, implemented standards to protect sensitive patient health information. The 1999 Gramm-Leach-Bliley Act, 15 U.S.C. § 6801, requires financial institutions to safeguard sensitive data. The 2002 Federal Information Security Management Act (FISMA), 44 U.S.C. § 3561, implemented information-security policies for federal agencies. Businesses may also need to comply with relevant state laws (such as the California Consumer Privacy Act) and international regulations (such as the General Data Protection Regulation.)
In our increasingly public and tech-centered world, neither privacy nor cybersecurity issues certainly are not going away any time soon. As the world continues to move online, cybersecurity laws and regulations will continue to be refined and updated. For any lawyer working on privacy and cybersecurity issues, a CLE course in this field is one of the best ways to stay up-to-date on the legal developments in your industry. Attorneys practicing business or commercial law will benefit from a CLE course in privacy and cybersecurity, as more businesses are having to comply with regulations about data security. Insurance law practitioners may have an interest, as many companies are taking out cyber liability policies. Government and nonprofit attorneys may find these courses useful as well since cybersecurity threats can cripple the functions of their institutions.
Attorneys in firms of all sizes – from solo practitioners to lawyers are multinational Big Law firms - face a number of ethical issues relating to cybersecurity, and preserving the confidentiality and security of their clients’ data. Contrary to what some lawyers may believe, law firms are often a valuable target for hackers because they can hold vast collections of sensitive and highly valuable client-related data. These cybersecurity threats come from individual hackers, international cybercriminals, and even a firm’s own attorneys and other employees. This program provides a basic primer on attorneys’ ethical obligations to understand and address the cybersecurity risks they face, and provides practical advice for attorneys in addressing issues that arise will undoubtedly arise in their legal practice.
Cyber attacks threaten all businesses and, sooner or later, every business finds themselves to be the victim of one. Responding to a cyber incident quickly and effectively can help businesses avoid substantial fines and litigation. But how do you prepare? By using facts and scenarios from actual cases, and reviewing the latest developments in the law, this course will provide practical advice for attorneys in helping their clients prepare for and respond to a data breach.
Have you ever thought about what is stored in your mobile phone, smartwatch, or laptop when you travel, and who can access that information? This course will address the current state of the law governing searches of international travelers’ electronic devices at the U.S. border. The course will then discuss the changing legal landscape in light of technological advancements in the amount of digital data that people carry with them when they travel.
As drone technology continues to evolve and drones evolve from novelty items to a central part of business operations in a variety of fields ranging from logistics and public utilities to real estate and construction, commercial drone operators must ensure that their operations comply with emerging federal drone privacy law. In this overview of the provisions of the FAA Reauthorization Act of 2018 governing the privacy practices of commercial drone operators, we cover key provisions governing operators’ privacy policies and compliance with the emerging patchwork of state and local information privacy and security laws. We also address emerging issues in federal preemption law related to the applicability of state and local information privacy and security laws to the aviation sector.
For some time, 21st Century workers have had access to a huge set of sensitive electronic information – some reflecting proprietary company information and a broad swath of it containing private information as to individual customers and workers. Now, with widespread Working From Home (WFH) wrought by the pandemic, cybersecurity is more important than ever. Every modern organization/client, in-house legal department and law firm needs to train and monitor workers as to a wide range of key do’s and don’ts. This action-packed webinar will cover a host of practical tips relating to: 1) physical security; 2) data security; and 3) video and audio calls over the web. The presenter, a nationally recognized lawyer, technologist and educator, will also provide an overview of what to do in the throes of an incident in which data appears to have been compromised.
Cyber security issues across numerous industries have been hard to miss in recent years and law firms are no exception. In this introductory discussion, we’ll talk about the basics of cyber security as it pertains to law firms. Along the way, we’ll discuss the wide array of threats to law firm and client data, electronic scams, tricks and the consequences that can come with them, as well as the steps to take in order to prepare for the next inevitable attack.
In 2012, the American Bar Association implemented “technical amendments” to a number of the Model Rules of Professional Conduct in order to address the evolution of technology in legal practice and the obligation to secure client data. We will discuss the amendments, subsequent ABA Formal Opinions clarifying the Rules’ application in practice, and basic steps needed to comply with the Rules. We will cover measures to secure the confidential client data on your firm network, individual computers, and mobile devices.
This course is designed to expand on various issues under the umbrella of technology law. In every aspect of a lawyer’s career, technology plays a role. Technology is so important to today’s lawyer that state Bars are starting to add a technology element to required CLEs. This course provides a summary of issues related to e-discovery issues should litigation ensue and addresses attorney duties in regards to data security.
Cyber security is generally seen as a technological field, but criminal hackers often employ low-tech "social engineering" attacks against people using the networks they seek to target. These attacks are actually the initial cause of most data breaches and other security incidents. How do they work? And what can you do to protect your clients and your practice?
At two years into the pandemic, remote work is still a fact of life for many employers and employees, and cyber threats continue to rise. What are the challenges in ensuring that employers’ privacy and security policies are compliant and effective in these circumstances? This program will review regulators’ current best practices and provide tools to help lawyers advise their clients on the cybersecurity and data privacy rules and principles essential in remote work environments.
Ransomware permeates the news. But what do you really know about it? Well, if you watch this three-part series, the answer will be a lot. We will talk about ransomware, how to respond, how to report, and how to take steps to minimize the impact of an attack. In Part 1, we will talk about ransomware and how to respond to an attack.
Now you know about ransomware. You know the types, you know how the attacks work, and you know what to do and not do in response to an attack. But so far, we’ve focused on how to stop the attack and resume operations as soon as possible. But in most cases, a ransomware attack also impacts individuals outside of an organization – customers and clients.
Now you know about ransomware. You know the types, you know how the attacks work, and you know what to do and not do in response to an attack. (Part 1) And you know how to message the attack, when to report to the FBI, and how to negotiate a ransom demand (that is if you watched Part 2). Wouldn’t it have been nice to avoid all of that? While no one can guarantee a ransomware attack won’t occur, your organization can take steps to minimize the likelihood of one happening and minimizing the impact if one does. Interested? Then watch part three of this three-part series.
In this course you will learn the basics of the world’s leading privacy law – the General Data Protection Regulation (GDPR). We will address key provisions of the GDPR including who it applies to and the obligations it imposes. We will address the fundamental privacy rights of individuals including the right to privacy, the right to transfer personal data, the right to be forgotten and more.
This CLE program will help lawyers understand how using technology responsibly and protecting electronic data are actually ethical obligations. The first part of the program examines a lawyer’s duty of competence (rule 1.1) with respect to data security. The second portion of the program explains a lawyer’s confidentiality (rule 1.6) obligations with respect to protected client information. The third portion of the program analyzes how, and when, a lawyer needs to communicate (rule 1.4) a suspected data breach to her client. The final portion of the program discusses the Rules governing the supervision of trained IT professionals (rule 5.3).
The Corporate Transparency Act is going to change dramatically the way that founders and investors in privately-held companies interact with each other. The CTA, once implemented, will require roughly 25 million U.S. companies to file a beneficial ownership report with FinCEN, the Financial Crimes Enforcement Network of the U.S. Treasury. Each beneficial ownership report will contained personally-identifiable information (PII) about each of the company’s “company applicants” and “beneficial owners.” FinCEN will maintain a database of beneficial ownership information that will be confidential, but accessible by specific law enforcement agencies pursuant to regulations that FinCEN will adopt. Understanding how the CTA will change the interactions between founders and investors will allow attorneys to modify the contractual relations between those parties in anticipation of the CTA coming into effect.
Large law firms are constantly fending off a variety of ever-evolving electronic threats. Some are sophisticated, some not so much. They include electronic attacks, misplaced and stolen devices, everyday mistakes and an endless assortment of tricks and scams. Any of these can lead to serious consequences. In this program, we’ll discuss those threats and the consequences that can come with them, as well as measures to reduce the risk to organizational assets and prepare for the inevitable next attack.
This course will provide an overview of the insurance coverage provided by Commercial General Liability (CGL) policies. This overview will include a summary of an insurer’s duties to defend and indemnify its policyholder for losses covered by the policy. The presentation will then provide an in-depth analysis of the 2013 Target data breach and ensuing insurance-coverage decision. Finally, the course will conclude with a discussion of the impact the Target decision will have on other policyholders with CGL policies.
As data breaches continue to proliferate, state legislatures across the country have strengthened their existing data privacy and protection statutes, or have created new ones, with an increased focus on consumer protection. This program will provide an overview of trends in this legislation, with an emphasis on how the states are shifting their focus towards compressive data privacy laws that put more control over how personal data is used into the hands of consumers. The program will also provide an overview of cyber best practices, and how those practices translate into statutory best practices.
Record-keeping and disposition policies and decisions are more important now than ever before, given the ease with which information is created and communicated, the multitude of digital applications, and the constant advancement of technology. Information, in either physical or electronic form, is an essential piece of doing business, yet the legal risks associated with retaining or destroying information are not always appreciated. Lawyers should understand the legal aspects of record-related policies and the possible legal consequences when records that should be kept are instead destroyed so they can counsel their clients when such issues arise.
Cybersecurity attacks and the threat actors that perpetrate them are increasingly threatening our National Security – and the Biden Administration has taken notice. Accordingly, various legislatures and regulators have identified cybersecurity as a key focus, implementing new laws and regulations to encourage businesses in various sectors to enhance security protections for covered data. Additionally, regulators are increasingly pursuing enforcement actions related to cybersecurity security. In this session, we will provide an update regarding recent cybersecurity rules, regulatory guidance, and legislation. Participants will gain an overview of the cybersecurity regulatory landscape and best practices to meet the requirements of the robust cybersecurity regulatory environment.
The changing reproductive health landscape has created confusion and fear among individuals identifying as female as to the privacy and security of their sensitive health data. Following the Dobbs decision, many women have abandoned their period tracking and female health technology (femtech) apps out of fear that their health data could be used to prosecute them for an abortion-related crime. This presentation (i) provides an overview of the shifting reproductive health landscape and privacy laws applicable to healthcare providers and femtech companies, (ii) describes how reproductive health data may be accessed and used by law enforcement officers, and (iii) provides suggestions for practical steps that femtech companies and healthcare providers can take now to help the women’s health industry regain consumer trust.
This course discusses the rules surrounding audio recordings, the wiretap act and video and audio surveillance. The course details the basic statutory and common law rules regarding private party surveillance and how that applies to civil litigation.
This course further expands the principles learned in Part I by comparing the statutory framework to common law invasion of privacy. This course will address how both those systems interplay with new technology such as social media, GPS tracking devices, facial recognition, and drone technology. These rules will center on their applicability to private party surveillance as opposed to government surveillance and how it affects civil litigation.
On May 1, 2020, the U.S. Department of Health and Human Services (HHS) implemented a paradigm shift in the manner in which patient electronic health information (EHI) is accessed, used, and disclosed through its publication of the Information Blocking Rule. Shifting from a landscape dominated by the Health Insurance Portability and Accountability Act (HIPAA), which imposed a permissible data disclosure framework under its Privacy Rule, the newly passed Information Blocking Rule imposes mandatory disclosure requirements on healthcare actors. Implementing the Information Blocking Rule’s requirements has proven challenging to many health care actors, who still struggle to achieve compliance amidst the shifting regulatory standards. This CLE provides an overview of the Information Blocking Rule and its exceptions, highlights common compliance challenges that have arisen in the information blocking context, and proposes risk mitigation strategies to help health care actors achieve compliance.
Deepfake technology can be used to create video (and audio) content that looks genuine, but isn’t. It has been used to craft funny parody videos and cute marketing campaigns, as well as spread disinformation, scams and all-too-realistic nonconsensual pornography. Deepfake technology is easy to use, readily accessible, and spreading. In this program, we’ll discuss deepfake-related cyber threats to lawyers and law firms, potential legal consequences, as well as addressing efforts to mitigate the associated risk as technological controls – and the law – try to catch up.
From FTX to NFTs, it seems like cryptocurrency and blockchain technology are at the top of news and culture. But which laws apply to this technology, and which government entities regulate this space? And what do businesses, investors, and consumers need to know to avoid legal pitfalls?
Cybersecurity risk management and the potential for enforcement actions is not diminishing. An area of increasing interest by the Federal Trade Commission, the United States Department of Justice, and Congress is third parties benefiting financially from taking sensitive data, including protected health information, without obtaining affirmative patient/consumer consent (especially from social media and search engine giants). The U.S. Department of Health and Human Services, the agency tasked with enforcing HIPAA, also plays a critical role here. The purpose of this presentation is to address different federal government initiatives, recent enforcement actions and incidents, and risk mitigation.
Every law firm, whether large or small, uses technology. That technology ranges from word-processing, to calendaring, to client billing software, to litigation support. In the last few years, there have been numerous instances where law firm operations have been impacted by technology failures, including hacking. In this presentation, we will focus on understanding relevant ethical obligations to lawyers, reasons why law firms are being targeted, and how to mitigate cybersecurity risks to your law firm.
This course examines legal analyses of data privacy and cybersecurity incidents from a response perspective. The course will spotlight three primary components of the incident response lifecycle: (1) investigation and verification of a breach; (2) breach notification; and (3) post-breach remediation. With a focus on state data breach notification statutes, the course explores core questions involving events impacting protected information. This course will also consider what happens when a “breach” is declared, including breach notification to impacted individuals. Finally, the course explores common avenues organizations may consider to prevent a breach from happening again in the future, including the development and implementation of cybersecurity training and awareness programs.
This course we will discuss key factors in cybersecurity threats and prevention. Kamran Salour, Co-Chair of the Data Privacy & Cybersecurity Practice at Lewis Brisbois, walk through what a breach is, steps that can be taken to prevent a breach, and steps to be taken that can minimize the impact of a breach should one occur. This course will discuss the importance of encrypting personal information, avoiding common entry points, and securing the network. Additionally, course will also explore the necessity for cyber insurance, understanding data mapping and having off-network storage options.
With cyber the distinctions between legal malpractice, ethics, and cyber risk are becoming more & more blurred. This course will provide an in-depth discussion of cyber incidents, including the rules and responsibilities that apply to lawyers in safeguarding against a cyber breach.
Attorneys in firms of all sizes – from solo practitioners to lawyers are multinational Big Law firms - face a number of ethical issues relating to cybersecurity, and preserving the confidentiality and security of their clients’ data. Contrary to what some lawyers may believe, law firms are often a valuable target for hackers because they can hold vast collections of sensitive and highly valuable client-related data. These cybersecurity threats come from individual hackers, international cybercriminals, and even a firm’s own attorneys and other employees. This program provides a basic primer on attorneys’ ethical obligations to understand and address the cybersecurity risks they face, and provides practical advice for attorneys in addressing issues that arise will undoubtedly arise in their legal practice.
Cyber attacks threaten all businesses and, sooner or later, every business finds themselves to be the victim of one. Responding to a cyber incident quickly and effectively can help businesses avoid substantial fines and litigation. But how do you prepare? By using facts and scenarios from actual cases, and reviewing the latest developments in the law, this course will provide practical advice for attorneys in helping their clients prepare for and respond to a data breach.
Have you ever thought about what is stored in your mobile phone, smartwatch, or laptop when you travel, and who can access that information? This course will address the current state of the law governing searches of international travelers’ electronic devices at the U.S. border. The course will then discuss the changing legal landscape in light of technological advancements in the amount of digital data that people carry with them when they travel.
As drone technology continues to evolve and drones evolve from novelty items to a central part of business operations in a variety of fields ranging from logistics and public utilities to real estate and construction, commercial drone operators must ensure that their operations comply with emerging federal drone privacy law. In this overview of the provisions of the FAA Reauthorization Act of 2018 governing the privacy practices of commercial drone operators, we cover key provisions governing operators’ privacy policies and compliance with the emerging patchwork of state and local information privacy and security laws. We also address emerging issues in federal preemption law related to the applicability of state and local information privacy and security laws to the aviation sector.
Become a member and get unlimited access to our massive library of law school study materials, including 1,295 video lessons and 7,000+ practice questions in 1L, 2L, & 3L subjects, as well as 46,300+ case briefs keyed to 988 law school casebooks.
Quimbee’s professional development courses are available exclusively to CLE Unlimited subscribers. Start your free trial now to unlock access to this course and Quimbee’s entire library of CLE programs.
Try CLE Unlimited for FreeCancelIt looks like your session has changed, probably due to logging in or out in another tab or window. If you were in the middle of doing something, the action may not have been saved. We highly recommend that you refresh the page and log in again if necessary.
Refresh