How Tech Companies Should Rethink Data Privacy

Shahryar Shaghaghi, MSc, Principal and Cybersecurity and Privacy National Leader, CohnReznick

The year 2018 will be remembered as the end of the free-for-all era of internet privacy, brought down by a series of high-profile security breaches and scandals. 2019 will be defined by the reaction to this abrupt shift and by the growing public alarm over the types of data being collected about users, how it’s used, and how securely it is stored. Going forward, companies will be expected to demonstrate a commitment to accountability, lawfulness, transparency, and an intensive focus on data protection.

This paradigm shift is occurring at precisely the same moment that artificial intelligence (AI) and internet of things (IoT) innovations are delivering even more valuable insights via data. However, companies seeking to take advantage of these technologies should exercise prudence, lest they run afoul of a changing regulatory environment and increasingly wary consumers.

New legislation and a new data mindset

The implementation of two pieces of legislation will radically transform how companies approach data privacy: Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). California’s law is of particular interest since, by some metrics, it goes even further than the GDPR in protecting consumer data and because it applies to every company doing business in the state, regardless of where it is headquartered. This makes the CCPA a de facto national law, especially in the absence of superseding federal regulations.

Here are the most important things to know about the California law:

1. VIOLATIONS WILL BE EXTREMELY COSTLY.

Companies found to be in violation of the CCPA are liable for civil damages of $100 to $750 per user, which has the potential to add up to astronomical sums. What’s more, this mechanism empowers consumers and lawyers to seek damages, rather than any regulatory agency. This represents an enormous shift in risk from the past when data breaches were met with fines and temporary PR crises. As Jim Halpert, a data protection specialist at DLA Piper, points out, “Class action lawyers are motivated quite differently than regulators. They have the opportunity to file lawsuits, throw a lot of spaghetti against the wall, and extract a settlement.” CCPA’s potential for massive financial penalties fundamentally alters the risk versus reward calculus of data assets.

2. IT RADICALLY EXPANDS THE DEFINITION OF “PRIVATE DATA.”

The California law stipulates that if a company’s data is not encrypted or redacted and there is a breach, they are obligated to report it, thus inviting legal action. The protected data here includes not just credit card data but social security numbers, all government ID numbers, medical identifiers, and perhaps most crucially to marketers, smartphone IDs.

3. IT TAKES EFFECT IN JANUARY 2020.

Any entity with users in California has about a year to become compliant, which makes it extremely urgent for executives to fully grasp the significance of this legislation and restructure their policies accordingly.

4. IT’S A SIGN OF THINGS TO COME.

California’s legislators have signaled that they are open to amending the CCPA in places where it is unworkable for businesses, but while there may be a reprieve from some of the law’s excesses, there is no escaping the privacy backlash it represents. There are similar laws in Brazil, China and, of course, the EU, and many observers believe it’s only a matter of time before Congress passes federal data privacy regulations.

Getting a handle on your data

The rapidly changing legal environment means that companies are anxious to evaluate their data sharing models, but even getting a clear picture of the situation can be daunting. Shahryar Shaghaghi, a Principal with CohnReznick Advisory and national leader of its Cybersecurity and Privacy Practice, speaks to that challenge, saying, “Most companies today struggle with identifying and classifying data because the data has been extended outside of the enterprise, and there’s a lot of unstructured data as part of the business processes and transactions. Most companies don’t have a good handle on how to even identify personally identifiable information (PII) [data that could identify a particular individual] among millions of spreadsheets or thousands of PDF files that are being exchanged on payload, tied to emails and things like that.”Most companies don’t have a good handle on how to identify PII among millions of spreadsheets. Shahryar Shaghaghi  Principal, CohnReznick National Cybersecurity and Privacy Leader

Mapping your data assets can be both difficult and expensive, and it only gives you a snapshot view unless you have a framework in place to keep track of how your data is moving and who is accountable for it. This complex and shifting landscape demands that businesses restructure their relationship with data on multiple fronts: not merely legally, but culturally and strategically. Taking on this task requires a top-down approach. In addition to ensuring regulatory compliance, the following strategies may also be the best way to ensure organizational readiness against traditional cyberattacks:

1. RESTRUCTURE DATA GOVERNANCE.

In the past, data management responsibilities were often divided between a legal office, an IT security team, and marketers, each of whom had different skill sets and frequently divergent priorities. Companies hired chief data officers in order to develop a unified data privacy strategy, which had mixed results. Now we are witnessing the evolution of the Chief Privacy Officer, who is focused on driving strategy and policies related to data privacy. Representatives from different departments can still bring their unique perspectives, but new data opportunities must be weighed from a risk/reward mindset that recognizes data as a valuable asset, but also an asset with serious risks if managed incorrectly.

2. CONDUCT AN IMPACT GAP ASSESSMENT.

While it may be infeasible to completely update your data privacy policy overnight, it’s still possible to quickly identify some low-hanging fruit that can be addressed immediately. Rather than taking a scattershot approach to plugging leaks, start by assessing your current situation in terms of your company’s critical principles and requirements and by developing a long-term road map to address issues in order of priority.

3. UPDATE OVERALL STRATEGY.

Tech companies whose business models involves data monetization practices that are not transparent to users will have to start addressing difficult questions about how to adapt their business model to this period of greater risk. Shaghaghi says, “If your products and services are based on a set of principles that is opposed to this upcoming evolution of data management practices, then you’ve got a major problem on your hands in terms of how you need to change your strategy.”

Familiar threats with new defenses

Malicious intrusions will continue to be a major concern in 2019 and no one will be immune. Halpert describes the situation in stark terms, “Eventually there will be a successful penetration of a company’s systems, inevitably. The question is really whether the company is resilient, whether it’s flexible and able to respond quickly to attacks.”

The good news is that both regulators and the public at large will extend patience to companies that can show they are making a good faith effort to address privacy concerns. Companies that take immediate steps to secure, encrypt, and track sensitive data will have a better chance of emerging unscathed from crisis. In today’s privacy-conscious environment, the time to take action on data protection is now—before the inevitable breach takes place.

CONTACT

Shahryar Shaghaghi, Principal – National Cybersecurity and Privacy Leader
646.601.7899

Warning When Hiring Temporary and Seasonal Staff

Cathy Coloff, Founder, IT Radix

Many businesses leverage temporary or seasonal staff.  The benefits are obvious—expertise and additional resources/capacity when you need it. With the advances in technology, utilizing these types of personnel is even easier.  However, what may not be so obvious are the network security risks; in particular, the increased potential for compromised sensitive data or loss of control of the data.

With some upfront planning, technology, temporary staff, and your business can be perfect together.  Here are things to keep in mind:

Determine how they will access your data

When bringing on temporary staff, you need to decide how they are going to access your computer data.  Are they going to use their own computers (BYOD) or will you be providing it (COPE)?  If it’s the latter, you will have greater control over what and how they access information and ensure network security.  If the temporary staff provides their own equipment, you will have less control and will need to think carefully about how you give access to your data.  This includes email which is easily setup on mobile devices such as smartphones and tablets.

Implement good policies and procedures

Whether you opt for COPE or BYOD, be sure to have good policies and procedures for managing your corporate technology assets and information—especially for those workers who will be with you for only a short time.  Clearly outline ownership of your data, how it is to be accessed and handled, and what should happen at the end of employment.

Require passwords and encryption

On mobile devices, require passwords to access the device itself as well as your data.  Consider implementing device encryption.  Whenever possible, enable the ability to remotely wipe a device (this includes laptops) should it be lost.  Consider implementing mobile device management software that will enforce company policies.

Allow access to data on an as-needed basis

Too often, temporary workers are given full access to company networks when perhaps all that is needed is access to a particular project or client area.  Work with your IT support to ensure that all access is given on an as-needed basis and maintain your network security.

Need some upfront help with planning your network security?  Call IT Radix, and we’ll be happy to get you started.

6 Financial Tips for Recent College Graduates

Paul Van Ostenbridge, President & CEO, Atlantic Stewardship Bank

As nearly 2 million U.S. college students graduate this spring, Atlantic Stewardship Bank is stressing the importance of a sound financial lifestyle. ASB has highlighted six financial tips recent college graduates should consider to position themselves for financial success as they embark on their next phase of life. 

“Budgeting is critical for young adults as living expenses and student loan bills add up quickly,” said Atlantic Stewardship Bank President and Chief Executive Officer Paul Van Ostenbridge. “Saving as much money as you can and paying down debt right out of the gate will help position you for life-long financial success.”

ASB recommends the following financial tips for recent college graduates:

  • Set a budget and stick to it. Supporting yourself can be expensive, and you can quickly find yourself struggling financially if you don’t take time to create a budget. Calculate the amount of money you’re taking home after taxes, then figure out how much money you can afford to spend each month while contributing to your savings. Be sure to factor in recurring expenses such as student loans, monthly rent, utilities, groceries, transportation expenses and car loans.
  • Pay bills on time. Missed payments can hurt your credit history for up to seven years and can affect your ability to get loans, the interest rates you pay and your ability to get a job or rent an apartment. Consider setting up automatic payments for regular expenses like student loans, car payments and phone bills. Take advantage of any reminders or notification features. You can also contact creditors and lenders to request a different monthly due date from the one provided by default (e.g., switching from the 1st of the month to the 15th).
  • Avoid racking up too much debt. Understand the responsibilities and benefits of credit. Shop around for a card that best suits your needs, and spend only what you can afford to pay back. Credit is a great tool, but only if you use it responsibly.
  • Plan for retirement.  It may seem odd since you’re just beginning your career, but now is the best time to start planning for your retirement. Contribute to retirement accounts like a Roth IRA or your employer’s 401(k), especially if there is a company match. Invest enough to qualify for your company’s full match – it’s free money that adds up to a significant chunk of change over the years. Automatic retirement contributions quickly become part of your financial lifestyle without having to think about it.
  • Prepare for emergencies. Hardships can happen in a split second. Start an emergency fund and do your best to set aside the equivalent of three to six months’ worth of living expenses. Start saving immediately, no matter how small the amount. Make saving a part of your lifestyle with automatic payroll deductions or automatic transfers from checking to savings. Put your tax refund toward saving instead of an impulse buy.
  • Get free help from your bank. Many banks offer personalized financial checkups to help you identify and meet your financial goals. You can also take advantage of their free digital banking tools that let you check balances, pay bills, deposit checks, monitor transaction history and track your budget.

Going Green is on the Agenda

BY ANTHONY RUSSO, PRESIDENT, CIANJ

THE COMMERCE and Industry Association of New Jersey (CIANJ) and COMMERCE held their inaugural Environmental Leadership Medal awards breakfast reception in April, showcasing New Jersey’s “Environmental Rock Stars” and coinciding with Earth Day. A big thank you to all of our sponsors!

The event and our April issue show­cased extraordinary efforts in recycling; pollution prevention programs; green building design; solar investments; envi­ronmental and energy conservation; ecology (water, plants, animals, insects); community impact and employee partic­ipation; process and manufacturing innovations; “green” leadership; and brownfield redevelopment.

More than 150 consultants, attorneys, accountants, engineers, LSRPs and oth­ers, who work in the environmental sec­tor, gathered at the Glen Ridge Country Club in Glen Ridge, New Jersey, to cele­brate the achievements of the state’s leading environmental companies and professionals. In addition to honoring the 2019 Environmental Leadership Medal winners and honorees, three environmental professionals were inducted into the newly formed CIANJ Environmental Hall of Fame for lifetime achievement— Edward A. Hogan, Lanny Kurzweil and Tracy Straka.

Edward A. Hogan, Esq., is co-chair of the Environmental Law Group at Norris McLaughlin, P.A., and represents developers, redevelopers, manufactur­ers, commercial entities and highly-regu­lated service businesses in all aspects of environmental law and litigation. He is a Fellow of the American College of Environmental Lawyers and is listed in four categories in the current edition of The Best Lawyers in America: Environmental Law, Energy Law, Litigation–Environmental and Natural Resources Law. He has been included in the Environmental Law section since 1993. Hogan was selected for inclusion in the International Who’s Who of Environment Lawyers 2018 by Who’s Who Legal. He was ranked Band 1, the highest ranking an attorney can receive, in the Environment section by Chambers USA, one of the oldest and most prestigious legal listings in the world. He was also moderator of CIANJ’s EBC Roundtable.

Lanny S Kurzweil, Esq., co-chair of CIANJ’s EBC, the current moderator of CIANJ’s EBC Roundtable and an active member of EBC’s steering committee, is a partner with McCarter & English, LLP. He helps clients address complex environmental litigation, navigate regu­latory matters and assists them with environmental issues involved in busi­ness transactions. A frequent lecturer on environmental topics, he often speaks on New Jersey’s NRD Program, environmental law and trial topics. He has received CIANJ’s EBC Service Award and the CIANJ Chairman’s Outstanding Volunteer Award and Outstanding Leadership Award. He has also been recognized as one of Chambers USA’s “Leaders in their Field,” 2007-2019 (in Band 1 since 2008); ranked as a New Jersey Super Lawyer, 2005-2019; listed in The Best Lawyers in America, 2015-2019; and named Best Lawyers’ 2015 and 2018 Environmental Law “Lawyer of the Year” for Newark.

Tracy Straka, senior vice president of Creamer Environmental, Inc., has more than 30 years of operational and technical experience in the environmen­tal industry. She is co-chair of CIANJ’s EBC and was the first woman to serve as CIANJ chairman. Straka was the first employees at Creamer Environmental, Inc., one of the country’s top 200 envi­ronmental firms and has many awards including the 2005 Point of Light Award for outstanding leadership and service to the New Jersey Environmental Business Community; the 2005 Environmental Engineering Excellence Award from APL; chair of the 2005, 2007, 2009 and 2012 Innovative Environmental Technology Conferences; recognized several times in Who’s Who in Environmental Professionals; and many industry-leading publications and technical presentations. In 2012 Tracy was selected as one of the Best 50 Women in Business.

Congratulations to all of our winners, our Environmental Hall of Fame inductees and to New Jersey’s environmental business community for making contributions to our state and our environment. Today, going green is not only on the agenda for many firms, it’s good for their bottom lines, as well

New Jersey: A Leader in Innovative Best Practices to Reduce Opioid Use

COMPILED BY JOHN JOSEPH PARKER, CONTRIBUTING EDITOR

AS PART OF THE MURPHY administration’s strategic efforts to combat the opioid crisis, the New Jersey Department of Health and New Jersey Department of Human Services (DHS) have teamed up to launch the Opioid Reduction Options (ORO) program aimed at reducing opioid pre­scribing to treat chronic pain in hospital emergency departments.

The program will provide training and education to health systems on other pain relief options in place of opioids. The initiative builds on efforts by the Office of the Attorney General to regulate opioid prescribing, educate prescribers about the risks associated with opioids and target enforcement efforts against reckless and criminal over-prescribers.

“New Jersey has made some progress in reducing opioid prescribing, but we know that well over half of substance use disorders still start with a prescrip­tion,” explains New Jersey Health Commissioner Dr. Shereef Elnahal. “This project aims to prevent an addic­tion that starts with a visit to the emer­gency department—an important piece of the Murphy Administration’s preven­tion agenda in fighting the opioid epidemic.”

DHS Commissioner Carole Johnson adds, “We are pleased to join with the Department of Health and New Jersey’s hospital leaders in advancing best practices to combat the opioid epi­demic. It is important to our state strate­gy that we make sure medical providers are aware of the options and we look forward to funding this initiative throughout the state.”

Nationally, emergency departments prescribe opioids at a rate of about 17 percent. New Jersey is home to best practices that reduce opioid prescrib­ing—St. Joseph’s Health reduced opioid prescribing down to 2 percent. The hos­pital has been recognized nationally.

“St. Joseph’s Health launched The Alternatives to Opioids program (ALTO®) in 2016 to offer a real solution to a rap­idly growing opioid epidemic,” says Mark Rosenberg, D.O., chairman of Emergency Medicine and chief innova­tion officer, St. Joseph’s Health. “Since then, we have witnessed tremendous success using the ALTO® protocols—reducing opioid prescriptions by more than 82 percent in the St. Joseph’s Emergency Department. We are stop­ping addiction before it starts.”

By providing training and curriculum to hospital emergency department staff, ORO will promote best practices, such as those used at St. Joseph’s Health as well as those used at other health systems, with the goal to ulti­mately to reduce overall opioid pre-scribing in New Jersey’s emergency rooms to 12 percent or less.

“New Jersey continues to be a leader in innovative practices to stem the tragedy of opioid abuse,” said Cathleen Bennett, New Jersey Hospital Association (NJHA) president and CEO. “The NJHA applauds the state for its leader­ship in developing the ORO program, and we’re honored to be partners with St. Joseph’s Health in bringing new opportunities for hospitals and health systems to meet patients’ needs without putting them at greater risk for opioid dependency.”

The Department of Health has part­nered with the NJHA to implement this program. The NJHA will be consult­ing closely with St. Joseph’s Health to develop the training and curriculum and to develop a learning environment where other health system leaders in this space may share their evidence-based practices.