The Biggest Cyber Challenge? A Former Big Law Co-Chair Says It's People
It isn't the actions of a hacker companies should fear the most, but instead an employee's or contractor's mishaps, warned former Greenberg Traurig shareholder Francoise Gilbert.
August 13, 2019 at 12:30 PM
5 minute read
Francoise Gilbert, CEO, DataMinding. Courtesy photo.
Earlier this month, Francoise Gilbert left her post as shareholder and co-chair of Greenberg Traurig’s data, privacy and cybersecurity practice group. But while she wanted a break from Big Law’s billable hours, she hasn’t entirely stepped away from her practice: Earlier this month, Gilbert officially launched legal consulting and cybersecurity consulting firm DataMinding, where she works as CEO.
In a chat with Legaltech News, Gilbert discussed her new move, the top cybersecurity challenges her clients face, and how organizations are trying to shape the evolving data privacy landscape. This interview has been edited for clarity and brevity.
Legaltech News: What have you been up to since leaving Greenberg Traurig?
Francoise Gilbert: Many things. I have started this new company, which is going to be a mixture of legal services and consulting services where I will continue working with a small number of clients. And I have other activities: working on version two of my book [2009’s “Global Privacy and Security Law”], working for a large trade association as their global privacy ambassador, and if I have some time I’ll continue my research in privacy [and] cybersecurity.
Do you believe some companies think they aren’t affected by privacy laws?
Those that come to me have realized they have an obligation to comply with laws, but there are a number of companies that do not understand the requirements or need to be educated on those requirements. Or they think the requirements don’t apply to them. Frequently, when I meet a company I’ll say, ‘What type of personal data are you collecting?’ and they’ll say, ‘No, we don’t.’ We need to help them understand what personal information is. Even with that, the definition of personal information has changed so much, we are chasing a moving target.
What is the most common cybersecurity challenge for companies?
To me, the number one challenge is people. As we’ve seen for example in the most recent security breaches, many of the errors and breaches and mishaps are caused by people, so companies need to do much more to train their employees, monitor what they do and increase their awareness. Without that, everything else fails.
What are some of the most important cybersecurity regulations for your clients?
They are not regulations per se but there are efforts by a number of organizations to create some consistency amongst the laws so there is an easier interchange of data between countries. For example, the OECD [Organisation for Economic Co-operation and Development] back in the 1980′s then later in 2013 created data protection principles and security principles to be adopted and interpreted by countries throughout the world. You have efforts by the European Union to create laws that apply in 28 countries. There are the efforts of the APEC [Asia-Pacific Economic Cooperation] in the Asia-Pacific region to create the common privacy framework so that countries are able to interact and integrate with each other.
Are there any state-level cybersecurity or data privacy laws that have your attention?
Plenty. One I would cite is biometric laws. Illinois is one of the drivers in the collection of biometric information and we’ve seen a number of cases there. We’ve seen a number of municipalities as you’ve mentioned that also want to curb the use of facial recognition technology, [which is being] principally conducted by the police authority with a different goal, but these are very significant laws because biometrics is a type of information that is with a person forever. It doesn’t change. It’s a recognition that this is a highly sensitive type of information and it should not be collected without good reasons and good purposes.
Other laws of interest are related to the CCPA [California Consumer Privacy Act]. New York for example is working on a law that would be similar to the CCPA.
I saw on the DataMinding website that you mentioned smart cities. Are there cybersecurity issues related to them?
Yes, I’m passionate about smart cities because it’s where the future is for each of us as citizens, but the interconnection of so many computer systems, sensors and cameras under one hub is by itself a huge privacy and cybersecurity issue. We need to be aware of the high risks of privacy invasion and privacy security risks. We’ve seen a number of problems, one example that comes to mind is Atlanta that was the victim of ransomware. There are numerous other cities that have been the victim of cyberattacks.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Gibson Dunn Sued By Crypto Client After Lateral Hire Causes Conflict of Interest
- 2Trump's Solicitor General Expected to 'Flip' Prelogar's Positions at Supreme Court
- 3Pharmacy Lawyers See Promise in NY Regulator's Curbs on PBM Industry
- 4Outgoing USPTO Director Kathi Vidal: ‘We All Want the Country to Be in a Better Place’
- 5Supreme Court Will Review Constitutionality Of FCC's Universal Service Fund
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
