All posts by "Jason Wool" →

About Jason Wool

Jason Wool

Jason Wool’s practice focuses on cybersecurity, including cyber risk management, incident response, and compliance with global data protection laws, regulations, and standards, including the PCI-DSS. He has advised organizations ranging from small businesses to Fortune 500 companies during complex, privileged computer crime investigations; provided ongoing advice on the development of cybersecurity programs and cybersecurity governance structures; conducted tabletop exercises and other data breach simulations; and assisted clients with large scale audits to determine compliance with complex cybersecurity standards.

Recent Posts

President Trump signed into law the FAA Reauthorization Act of 2018 (“FAA Act”) in which Section 375 authorizes the Federal Trade Commission (“FTC”) to apply Section 5 of the FTC Act to privacy policy violations...

Read More →

A Canadian law that goes into effect on November 1st will require companies to maintain a record of all breaches, regardless of whether they are reportable. We’ve previously written about the Canadian law that will...

Read More →

Ohio has become the first state to enact legislation providing liability protection for businesses that implement a written cybersecurity program that “reasonably conforms” to certain cybersecurity frameworks or laws to protect personal information. This approach...

Read More →

Nearly three years after adding a mandatory data breach notification provision to its federal privacy law, Canada has taken steps that will effectuate the dormant requirement. The Governor General in Council, on the recommendation of...

Read More →

Alabama became the 50th and final state to enact data breach notification legislation when Governor Kay Ivey signed into law the Alabama Data Breach Notification Act of 2018. Alabama’s law comes on the heels of...

Read More →

Selecting appropriate contract clauses is a key strategy for managing security risks with vendors. Security provisions in vendor contracts should be tailored to the risks posed by the specific engagement, the supply chain for the...

Read More →

Technology is always changing, and the law sometimes struggles to keep pace. This can lead to more questions than answers for organizations trying to make use of innovative or evolving tools, while navigating a legal...

Read More →

This post has been updated to reflect that the WP29 has since released updated guidance. In our recent blog post on the Article 29 Working Party’s draft guidance on the GDPR’s breach notification requirements, we...

Read More →

This post has been updated to reflect that the WP29 has since released updated guidance. Most companies handling personal data of EU residents know that the General Data Protection Regulation (“GDPR”) will impose mandatory data...

Read More →

S3 Buckets: Not so Simple?

September 5, 2017 | 0 Comments

Uber has agreed to settle a complaint stemming from allegations that the ride-hailing company made deceptive claims concerning its data security practices following a 2014 data breach. The data breach in question affected an Amazon...

Read More →