Search Results

October 25, 2022 InfiniGlobe announced its partnership today with Onit, the leading provider of enterprise workflow solutions. As an Onit Strategic Alliance Partner, the InfiniGlobe team is increasing its Onit-certified resources and doubling down on its commitment to clients to facilitate understanding and realization of the benefits of their Onit system. “At Onit, we only partner with the best to ensure our customers get a world-class experience across all stages of the buying process — from consideration and selection all the way through implementation.” --Marc Palombo, Vice President of Strategic Alliances at Onit InfiniGlobe is a trusted name in the corporate legal environment with two decades of proven track record of helping legal departments select, enhance, and maintain their technology tools. “With this partnership, we are positioned to bring in years of best practices and real value to legal departments looking to automate processes, drive operational efficiency, and manage costs with effective results.” --Mori Kabiri, CEO and President of InfiniGlobe Read the official press release here.

October 24, 2022 Cybersecurity: NY Attorney General James Secures $1.9 Million Settlement from Zoetop On October 12, 2022, New York Attorney General Letitia James released a statement that her office secured a $1.9 million settlement from Zoetop Business Company, a global online fashion retailer that owns SHEIN and ROMWE. This is a result of the company’s alleged failure to handle a data breach that jeopardized the personal information of its customers. In 2018, Zoetop was a victim of a cybersecurity attack when hackers stole the payment information and personal data of 39 million SHEIN accounts and 7 million ROMWE accounts, 800,000 of whom are residing in New York. According to an investigation conducted by the Office of the Attorney General (OAG), the company although aware of the situation has downplayed the incident and failed to take the proper steps to protect its customer's accounts before and after the data breach. For the “vast majority” of SHEIN accounts impacted in the breach, Zoetop “failed to even alert those customers that their login credentials had been stolen.” In addition to the settlement amount, the fashion retailer needs to maintain a comprehensive information security program that documents specific security measures and controls. The company also must appoint a qualified employee to oversee the information security program and offer identity protection services to customers at no charge. Regulation: White House Office of Science and Technology Policy Released AI Bill of Rights The White House Office of Science and Technology Policy (OSTP) published a set of guidelines for companies to abide by when using and implementing artificial intelligence. Although the guidelines are not binding, the OSTP expects that Blueprint for an AI Bill of Rights will influence tech companies to focus on protecting the privacy of consumers which includes disclosure of the why and how of the automated system. The released blueprint provides five principles: Safe and Effective Systems Algorithmic Discrimination Protections Data Privacy Notice and Explanation Human Alternatives, Consideration & Fallback The principles are designed to be woven into system development to ensure safety and transparency, while also reducing the potential for algorithmic discrimination. Events: Retain, or destroy (data)? That is the question! ILTA will have a webinar about data retention on October 25, 2022, from 8:00 am to 9:00 am PST. The online event will be led by Chris Giles and Kandace Donovan and topics will include managing data on different platforms and policy collaboration and compliance across the organization. You can register here. Learn about what we do. InfiniGlobe is a consulting and software company that specializes in helping corporate legal departments and law firms. Reach out to us at info@InfiniGlobe.com or at (833) LGL-TECH.

October 17, 2022 Cybersecurity: State Bar of Georgia Reveals New Details on Data Breach A follow-up on the cybersecurity breach incident at the State Bar of Georgia in April 2022. Initially, it was reported that a BitLocker ransomware was involved but a representative stated that the incident did not involve any monetary demand. The statement published last week provided a detailed explanation as to what has occurred including the investigation of a third-party cybersecurity firm, law enforcement, and state regulators. The investigation concluded that an unauthorized individual evaded security protocols that granted them access to its systems, “although we had security protocols and technology in place to help prevent unauthorized access.” The compromise included current and former employees' names, addresses, dates of birth, Social Security numbers, driver’s license numbers, direct deposit information, or name change information. The State Bar offers all members and employees free credit monitoring and identity protection services as a result of what happened. Regulation: New Executive Order to Implement EU-U.S. Data Privacy Framework On October 7, 2022, U.S. President Joe Biden signed a new Executive Order that implements the EU-US Data Privacy Framework (DPF). This focuses on Enhancing Safeguards for United States Signals Intelligence Activities which refines the United States' roles in the implementation of the EU-U.S. Trans-Atlantic Data Privacy Framework. The EO will replace the EU-US Privacy Shield which was struck down in July 2020 by the Court of Justice of the European Union (CJEU). It addresses the previous inadequacies in the self-certification scheme and strengthens the privacy and civil liberties protections for foreign individuals. It also includes a “Signals Intelligence Redress Mechanism” which includes collecting foreign intelligence from communications and information systems. The European Commission will now review the DPF and prepare to release an adequacy decision and adoption procedure. InfiniGlobe is a full-service consulting and software company. Our team of experts has 20+ years of industry experience working with top corporate legal departments and law firms. Contact us at info@infiniglobe.com or at (833) LGL-TECH.

Regulation: EU’s New Cyber Resilience Act On September 15, 2022, the European Commission published a proposal for a new regulation called the Cyber Resilience Act (CRA). The drafted law aims to strengthen digital products in the European Union and also to amend Regulation 2019/1020. In line with the EU's goal of digital transformation to be the forefront leader in cybersecurity, CRA was created to introduce rules that are not yet covered by previous regulations. The new framework will be applied to a broad range of hardware and software products in the EU market. If passed, the Commission will monitor its implementation and the compliance of organizations involved as well as the assessing of the effectiveness of the provisions. The Commission is also responsible for reviewing and submitting a report to the Council and the European Parliament within 36 months of the CRA's application and every four years after that. CRA is currently open for public comment until November 22, 2022. Report: Law Firms Answered Legal Tech Survey A new report was released that surveyed America’s top law firms to get their extraordinary insight on technology issues, and how they faced cybersecurity threats with legal technology. More businesses invest in the implementation of technology which the pandemic also exacerbates. Key highlights of the survey include the following: 57.1% say that the size of their technology department remains unchanged 71.4% of law firms outsource their tech support Respondents believe that their top 3 biggest security threats are employee negligence (39.3%), ransomware (35.7%), and phishing attacks (14.3%) There is a gradual move to the cloud with 64.3% answering that from 2021 to 2022 their firm's cloud storage slightly increased. Microsoft Teams is the top application communication tool with 67.9% of law firms using it. 31.8% said that they had increased their IT department's capital budget by more than 10%. Need help? InfiniGlobe is a full-service consulting and software company. We have 20+ years of industry experience working with top corporate legal departments and law firms. Contact us at info@infiniglobe.com or at (833) LGL-TECH.

September 26, 2022 Compliance: New Security Standards for Software Vendors of Federal Agencies Self-attestations are now required from software developers before can purchase and use their products. The new guidelines were from the Office of Management and Budget (OMB). Agencies may also require vendors to a software bill of materials so they are informed of the complete software components before bidding starts. Self-attestations refer to documents that provide proof that the software is in compliance with National Institute of Standards and Technology (NIST) guidelines. Earlier this year, NIST released its updated cybersecurity framework. OMB orders that all federal agencies prepare an inventory of the software they use within 90 days while agency chief information officers are given 120 days to ask their software vendors a process to comply with the new requirements. Report: Global CIO Survey on AI Adoption by 2025 AI adoption is increasing steadily, with 35% of companies reported using AI in their business, and an additional 42% reported they are exploring the adoption of AI. In the report, CIO Vision 2025: Bridging the Gap between Business Intelligence and AI released by MIT, C-level executives, chief information officers, chief technology officers, and chief data and analytics officers provided insights into the use of AI. Some of the key highlights are below: 72% cited that the challenges to achieving their AI goals are more likely than other factors. 78% of enterprise technology leaders and 96% of AI leaders say that their top priority is to create business value when scaling AI and machine learning. 72% of all surveyed believe that the best approach to ensure the most flexible possible foundation for AI development is through a multi-cloud. Most leaders expect an increase in spending on data security by an average of 101%. InfiniGlobe, a full-service consulting and software company, specializes in systems integration and performance optimization of top corporate legal departments and law firms. For more information, reach out to us at info@InfiniGlobe.com or at (833) LGL-TECH.

September 19, 2022 Privacy: California Governor Signs New Bill Protecting Children Online On September 15, 2022, California Governor Gavin Newsom, signed Assembly Bill (AB) 2273, or The California Age-Appropriate Design Code Act which will start by January 2024. The bill that has bipartisan support is an attempt to protect the well-being, data, and privacy of children using online platforms. Under the bill, businesses that provide online services, products, or features likely to be accessed by children need to comply with the following: Businesses must complete a Data Protection Impact Assessment before their online services, products, or features are offered to the public. Provide a clear signal to the child when the child is being monitored or tracked using geolocation. Every online service, product, or feature should provide privacy information, terms of service, policies, and community standards of their platform with clear language that children will easily understand. Profiling a child by default is not allowed Prohibits collecting, selling, and storing child's information. A group called The Children’s Data Protection Working Group will be created to provide reports of implementation to the Legislature. AB 2273 will also give power to the Attorney General to seek an injunction or civil penalty against any business that does not comply with any of its provisions. Violators will be liable for a civil penalty of not more than $2,500 per affected child for each negligent violation or not more than $7,500 per affected child for each intentional violation. Report: The Changing Role of CIOs In This New Study In today’s age of technology, businesses need to keep up with how fast pace everything is, and the recent pandemic exacerbates the challenges they face. The 2022 state of the CIO was participated by 985 IT leaders and 250 lines of business which provides a new perspective to the agenda of CIOs in the future. Organizations can also learn what IT leaders expect and their insight into the CIO role. A few of the highlights are listed below: 76% of CIOs say they struggle to balance business innovation and operational excellence. 60% are currently focused on strategic activities like business innovation, developing strategy, or identifying opportunities for competitive differentiation. 42% of CEOs answered upgrading IT and data security to reduce corporate risk is their top priority. 74% of IT leaders believe that due to the pandemic, CIOs' roles become more vital and will continue to do so. 74% answered that remote and hybrid work has increased the stress on IT support staff and services. 90% of CIOs expect that their budget for IT initiatives will not decrease over the next 12 months. The InfiniGlobe team provides software technologies and consulting services for many Fortune 500 companies. Reach out to us at info@InfiniGlobe.com or at (833) LGL-TECH.

September 12, 2022 Cybersecurity: Second Largest School System Ransomware Attack Over the Labor Day weekend, the Los Angeles Unified School District (LAUSD), the US'second-largest school system, was targeted by a ransomware attack. This has prompted the shutdown of their computer systems. A released statement from LAUSD said Federal and state authorities come to their aid and that a new task force was created to "take a deep dive into the recommendations and implementation progress of this security audit". According to the district's superintendent, despite the attackers encrypting the schools' data, there was no immediate demand for money, and the schools were opened on Tuesday. Report: IBM’s Cost of Data Breach 2022 This year IBM’s extensive report on the cost of data breach was released. Participated by 550 organizations in 17 different industries that experienced data breaches between March 2021 and March 2022. Improving their study, the new edition includes additional information such as the Extended detection and response, the use of risk quantification techniques, and the impacts of individual technologies that contribute to a zero-trust security framework. Rounding up the highlights below: USD 4.35 million is the global average cost of data breach. USD 9.44 million average cost of data breach in the US. 59% of the organizations do not have a zero trust architecture. 19% had a breach caused by a business partner being exposed to security threats. USD 4.46 million is the average total cost of breaches caused by supply chain attacks. 45% of the breaches that occurred were cloud-based. 83% of the organizations had more than one breach incident. 277 days is the average time for a data breach to be identified and resolved. Event: Defense Tech Week This week Defense Tech Week will be held from September 12- 16, 2022. The weeklong event will feature speakers from leaders of federal agencies and the tech community. InfiniGlobe offers a broad range of professional services and software solutions for the legal industry. We'd love to hear from you! Contact us at info@infiniglobe.com or at (833) LGL-TECH.

September 5, 2022 Regulation: California Attorney General Announces First CCPA Settlement California's Attorney General issued a statement for the first public settlement by the Office of the Attorney General (OAG) in regard to the California Consumer Privacy Act (CCPA). According to the OAG, a global beauty brand allegedly failed to disclose to its consumers that it was selling personal information, failed to process requests from users to opt-out of sale via user-enabled Global Privacy Control (GPC), do not have browser signals in violation of the CCPA, and non-action for the alleged violations within the 30-day period from the date the notice which is the allowed time by the CCPA. OAG announced the details of the settlement, the company agreed to pay the penalty amounting to US$1.2 million and other specific requirements for compliance which include: A clear statement that it sells data on its online disclosure and privacy policy. Option for users to opt out of the sale of personal information, including via the Global Privacy Control Change its service provider agreements to comply with CCPA Provide reports to the OAG for the sale of personal information, the status of its service provider relationships, and its efforts to honor Global Privacy Control Cybersecurity: Federal Agencies Released Supply Chain Security Guidance for Developers With the growing risk in cybersecurity, federal agencies including the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) have released a report to guide software developers. Securing the Software Supply Chain for Developers created via the public-private working group Enduring Security Framework (ESF) aims to develop and issue cybersecurity recommendations and mitigations. The report provides real-life cases and processes like the Secure Software Development Process, common threats, Security test plans, and detailed action plans. InfiniGlobe helps legal departments maximize their technology investments with simple and useful technology. Discuss your goals or suggestions, email us at info@infiniglobe.com or call us (833) LGL-TECH

August 29, 2022 AI: Second Draft of Artificial Intelligence Risk Management Framework Released Expanding the Artificial Intelligence Risk Management Framework (AI RMF), the National Institute of Standards and Technology (NIST) released its second draft with the goal of asking the public for some comments. The changes in the AI RMF include the characteristics of a trustworthy AI providing the seven elements: Valid and Reliable, Safe, Fair, Secure and Resilient, Transparent and Accountable, Explainable and Interpretable, and Privacy-Enhanced. The second draft also has a more concise risk management section which explains who the AI RMF is for, their individual roles and responsibilities, and how they can affect differently in the risk management process Contained in the release, NIST published a playbook to guide users on how to safeguard the integrity of their AI systems’ design, development, deployment, and use. Comments from the public can be sent to AIframework@nist.gov which will be open until Sept. 29, 2022. Security: Fremont County Disrupted by a Cyberattack On August 17, 2022, government offices in Fremont, Colorado were shut down after having been subjected to a cyberattack. Services are now limited, and some divisions are open by making an appointment but emergency 911 calls and COVID-19 testing are still fully operational. The latest update from their official statement says that they are “seeing progress in restoring county systems after the cybersecurity event". There was no confirmation as to the origin of the attack but an investigation from the incident response team confirmed that the attack is contained to their servers and other counties were not affected. Infiniglobe specializes in legal technology assessments and corporate law departments of many Fortune 500 corporations, reach out to us at info@infiniglobe.com or at (833) LGL-TECH.

Report: Third-Party Risk Management Study With the rise of data breaches, compliance issues, and supply chain disruptions companies have learned how to protect themselves and their customers by adopting third-party risk management (TPRM) initiatives. A 2022 report called Third-Party Risk Management Industry Study shows the current state of TPRM that will shape future trends. This will help organizations check their current systems and provide a benchmark for other companies. Key highlights of the report include: 45% of respondents said that their TPRM programs are focused on IT Vendor Risk 2/3 answered that executives and board members have more visibility on their TPRM programs 45% are using spreadsheets to assess their third parties 36% are planning to upgrade or implement a TPRM solution within the next 12 months 45% reported that their company has experienced a security breach connected to a third party in the last 12 months 74% of those surveyed have reported on third-party data privacy and protection controls 69% are concerned that their third party are exposed to security incidents due to poor vendor security practice Event: ILTACON 2022 This week legal professionals and industry leaders will gather at Gaylord National Resort & Convention Center in Maryland for ILTACON 2022. The event will run from August 21 - August 25. Sessions will include speakers from Thomson Reuters, Litera, Microsoft and Baker McKenzie. InfiniGlobe is a consulting and software company that specializes in helping corporate legal departments and law firms maximize their technology investments. Reach out to us at info@InfiniGlobe.com or at (833) LGL-TECH.