Category Archives: General Blog

What’s The Deal With The California Consumer Privacy Act?

Have you heard about California’s big new privacy law? The “California Consumer Privacy Act of 2018” (the “Privacy Act”; Cal. Civil Code § 1798.100 et seq.) goes into effect in January of 2020. Significant media coverage surrounding the new law has led many businesses – Terrapin included – to question whether and how the law may apply to them. Terrapin has analyzed the new law and while we do not expect it will affect our clients from an operations or business perspective right now, we feel it’s important to understand how it may impact you personally.

What Is The Privacy Act About?

The Privacy Act is intended to give consumers greater control over personal information that businesses collect about them. The legislative findings in support of the law refer to the proliferation of personal information in the digital and Internet age, and the increasing difficulty people have controlling the use of such information. Remember the 2018 Facebook-Cambridge Analytica scandal? That is cited as one example and motivator for the new law. The Privacy Act is frequently compared to the EU General Data Protection Regulation (Regulation (EU) 2016/679), commonly referred to by its initials “GDPR.”

What Information Is Covered By The Privacy Act?

The Privacy Act defines personal information broadly – information “that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”  Cal. Civil Code § 1798 .140(o).  This information includes:

  • Names
  • Addresses – postal, email, and Internet Protocol (“IP”) addresses
  • Social security numbers
  • Account names
  • Drivers license numbers
  • Passport numbers
  • Biometric information
  • Internet activity (browsing history, search history, and info regarding a consumer’s interaction with a website, app, or advertisement
  • Geolocation data
  • Audio/visual information
  • Professional or employment related information
  • Education information
  • “Inferences drawn” from such information to create a “profile” about a consumer reflecting their preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

Id.  Personal information does not include information that is “publicly available,” such as information “lawfully made available from federal, state, or local government records,” or consumer information that is “deidentified or aggregate” in nature.  Cal. Civil Code § 1798.140(o)(2).

What Businesses Are Covered By The Privacy Act?

Again, Terrapin does not expect that the Privacy Act will impact our clients from an operations or business perspective. It applies to for-profit businesses that: 1) do business in California; 2) collect, or have collected for their benefit, consumers’ personal information; 3) participate in the determination of the purposes and means of the processing of such personal information; and 4) satisfy one or more of the following thresholds:

  • Have annual gross revenues in excess of twenty-five million dollars ($25,000,000);
  • Annually buy, receive, or share, for commercial purposes, the personal information of 50,000 or more consumers, households, or devices; or
  • Derive 50 percent or more of their annual revenues from selling consumers’ personal information.

Cal. Civil Code § 1798.14(c)(1).

What Are Consumers’ Rights Under The Privacy Act?

The Privacy Act provides consumers three basic “rights” regarding their personal information:

  • The right to know what personal information a business has collected about them; the sources of that information; what that information is being used for; and if and to whom that information has been sold. Civil Code §§ 1798.100(a), 1798.110(a), 1798.115(a)
  • The right to “opt-out” of having their personal information sold. Civil Code §§ 1798.120.
  • The right to request that a business delete any personal information about the consumer which the business has collected from the consumer. Civil Code § 1798.105(a).

Though not couched as a consumer’s “right,” the Privacy Act prohibits a business from discriminating against a consumer who exercises any of their rights under the Privacy Act, such as by denying goods or services to the consumer, or charging a different price for those goods or services, or offering a different level of quality of goods or services.  Cal. Civil Code § 1798.125.

What Happens If A Covered Business Violates The Act?

A business covered by the Privacy Act that violates it can be subject to civil penalties pursued by the Attorney General. Cal. Civil Code § 1798.155(b). The business can also be subject to lawsuits for statutory or actual damages brought by consumers whose personal information is disclosed by a theft or hack against the business. Cal. Civil Code § 1798.15.

Some Takeaways…

Regardless of whether or not you determine the Privacy Act applies to your business, it is significant new legislation that is sure to receive continued attention as it comes into effect and enforcement actions are pursued under its provisions. Depending on the law’s success (or failure), it may lead to further privacy related laws that are even broader in scope and reach.

1.5 Billion Gmail Calendar Users Are the Target of a Crafty New Phishing Scam

Users of Google’s Calendar app are being warned about a scam that takes advantage of the popularity of the free service and its ability to schedule meetings easily.

In business, we schedule meetings all the time. One-off calls, recurring weekly updates, and the like. The latest warning from researchers at Kaspersky indicates the bad guys are using unsolicited Google Calendar notifications to trick user into clicking phishing links.

Here’s how it works:

Scammers send a Google user a calendar invite complete with meeting topic and location information. Inside the details of the appointment lies a malicious link that looks like it’s pointing you back to meet.google.com for more details.

Once clicked, it’s back to the usual tactics of trying to infect the user’s endpoint with malware and so on.

This kind of attack has a massive attack surface, given the number of users utilizing Google’s Calendar service. It also has that contextual appeal by being hidden within a meeting invite and uses a seemingly valid URL for more information.

Users have long been warned about their interaction with email and the web. Now it’s important to add Calendar invites to the list.

Think carefully before you click “Add to Calendar.”  Reach out to your Terrapin tech if you have any concerns about a Google calendar invite you’ve received.

Proactively Manage eDiscovery Issues by Leveraging Rules of Court

What if there was a way to suss out eDiscovery issues in California state court litigation fairly early in the case, outside of law and motion? What if doing so was simply following the rules?

California’s Rules of Court require parties to meet and confer to consider certain issues before a case management conference (CMC).  Cal. Rules of Court, Rule 3.724.  The topics of consideration expressly include “the discovery of electronically stored information” (ESI).  Id.at subd. (8).  The specific issues to be considered relating to ESI include among others the “preservation of discoverable electronically stored information;” “form or forms in which information will be produced;” “scope of discovery of the information;” “method for asserting or preserving claims of privilege or attorney work product, including whether such claims may be asserted after production”; and “other issues . . . including developing a proposed plan relating to the discovery of the information.”  Id.

Parties that conduct the meet and confer conference in a perfunctory manner (or worse fail to meet and confer at all) miss out on an early opportunity to understand the contours of eDiscovery issues that may arise in the case.  On the other hand, parties that faithfully carry out the meet and confer duty can have a meaningful conversation about the who, what, when, where, how, and why of eDiscovery in the case. The effort can yield valuable information the parties and their counsel and eDiscovery vendors can use to chart out, budget for, and streamline eDiscovery issues during fact discovery. If a party seeking to obtain these benefits finds itself stymied by its adversary’s unwillingness to engage in the pre-CMC meet and confer discussions, that fact can be reported in the required CMC Statement and a request made that the Court take up the issue at the CMC.

The takeaway?  By leveraging California’s Rules of Court, litigants have an opportunity to learn about potential eDiscovery issues beforethey are knee deep in discovery, and help to manage what can otherwise become a difficult, time consuming, and expensive component of discovery.

Terrapin’s Litigation Support team is headed by an attorney with sixteen years of litigation and trial experience.  Our team understands eDiscovery and is here to help you with your eDiscovery needs and projects.

Contact Terrapin to learn more.

Going to Trial? Terrapin can help…

Did you know we have someone at Terrapin who can help you prepare a winning trial presentation? You may think of Terrapin as the people you call when your Wi-Fi router is down, or your email isn’t flowing. But we also have someone on our team who has prepared many trial presentations that have led to great trial results.

Betty Nelson started working in law firms in 1980—back when going to trial meant banker boxes, trial binders, and lots of copying and labels.

Fast forward to the year 2000, when Betty went from working as a litigation legal secretary to joining the IT department. A team of attorneys at her firm was preparing for a million-dollar plaintiff’s mediation and their usual trial support team wasn’t available. Betty said, “I think I can help!” Well, she has never stopped helping.

It soon became a passion of Betty’s to help attorneys think about how to present their case to jurors and triers of fact. She has a knack for taking a step away from the complexities of the case and helping attorneys realize they need to look at the case from the eyes of the jury who don’t know any of the parties or understand any of the thousands of complex facts about their case. Her 39 years of working with attorneys and law firms give her the depth and breadth to be able to successfully help in this regard.

Add in her flair for creativity and innovative approaches and you have a winning combination. Betty has prepared many complex timelines and callouts, and other ways of showing demonstrative evidence to juries. She works closely with attorneys and is fast at turning work around. Betty has an amazing attention to detail and a true passion for the law.

Read what two of Terrapin’s clients have said about Betty’s contributions to their success:

Tracy Hunckler, Partner – Day Carter Murphy LLP  

Betty assisted our team of litigators with a complex binding arbitration that was being held out of town in SF for two weeks. She knew exactly what we would need at our “home base-war room” at the hotel and how to work with the hotel staff and vendors to secure the necessary technology so that we could feel like we were back at the office. Betty has years of experience with setting up war rooms out of town and her assistance with our war room was invaluable to our team. Betty also helped prepare an opening statement presentation that included a detailed, animated timeline and other demonstratives that helped the arbitrator understand our complex case. Betty is very creative and has great attention to detail. Moreover, Betty is easy and fun to work with, and provides a sense of peace during the stress and pressure of litigation.

 

Shaye Schrick, Partner – Delfino Madden O’Malley Coyle Koewler LLP     

Betty has assisted me on three trials in the past two years. She has been a great asset in preparing demonstrative evidence, including PowerPoint presentations and blow-ups. With more than 35 years’ litigation support experience and undeniable intuition, she is able to anticipate what jurors might want to see to better understand the case and collaborates with us on ways to best present evidence and themes visually. She works efficiently—fast and smart—and has great attention to detail. Betty thinks outside the box and helps our firm present a clean, clear image of what the jury will see and/or has seen in trial. I highly recommend Betty for trial work!

If you are interested in learning more about how Betty can help you in trial, contact Betty at Terrapin!

How Metadata and Redactions Can Cause Law Firms Big Headaches

A typical law firm generates an enormous number of legal documents. The history revealed by those documents—both in the form of user history and uncovered redacted statements—can sometimes lead to a whole lot of unintended drama when mistakes are made. Is your firm doing all it can to ensure you’re minimizing the potential for problems?

Let’s look at the properties of a Word document—its metadata:

Clean Up Your Metadata

This type of information is useful not only in civil disputes regarding estates, plagiarism or stolen trade secrets, but also in criminal cases involving financial crimes such as fraud, or even more serious crimes in which a typed confession or suicide note is involved.

Perhaps the most high-profile case to have involved Microsoft Word was that of the BTK (Bind, Torture, Kill) Killer Dennis Rader, whose identity was unveiled after he tauntingly sent a floppy disk to police. The floppy disk contained metadata from a deleted Word document and analysis of the metadata revealed the location of the computer where it was created and the name of the user who last edited it: “Dennis.”

I’ve seen firsthand the impact of metadata mistakes at law firms. An attorney will send a draft agreement to a client, and receives a call saying, “Why is the name ‘Ralph Smith’ all over this agreement? No one named Ralph Smith is involved in this deal.” Next, I get an angry call from the attorney and have to explain about hidden text and/or metadata. Another situation that comes up is when attorneys use a prior document as boilerplate. They are careful to make sure there’s no hidden text, but they still get an angry client call. Why? Because the client went into the properties of the file (see image above) and saw that the author was another attorney in the firm. Not only that, the document was created in 2012, and the last edits took 10 minutes, but the client was billed 1.0 for the work. Not good.

Invest in Redacting Tools

Redactions are another critical concern for attorneys. A major news story hit recently involving redactions in a case involving former Trump chairman Paul Manafort, because the creators of a key document thought they had properly redacted the information they wanted to hide but hadn’t. If you’ve been involved in litigation, you know that redacting documents is something that is done to remove attorney/client privilege or other information that shouldn’t be shared.

Redaction of the document in the Manafort case appears to have been attempted in Word or PDF by drawing a black box over the text or highlighting it in black. When the document was converted to PDF and distributed, the text layer was still there. Readers quickly discovered they could highlight the ‘redacted’ text under the black boxes, copy and paste it, and thereby reveal the contents.

There are numerous tools for redactions, but only a handful that properly do the job.

At Terrapin, we recommend DocsCorp, which offers both a metadata removal tool and a redaction tool:

  1. cleanDocs removes metadata from documents
  2. pdfDocs has reliable redaction tools

We also work with Litera, which offers Metadact as their metadata removal tool.

Please reach out to your primary Terrapin tech if you have any questions about how to manage metadata and redactions at your firm.

Staying Safe on Cyber Monday

It’s Cyber Monday! A time for great deals online, but also a time to be particularly alert for scams. Terrapin wants to remind you that fraudulent websites are actively trying to obtain your personal/financial information.

The ‘Bad Guys’ are more skilled than ever at creating websites that look legitimate. If you plan on doing any online shopping today, you may miss the warning signs.

Tips to remember:

  • Avoid any online shopping on your company’s computer. Use your personal computer or cell phone to avoid accidentally downloading and installing viruses and malware on your work computer.
  • Be wary of prices that are extremely low. Do your research first and know the price range of the item(s) you want to purchase.
  • Make sure the website starts with https – the ‘s’ stands for secure. This is especially important if you are entering credit card or PayPal information.
  • Avoid making purchases on websites you have never visited before.
  • Be careful on social media: While your Facebook page is likely covered in ads, you need to be cautious about clicking on them. Social media ads often include links that take you to sites off social media, which opens up the potential for malware and viruses to be downloaded onto your computer.
  • Read the fine print, including the features of the product and the company’s return policy.
  • Hover over links to see which websites they lead to once you click. Doing that can keep you safe from malware.
  • Avoid clicking on website ads and links in text messages and emails. If the deal sounds too good to be true, it probably is.

Don’t hesitate to reach out to Terrapin if you believe you have clicked on a malicious link or if you encounter pop-ups that warn you of viruses (never click on these, even to close them). Let’s make this a safe and happy holiday season!

Terrapin’s New Method to Identify Email Spoofing

You’ve probably noticed a significant increase in fraudulent emails pretending to be from someone at your firm. These messages are spoofed, often originating from outside the network, but that’s not always obvious at first glance. These message sometimes often give clients enough pause to inquire about them before deleting them outright.

To make it easier for clients to identify these types of messages, Terrapin can prepend a warning to all incoming messages originating from outside the organization. If a message from your associate down the hall arrives in your inbox with this warning attached, then you’ll know immediately that it’s fraudulent and should be deleted.


Please contact your primary tech at Terrapin if you are interested in adding this warning to your incoming email messages.

 

 

Choosing The Right Office 365 Plan for Your Team

 

Microsoft knew what they were doing when they introduced Office 365. It has been a game changer that has taken businesses of all sizes into the cloud – without a significant amount of pain.

Office 365 is a subscription service providing access to features and services including Microsoft Office applications both online and on multiple devices. One of the recent changes Microsoft introduced is the ability for 365 users to have their software installed on up to five devices.

The type of subscription is what determines which applications and services are available to you. No matter which subscription you choose, it’s great knowing you have the right to download the latest version of Office.

Six Office 365 Plans Available

There are six Office 365 plans divided into two areas: business and enterprise. The business plans cap out at 300 users; the enterprise plans are unlimited. The Office 365 Business Premium plan includes:

  • Full installed Office 2016 applications (Word, Excel, Outlook, PowerPoint, OneNote, SharePoint, Publisher & Access), which can be installed on up to five computers (PCs or Macs)
  • Access to Office Mobile (Word, Excel and PowerPoint) on up to five tables and five phones
  • Access to Office Online (Word, Outlook, OneNote, Excel and PowerPoint)
  • Skype for Business
  • 1 TB of storage on OneDrive for Business
  • Document management functions like archiving, rights management, data loss prevention and document-level encryption
  • Numerous business apps, including Bookings, Invoices and MileIQ

(For a complete rundown of all of the business plan options, visit Microsoft’s overview page.)

Commitment to Security, Privacy & Compliance

With the new lineup of options, Microsoft shows that it is committed to delivering multiple levels of security to safeguard data. These include multilayered physical data center security, encryption, auditing controls, and configurable privacy access controls for users and organizations. These security features are important because you can often be working in an area where various networks come into play.

Collaborating Across Devices

I recently had a chance to perform some real scenario testing with Office 365 across devices and platforms (using a selection of Microsoft, Apple and Android products). Although there are slight differences in how the program appears (ribbons, etc.), the functionality is there. And it goes without saying, the convenience is unparalleled.

I started with a Word document that contained complex formatting. You can see the results below:

For more information about Office 365 and help determining which plan is right for your firm, be sure to reach out to your Terrapin team member.

End of Life: When Microsoft Products Become Obsolete

“End of life” is a daunting term, right? It’s so final, but it’s important to bring up in terms of technology – particularly Microsoft products and specifically Windows 7 and Office 2010.

I’ve worked with Microsoft products for many years. This is going to age me, but I think I started on Windows NT (yikes!). As we’ve cycled through the versions of Windows operating systems, there are things we love, things we didn’t think we could live without, and certainly from time to time, changes that make us wish for a previous version.

You may have also noticed, some versions are very popular and stable, others – not so much.

That brings me to Windows 7. Windows 7 Professional has been a very popular version of Microsoft’s operating system, so much so that not many of us ventured into Windows 8 territory, and some of us are even dragging our feet on moving from Windows 7 to Windows 10. After all, Windows 10 has a completely different look and feel, with tiles that float around, offerings to read the news and options to play Xbox. At times it seems like it was designed for those not working in an office setting.

So why did I call this blog entry “End of Life”? Because it’s coming – not only for Windows 7, but also for a very popular version of Microsoft Office – Office 2010. What does ‘end of life’ mean exactly? It means that you will no longer receive security and program updates, leaving your computer and network vulnerable. It means that if something goes really wrong, you will not have support options available through Microsoft. That’s why it’s important to migrate to a current product soon.

It’s not tomorrow – don’t panic – but it’s going to come sooner than you think. It’s time to start thinking about upgrading your operating systems and version of Office, if you are still using Windows 7 and Office 2010.

Because there are numerous versions of each (you know – Windows 7, Service Pack 1, etc.) the dates vary slightly – but here are the general guidelines:

Product                                                Mainstream Support                            Extended Support

Windows 7 Professional                     Ended 01/13/15                                     Ends 01/15/20

Office 2010 Professional                    Ended 10/13/15                                     Ends 10/13/20

Terrapin recommends that you start planning now for your migration to a new operating system and version of Office. Now, more than ever, there are new considerations. For example, will most firms continue upgrading their on premises Exchange server or migrate to Office 365 and Exchange Online?

Reach out to your Terrapin Technology representative and let’s start planning! If you have questions, we have answers.

 

Scam Alert: Using Passwords and a Threat to Your Privacy

Terrapin Technology has learned of a new scam that has shown up in client mailboxes.

How the Scam Works

The scam involves sending you an email with your current or past password (or something very close to it), and alleging they have seen you watching porn on your web browser and threatening to reveal that fact if you don’t pay. This is a scam. The password referenced may be similar to one you’ve used or are currently using. Please do not fall for this scam, but instead change your password(s) immediately. I am providing links to a few news stories on this topic, some of which include the actual text of the “sextortion” email:

https://nakedsecurity.sophos.com/2018/07/13/sextortion-scam-knows-your-password-but-dont-fall-for-it/

https://blog.knowbe4.com/scam-of-the-day-sextortion-old-passwords-and-you

https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

What Else Can You Do?

Please forward this newsletter to members of your organization. Take extra care in changing your passwords regularly, especially after a breach happens at a website you frequent (i.e., LinkedIn, Yahoo mail, etc.). If you need assistance assessing the validity of an email or link contained in an email, please reach out to our team at Terrapin Technology.