This weekend, Google was fined 50 million euros (over $55 million) by France’s Data Privacy Authority,  CNIL, for breaching Europe’s (fairly) new General Data Protection Regulation.

GDPR lays the framework for the legal processing of personal data, requiring that companies  have a lawful basis for processing a user’s personal information.  This lawful basis can result from the user’s genuine consent prior to collecting personal information; processing necessary for the performance of a contract, compliance with a legal obligation, to protect the vital interests of a data subject or natural person, for the performance of a task in the public’s interest, or for the purpose of the legitimate interests of a controller or third party.

The GDPR went into effect on May 25, 2018.  Shortly after its enactment, two privacy rights groups, noyb (Max Schrems’ brainchild) and La Quadrature du Net (LQDN) filed complaints against Google with the CNIL. The noyb complaint was filed on May 25, the same day the Regulation took effect. 
Continue Reading

On June 13, 2017, the Department of Homeland Security published an alert regarding malicious cyber activity by the North Korean government, known as Hidden Cobra.  Per the DHS and FBI, Hidden Cobra uses cyber operations to the government and military’s advantage by exfiltrating data and causing disruptive cyber intrusions.  Potential impacts of a Hidden Cobra

On May 11, President Trump signed Executive Order (EO) on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. This is a significant development for U.S. cybersecurity as it represents a concrete call to action for the government to modernize its information technology, beef up its cybersecurity capabilities, protect our country’s critical infrastructure from

Recently, a widespread global ransomware attack has struck hospitals, communication, and other types of companies and government offices around the world, seizing control of affected computers until the victims pay a ransom.  This widespread ransomware campaign has affected various organizations with reports of tens of thousands of infections in as many as 99 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan.  The software can run in as many as 27 different languages.  The latest version of this ransomware variant, known as WannaCryWCry, or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and has spread rapidly.

Continue Reading


When:           Monday, April 24, 2017
Where:          Offices of Seyfarth Shaw LLP, Chicago, IL
Sign in:          5:00 – 5:30 pm
Event:            5:30 – 6:30 pm
Reception:    6:30 – 7:30 pm

Topic: Interactive Dialogue concerning The Sedona Conference® International Litigation Principles (Transitional Edition): Practical Help for Companies with the EU General Data Protection Regulation and Privacy Shield

Scott Carlson has been selected to serve on the Georgetown Advanced eDiscovery Institute (AEDI) Advisory Board. The AEDI’s Advisory Board plans Georgetown Law Center’s annual eDiscovery conference.  Now entering its fourteenth year, the conference is recognized as the preeminent annual global eDiscovery Conference.

As a nationally recognized figure in eDiscovery and Information Governance,