Podcast: The Hearing – Chris Mohr – VP for Intellectual Property and GC at SIIA

This week we talk privacy, piracy, and intellectual property. Before the lockdown, I sat down with Chris Mohr, VP for Intellectual Property and GC at Software and Information Industry Association.

Working at the heart of the US federal government in Washington DC, Chris tells us about life as a lobbyist on Capitol Hill and how he navigates the challenges posed by different global approaches to intellectual property. He also talks about the intersection between IP and privacy law and the Constitution, as most data is effectively speech for Constitutional purposes, there are fundamental conflicts when people’s privacy rights are at stake.

Chris and I chat about where AI might be taking us and what IP implications there may be, as they ponder whether machines are legally allowed to be inventors.

Listen on Apple: https://podcasts.apple.com/gb/podcast/ep-56-chris-mohr-software-information-industry-association/id1389813956?i=1000484584104

Listen on Google: https://podcasts.google.com/feed/aHR0cHM6Ly9wb3J0YWwtYXBpLnRoaXNpc2Rpc3RvcnRlZC5jb20veG1sL3RoZS1oZWFyaW5n/episode/aHR0cDovL2F1ZGlvLnRoaXNpc2Rpc3RvcnRlZC5jb20vcmVwb3NpdG9yeS9hdWRpby9lcGlzb2Rlcy9FcDU2X0NocmlzX01vaHJfbWl4ZG93bi0xNTk0Mzg4MTc0NjkzNTY5MTkzLU16QTNNamd0TlRBd01UQTFOVFE9Lm1wMw?ved=0CAIQkfYCahcKEwjQgPy9qsrqAhUAAAAAHQAAAAAQBA

Google Glass – Thoughts on Glass: Privacy, Security and Its Future

By Joseph Raczynski

This is part two in a series of video’s surrounding Google Glass. This is the Privacy, Security and future of Google Glass. In this video we get to see the complete Google Glass. Take a look at the Google Glass Explorer program.

Glass Series Includes:

1) Glass Unboxing

2) Thoughts on Glass: Privacy, Security and Its Future

3) Usability Demo

4) Law Firms and Glass

5) Full Demo

 

Law Departments and Cyber Security: Addressing the Scary Stuff

By Joseph Raczynski

Law firm security bears one of the softest underbellies within the world of professional services. This alarm was sounded during an ILTA panel discussion surrounding security with Michael Russell of Liberty Mutual, Brian Donato of Vorys Sater, and Natalie Fedyuk of KPMG.  The consensus from the group was that law firms have more possible exposure to threats due to their complicated handling of highly sensitive data that crosses the spectrum of (PII) Personally Identifiable Information.

According to the panel, a recent investigation called the Mandiant Report cited one of the largest threats to law firms outside of the United States is China.  The evidence supports that the Chinese Army is attacking law firms because of their traditionally low levels of security and their highly sensitive information.  In one example a law firm had been attacked and the email addresses released of military officers who were being investigated for atrocities in Afghanistan.

With countless successful breaches occurring, the panel focused on how to create better safeguards.

 

  • Manage Vendors: Do a risk assessment of your vendors. Make a security part of the RFP process so that there are tactical steps to support a management strategy.
  • Governance: while security software is important it is a small part of the whole. Make sure a process is in place to govern all aspects of data flow, access, audits, and compliance.

Establish informational audits for internal personnel and vendors which include the following:

  • Input/Intake
  • Issue Questionnaire
  • Conduct Review
  • Complete Questionnaire and Report
  • QA Review
  • Issue Questionnaire and Report
  • Closing meeting with Vendor

Ultimately all firms should seek out best practices to protect themselves.  They recommended beginning this process by adopting and enforcing a security controls framework.  The LegalSEC “Top Ten” was considered the place to start for implementing proper controls as well as audits.

Ultimately to eclipse the mounting threat of cyber assault on law firms, the panel stressed several salient points.  They stated that creating a very thorough risk assessment for all parties, and establishing a governance process was most important.  They also highlighted that diligently seeking out best practices for data destruction, incident response, and considering a cyber-insurance policy, just in case everything else fails was invaluable.

Missing Insurance Payments?

By Joseph Raczynski

What if your life insurance company looked to find ways to discontinue payments, but not to locate beneficiaries who were missing payments owed to them?

Well it happened and one major life insurance company has recently settled a law suit where they must pay nearly $500 million to people across the United States who were not receiving payments owed to them.  This is the third insurance company who has been forced into a similar settlement.

How did this happen? 

Insurance companies use the “Social Security Death Master File” to determine who is dead or alive, but in this circumstance if an individual had died, they were not proactively sending the beneficiaries’ their money.  You as a recipient of said money would have to know you were a beneficiary, know the company it was held by, and actively pursue it.  I believe it is a fair statement to say that not all of us know if we are listed as a beneficiary on a policy and moreover where to submit the claim.

The Recommendation:

As part of a multistate settlement, these insurance companies must figure out a way to monitor and maintain contact with their insurance holders.

 

As a best practice these companies need to find customers they have lost contact with over the years.  Using technologies that integrate the best public and proprietary record databases, they could see if their customer is dead or alive.  In addition through these services they could match that individual to the last known address.  Finally if the customer happened to be deceased, they could reach out to the relatives of the beneficiary.  All of this is easily accomplished with the databases which have the most up to date addresses and comprehensive information on individuals who may have insurance.

 

Obviously in this instance a few insurance companies were at fault for a lack of due diligence on their part.  Nonetheless some responsibility rests with the insurance holder who must advise family and friends who are designated as their beneficiary’s.  Then those people need to actively follow up once that time arrives.

 

Can you conceptualize ways in which we could determine if we are a beneficiary?  How about a centralized website where a user entered their social security number, and then they would know who has them listed as a beneficiary and the name of the insurance company… just a thought.