This past September Governor Brown signed into law Senate Bill 327, which is the first state law designed to regulate the security features of Internet of Things (IoT) devices. The bill sets minimum security requirements for connected device manufacturers, and provides for enforcement by the California Attorney General. The law will come into effect on January 1, 2020, provided that the state legislature passes Assembly Bill 1906, which is identical to Senate Bill 327. READ MORE
Jennifer Martin is a Partner with the Cyber, Privacy & Data Innovation Practice. She counsels clients on complying with cybersecurity regulatory expectations and best practices across industries, including for large critical infrastructure companies in the technology, energy, health care, financial, and transportation sectors.
She focuses on a range of cybersecurity projects for clients, including advising on cybersecurity program compliance and resiliency on an industry-by-industry basis; managing significant security incidents and providing cross-disciplinary incident response planning; drafting commercial contract terms and requirements for purchasers and vendors as part of managing cybersecurity risk; and conducting cybersecurity due diligence in M&A transactions. Jennifer’s holistic, company-wide incident response planning and risk management counseling are informed by more than 18 years of handling significant cyber incidents from a variety of legal and technical perspectives. She has significant experience managing the response and investigation into sophisticated cybersecurity attacks impacting systems and information, including those attributable to nation-states, insider thefts of intellectual property, and data breaches of all sizes and significance. She works directly with personnel at all levels of an impacted organization and across disciplines, including directly with IT security personnel, to ensure coordinated and protected response investigations. As a former federal prosecutor, she is also frequently involved in coordinating with law enforcement and government agencies in a range of cybersecurity matters.
Jennifer leverages her technical and legal experiences in-house, with her experience as a forensic consultant and outside counsel to provide practical, implementable advice on risk management. She is often asked to facilitate between legal counsel and security personnel to manage cybersecurity risk, and to ensure that security controls and company practices are compliant with industry standards. She also works across industries to counsel clients on evolving legal requirements, including drafting comments on pending regulation, counseling on information sharing and threat intelligence programs, and providing guidance with respect to emerging technologies, with particular experience counseling clients on a range of issues associated with the secure development, deployment, and collection of data across the Internet of Things (IoT) ecosystem and throughout the product lifecycle.
Jennifer’s early work as a federal and local cybercrime prosecutor and policymaker within the DOJ’s Computer Crime & Intellectual Property Section provides her with historical insight into the evolving threat landscape and the consequent law enforcement and regulatory responses. In addition, Jennifer served as director of cyber incident response and operations and lead in-house internal investigations counsel at Symantec, was a Managing Director of Stroz Friedberg, a global forensic consulting firm, and led her previous firm’s west coast cybersecurity practice.
Posts by: Jennifer R. Martin
Game-changing Calif. Consumer Privacy Act of 2018 puts statutory breach damages on the table
The recently-enacted California Consumer Privacy Act of 2018 is a game-changer in a number of respects. The Act imports European GDPR-style rights around data ownership, transparency, and control. It also contains features that are new to the American privacy landscape, including “pay-for-privacy” (i.e., financial incentives for the collection, sale, and even deletion of personal information) and “anti-discrimination” (i.e., prohibition of different pricing or service-levels to consumers who exercise privacy rights, unless such differentials are “reasonably related to the value provided to the consumer of the consumer’s data”). Privacy teams will be hard at work assessing and implementing compliance in advance of the January 1, 2020 effective date. READ MORE
Orrick partners Emily Tabatabai, Tony Kim and Jennifer Martin authored this article for Corporate Counsel on the sweeping implications for businesses of California’s newly-enacted privacy law. Members of our global Cybersecurity, Privacy and Data Innovation Practice, Emily, Tony and Jennifer outline the reasons the new law will have “a significant impact on core business operations.”
Noting the “astounding” statistics on the use of smartphones and other mobile devices to “shop, bank, play, read, post, watch, date, record, and go” across consumer populations, the FTC has recently re-focused its attention on mobile security issues. As the amount of information collected on mobile devices, and through applications on those devices, continues to rise exponentially, unsurprisingly, mobile devices have become increasingly fertile grounds for cyberattacks. Against this backdrop, in February 2018 the FTC issued a 134-page report titled Mobile Security Updates: Understanding the Issues (the “Report”). Not long afterward, on April 2, 2018, the FTC appointed a new Acting General Counsel, Alden Abbot, who has substantial experience in the mobile-communication industry, including serving in key legal roles at Blackberry Corporation and the National Telecommunications and Information Administration in the Department of Commerce. Although the Report is narrowly focused on processes for patching vulnerabilities and software updates, the FTC notes that the Report is “part of an on-going dialogue” and that it intends to work with industry, consumer groups, and lawmakers to further the “goals of reasonable security and greater transparency” in its efforts to improve mobile-device security. READ MORE
Given the explosive growth in the connectivity of every day “things,” several government agencies are focused on how best to support innovation and the benefits of an increasingly connected, data driven society, while weighing options for mitigating the cybersecurity and privacy risks relating to the Internet of Things. The pace of development with respect to connected cars and autonomous vehicles has drawn particular attention. READ MORE