BizTech Law Blog

The Cybersecurity Information Sharing Act of 2015 (“CISA”) expired yesterday on September 30, 2025.

Though Congress discussed renewing the statute prior to its expiration, CISA was not officially reauthorized by the federal government.

CISA was designed to encourage private organizations to share cybersecurity information with other private sector entities and the federal government through the Department of Homeland Security, aiming to strengthen overall monitoring capabilities and bolster collective defense against cyber threats. In particular, the statute ...

Equity incentive plans are a powerful tool for encouraging and rewarding a company’s employees and leadership, who may include prospective investors, through different kinds of equity interests and structures. Different structures can present different tax and economic consequences for the company and participants upon grant, vesting, purchase, or later sale.

Closely held businesses vary widely in size, budget, legal and tax structure, sophistication, compensation philosophy, and risk tolerance. Incentive programs therefore also vary widely among closely held and ...

Artificial intelligence (AI) is fast becoming an integral element in the operation of virtually every business and organization.

With more employees working remotely for the foreseeable future, a resulting increase in spoofing and other hacking attempts is becoming a very common and real threat. It is imperative for a business to have the proper protection policies and procedures in place.

In the following video, moderated by Patricia Scott, attorneys Taylor Gast and Robert Hamor discuss ways to minimize risk and avoid disaster as more employees work remotely. This video touches on the recent rise in computer hacking attempts, along with a discussion on strategies to protect businesses and employees.

Click the thumbnail below to view the full video.

This video is for general information purposes only and IS NOT LEGAL ADVICE. If you seek legal counsel or need help in determining how this information applies to a specific situation, contact a Foster Swift business & tax law attorney before taking any action.

As a business or business owner, one thing to consider when creating a cybersecurity plan, is a vendor management program. Vendor management programs can help businesses address risks that arise when working with vendors and third parties that might be receiving sensitive information or business information.

This is the second part in a series discussing the actions that companies can take to prepare for potential data privacy legislation. Part One summarizes and discusses recently proposed data privacy legislation.

Whose responsibility within a company is cybersecurity? Should key decisions fall to IT, or should higher management be involved more heavily in day-to-day cybersecurity risk management? Given the large fines and compliance obligations facing companies today, it’s probably obvious to most that data privacy and security is not just a technology issue.

Data privacy and cybersecurity concerns are changing the way potential investors and acquirers evaluate a target company through due diligence. Data and security related risks can be extremely costly – especially those that are not uncovered in due diligence.

On November 2, 2018, Ohio became the most recent state to update its data breach laws by enacting the Ohio Data Protection Act.

With the rise of data breaches and regulatory enforcement, businesses must acknowledge cybersecurity and data privacy issues as significant business risks.

On June 28, California governor Jerry Brown signed into law the California Consumer Privacy Act of 2018. The Act will significantly impact companies (including many based outside of California) and United States legislation in the coming months, although it is unclear whether the new law will serve as an example for other states or an outlier. Importantly, the Act contains a number of "GDPR-like" features, making it the most restrictive data privacy law that the United States has ever seen.

It's not hyperbole to say that the General Data Protection Regulation's May 25th enforcement date marks one of the largest shifts in the history of privacy laws.

This is the second article in a series on Third Party and Vendor Management. The first article discussed pertinent considerations for vendor contracts in the context of cybersecurity.

In September 2017, credit reporting agency Equifax announced that personal information for over 140 million U.S. consumers was potentially compromised. Equifax’s forensic investigations have put the number closer to 145.5 million. The compromised data includes names, social security numbers, birth dates, addresses, driver’s license numbers and even credit card numbers. Within a matter of weeks after the breach, Equifax’s CEO, Richard Smith, announced he was stepping down. It soon became clear that Equifax’s troubles were just beginning.

Influencer marketing on social media is a very big business. Here’s how it works: brands team up with individuals with large and engaged followings on social media platforms such as YouTube, Facebook and Instagram (i.e., “influencers”), and pay them to promote their products.

Businesses are understandably concerned about negative reviews posted on popular websites such as Yelp, Facebook, and TripAdvisor.

The U.S. Department of Health and Human Service's Office for Civil Rights ("OCR") recently published guidance for entities covered by HIPAA, entitled "My entity just experienced a cyber-attack! What do we do now?"

In today's world, technology is ever changing and data breaches are widespread. Both have repercussions for the legal profession. As technology has evolved and become more intrusive, the obligations of attorneys and how attorneys handle client matters has also evolved.