Photo of John Tomaszewski

John Tomaszewski specializes in emerging technology and its application to business. His primary focus has been developing trust models to enable new and disruptive technologies and businesses to thrive. In the "Information Age", management needs to have good advice and counsel on how to protect the capital asset which heretofore has been left to the IT specialists - its data.

John's expertise in the understanding of a company's data protection and management needs provide a specialized point of view which allows for holistic solutions. A good answer should always solve at least three problems.

John has been a co-author of several information security and privacy publications, including the PKI Assessment Guidelines and Privacy, Security and Information Management: An Overview; as well as publishing scholarly works of his own on the topic. He has also provided input to the drafting of various security and privacy laws around the world; including the APEC Cross-Border Privacy Rules system. He is a frequent speaker globally on the topics of cloud computing, Self Regulatory Organizations (“SROs”), cross-border privacy schemes, and secure e-commerce.

On March 1–2, 2018, five Seyfarth attorneys will be attending the American Intellectual Property Law Association’s annual Trade Secret Law Summit in San Diego, California, one of the preeminent events for trade secret practitioners in the nation. Erik Weibust is on the planning committee for the Summit and will be moderating a panel entitled “The Ethics of Law Firm Cybersecurity,”
Continue Reading Seyfarth Takes The 2018 AIPLA Trade Secret Law Summit By Storm

shutterstock_183065225We are pleased to announce the webinar “Employee Social Networking: Protecting Your Trade Secrets in Social Media” is now available as a podcast and webinar recording.

In Seyfarth’s fourth installment of its 2015 Trade Secrets Webinar series, Seyfarth attorneys addressed the relationship between trade secrets, social media, and privacy.

As a conclusion to this well-received webinar, we compiled a
Continue Reading Webinar Recap! Employee Social Networking: Protecting Your Trade Secrets in Social Media

WebinarOn Thursday, May 28, 2015 at 12:00 p.m. Central, in the fourth installment of our 2015 Trade Secret Webinars, Seyfarth attorneys John Tomaszewski, Eric Barton and Joshua Salinas will address the relationship between trade secrets, social media, and privacy.

The Seyfarth panel will specifically address the following topics:

  • Defining, understanding, and protecting trade secrets in social media, including a deeper


Continue Reading Employee Social Networking: Protecting Your Trade Secrets in Social Media Webinar

With the FTC’s 2015 report “Internet of Things: Privacy & Security in a Connected World” (“Report”) the idea that more than just computers and phones are able to connect to the Internet. In fact, the Report states that the “IoT explosion is already around us.” This is true, and the Report goes on to describe some
Continue Reading How Far Does the “Internet of Things” Reach?

Cross Posted from Global Privacy Watch

The plethora of security incidents in the news have once again put security front and center of the international agenda. Predictably, this has triggered a number of responses from governments around the world. Some of these responses seem to have been ill-considered. However, one of the more comprehensive responses came out of the
Continue Reading Privacy & Security Are Back on the Agenda in DC

The security breach news cycle continues. There remains a deluge of news stories about point-of-sale terminals being compromised, the ease of magnetic stripes being cloned, and the need for Chip and PIN technology being deployed on credit cards. The legal ramifications of all these events is just starting to become apparent – and it’s complicated. Individual liability is beginning to
Continue Reading Security Breach Liability – Its Complicated

While the Supreme Court has taken some heat in the past for seeming to misunderstand technology and how it impacts the normal person’s life, with Riley v. California the Court demonstrated not only an unexpected fluency with how mobile phone technology has evolved, but also with how it has caused our daily sphere of privacy expectations to evolve. Just like
Continue Reading John Tomaszewski Explains the Supreme Court’s Riley v. California Decision and What It Means for Consumer Privacy Going Forward

Cross Posted from Global Privacy Watch

The White House released a set of reports this month on Big Data and the privacy implications of Big Data. While a number of folks have been discussing the President’s Council of Advisors on Science & Technology (“PCAST”) report, I would offer that the Office of Science and Technology Policy (“OSTP”) report needs to be read in conjunction with the PCAST report. They do two different things. One is a report on the technical state of affairs, and the other is more of a policy direction piece, which is driven by the technologically-oriented findings. Various points-of-view have been put forth as to the relative merits of each report, but there seems to be an important element missing from both reports. Both reports discuss the need for policy decisions to be based on context and on desired outcomes. Unfortunately, neither report really gives a good taxonomy around the informatics ecosystem to allow for a clear path forward on “context” and “desired outcomes”. What I mean by this is best summed up in the comment in the PCAST report which states: “In this report, PCAST usually does not distinguish between “data” and “information”.”. “Data” and “Information” are very different things, and one really can’t have a coherent policy discussion unless the distinction between the two is recognized and managed.
Continue Reading Talking About Big Data: A Framework

Much has been written about Heartbleed and the significant impact it has on the security infrastructure of the internet. Articles and blog postings have taken both the “sky is falling” and “it’s not so bad” points of view. However, there is a more fundamental issue which has raised its ugly head – is the use of open source “commercially reasonable” in a security framework?
Continue Reading Heartache from Heartbleed – The Security of Open Source

Cross-Posted from The Global Privacy Watch

With all the high-profile cybersecurity breaches that seem to be in the news lately, there is a plethora of “guidance” on cybersecurity. The Attorney General of California has decided to add to this library of guidance with her “Cybersecurity in the Golden State” offering. Cybersecurity is a pretty mature knowledge domain, so I am not quite sure why General Harris has determined that there needs to be additional guidance put in place. However, it is a good reminder of the things that regulators will look for when assessing whether or not “reasonable security” was implemented in the aftermath of a breach. And while there isn’t anything new in the guidance, what is informative is what is not there.
Continue Reading California Attorney General Provides Some Guidance on Cybersecurity