Privacy & Cybersecurity

My colleague, Martha Zackin, has published a more extensive discussion of the issues before the U.S. Supreme Court in the Quan case --

During the holiday season, many organizations are soliciting donations of old cell phones to be repurposed. This is an excellent way to "reuse, reduce, and recycle" and puts those useless (to you) items to use in a positive way, but please remember -- important and private data reside in your cell phone's internal memory, even if your phone has a removable SIM card.

As we first blogged here, hours before the last Red Flags enforcement deadline, a federal court judge in the D.C. Circuit ruled from the bench that attorneys would not be subject to the Red Flags Rule. The court released Judge Walton's written opinion was released on December 1, 2009, which provides clarification of his comments from the bench.

A Cook County, Illinois jury recently awarded $1.8 million dollars to Kathy Lawlor, who claimed that her former employer, North American Corp. of Illinois, violated her privacy rights by hiring a private investigator who fraudulently obtained her telephone records through the use of “pretexting” – or by pretending to be Lawlor herself.

Nearly 10 months after disclosing a months-long data breach that affected millions of consumers, the financial impact of the Heartland data breach continues to unfold.

Wired.com reports on a possible breach at -- of all places -- the National Archives and Records Administration (NARA) that, if verified, could affect tens of millions of records about U.S. military veterans.

My colleagues over at the Employment Matters blog report on an interesting decision drawing attention to the need for clear and explicit policies regarding "acceptable use" of computers and company information and the absolute necessity to terminate access once an employee or contractor is terminated.

A recent decision by the Maine Supreme Court highlights the tension between an employee's reasonable expectation of privacy in conducting personal business through a company's computer system and the individual's right to prevent the company's publishing of such material.

Just released - proposed amendments to the Massachusetts data security regulations -- and a three-month extension of time to comply. Stay tuned for a full analysis.

Just some nuggets to wrap up the week:

The Associated Press reports that American Express has notified some card-holders that their information may have been compromised. According to an American Express spokesperson, the breach resulted from an employee’s recent theft of data.

Maine Governor John Baldacci has signed a sweeping new law called "An Act to Prevent Predatory Marketing Practices to Minors." While that is a laudatory effort and responsible marketers would not want to be predatory, it is not difficult to see this law as overreaching.

Much as it is with general federal privacy legislation, nature abhors a vacuum, and the states take up the "hot potato."

Reports today are indicating that several South Korean Web sites have been attacked again. Several officials have voiced speculation that North Korea was behind both today's denial of service attacks and last week's wave of outages that hit sites in both the U.S. and South Korea. No comment from Pyongyang.

Bad news if you were a frequent flyer who ponied up the $199 annual fee to participate in Verified Identity Pass, Inc.'s registered traveler program, branded as "Clear." Last night, the company announced that it was "unable to negotiate an agreement with its senior creditor" and shut down. Membership fees will not be refunded.

In the run-up to the enforcement deadline for the Identity Theft Red Flag Rule (August 1, 2009 - more on that in another post), enforcement of the Gramm-Leach-Bliley Privacy Rule and Safeguards Rule has not been forgotten by the Federal Trade Commission.