Privacy & Cybersecurity

It's Privacy Monday again - and summer is winding down.
Here are three bytes of privacy/security information to start your week:

As EU data protection watchers know, the draft General Data Protection Regulation (which has been around long enough to be universally referred to by its acronym, GDPR) exists in three major versions, with a fourth version recently released by the office of the European Data Protection Supervisor (EDPS).

Retailer Neiman Marcus has filed a petition seeking en banc review by the entire Seventh Circuit of the decision by a three-judge panel of that court in Remijas v. Neiman Marcus Group, LLC reversing dismissal of consumer data breach claims for lack of standing.  

Many of the highest-profile and headline-catching data breaches involve external breaches of a company’s electronic systems. But the reality that these headlines obscure is the fact that internal data breaches are generally more prevalent and represent a primary source of concern for data security managers.

It's the first Monday in August ... and time for all those "back to school" ads.
While you enjoy what is left of the summer of 2015, we will kick off your week with a few privacy and security bits and bytes.

In yet another data breach affecting millions of individuals, UCLA Health System (“UCLA”) reported on Friday - July 17, 2015 - that hackers had accessed portions of its health network that contained personal information, including names, addresses, dates of birth, social security numbers, medical record numbers, Medicare or health plan ID numbers, and some medical information (including medical conditions, medications, procedures, and test results).

In Remijas v. Neiman Marcus Group, LLC, the Seventh Circuit reversed a district court decision dismissing consumer payment card data breach claims for lack of standing. 

We previously reported here that CNA filed a lawsuit against its insured Cottage Health System seeking reimbursement of amounts that it previously paid under Cottage’s cyber liability insurance policy.  

It's Monday! Once again, data breaches and hacks are front and center, so here are three stories you should know about to start your week.

Welcome to the dog days of summer 2015. Three privacy & security bits and bytes to start your week (if you are reading this on vacation ... good for you!)

In its recently-filed motion to dismiss claims of card-issuing banks arising from the September 2014 theft of payment card data from Home Depot point of sale terminals, Home Depot employs an approach typically used to respond to consumer claims.

Facing “industry stakeholders [that] were unable to agree on any concrete scenario” in which affirmative consent should be obtained from individuals before employing facial recognition technologies, nine consumer advocacy organizations made an about-face and withdrew from the multistakeholder process coordinated by the National Telecommunications and Information Administration (“NTIA”).

Don’t forget to register for our upcoming webinar discussion with an expert panel on Risk Assessments!

The first Privacy Monday of the summer!
It's appropriate that the "boys of summer" feature prominently in today's post.

California again has provided a model of privacy legislation for other states to follow. New Hampshire Governor Maggie Hassan recently signed into law House Bill 520 (the “Bill”), a bipartisan effort to establish guidelines for the protection of student online personal information.

In the absence of any meaningful moves in Congress to enact uniform data breach notification, the states continue to make adjustments to existing laws to better protect affected residents in their states.

The news continues to pour in about the two-part massive hack into the federal government's Office of Personnel Management (OPM) and the compromise of personal information of millions of present and former federal employees.

As an update to our blog post, "Data Breach Affects Millions of Current and Former Government Workers", a union representing federal workers is now claiming that the hack may be worse than originally feared.

Register now for our June Wednesday Webinar. This webinar, the sixth in our Privacy series, will address risk assessment best practices and data breach readiness. A risk assessment is the foundational step in the development of a comprehensive privacy and security program for your company.

The Commerce Department's export control agency, BIS, has proposed a new rule to control exports of equipment and software designed or modified to perform network intrusion and internet protocol communications surveillance.