Privacy & Cybersecurity

A year ago, privacy and data security issues in the media were all about credit cards and identity theft. Concerns about privacy related to location data were, at least among the general public and Congress, somewhere in a galaxy far far away.  

As privacy and data security gain more visibility among policy-makers, questions of federal agency authority and jurisdiction are also gaining a higher profile.

With the holiday season in full swing, many of us are struggling with that age-old question: "what do you get for the person who has everything?" Well, if that person happens to be your supreme leader, the answer may very well be "a massive download of electronic dirty laundry on their sworn enemy".

There are five significant new privacy laws/amendments that will be effective as of New Year's Day -- January 1, 2015 -- and four are from California. Pull up a chair, brew that cup of tea. It's time to review and prepare.

As the holiday season slips into the rear view mirror, another season looms large for public companies ---- proxy season. Adding to the ever-growing chorus of demands for increased transparency by public companies on cybersecurity and privacy matters, institutional shareholders have recently begun to contribute their own distinctive voices to the discussion.

“Trying to predict the future is a mug’s game.” Douglas Adams, The Salmon of Doubt: Hitchhiking the Galaxy One Last Time.
For the Second Day of Privacy, we boldly go where no self-respecting trial lawyer ever wants to go – to the future.

If your company doesn’t have an office in the EU, but collects or receives personal data from the EU in the course of running its business, it can be a bit tricky to determine whether or not EU Data Protection laws apply to you. 

Rather than look back at 2014, starting tomorrow, the Privacy & Security blog will count down The 12 Days of Privacy, looking ahead to what we might expect in 2015 and what we might be talking about in the year to come.

On November 7, the Small Business Administration (SBA) released an advanced notice of Policy Directive amendments and a request for comment on revisions to Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) policy.

Federal District Judge Paul Magnuson has ruled that banks that issued credit and debit cards to customers whose data was stolen in the December 2013 Target data breach could continue to litigate claims against Target for negligence and violation of Minnesota’s Plastic Security Card Act (“MPCSA”), Minn. Stat. § 325E.64. 

The Google Spain decision (discussed here) held that a search engine with advertising activities in Europe (directly or through a subsidiary) must delete search results that link to personal information that the person in question thinks is no longer “relevant.” 

Big Data can slice and dice just about anything. Big data analytics company, Datawatch, has created two fun demos using turkey and Thanksgiving dinner data.

Corrective action taken by Verizon Communications to fix security issues with its FiOS and DSL routers resulted in the FTC closing its investigation to determine whether Verizon's distribution of the routers was an unfair or deceptive practice.

This week, the HHS Office of Civil Rights (OCR) issued a bulletin (Bulletin) to remind covered entities and business associates that “the protections of the Privacy Rule are not set aside during an emergency.” 

Welcome to Privacy Monday - here are five privacy & security bits and bytes to start your week:
1)  California AG's Data Breach Report: Who Is Handling Your Patients' Confidential Health Information?

A rule to require federal contactors handling personally identifiable information to train their employees in safeguarding the information is close to release.

Substantive litigation in the flood of lawsuits concerning the recent Home Depot data breach awaits a determination of where the cases will be heard.  Numerous overlapping lawsuits have been filed in courts throughout the United States asserting claims on behalf of consumers and financial institutions arising from the massive theft of credit card data that was confirmed by Home Depot in September.

A federal district court in New Jersey has dismissed with prejudice a shareholder derivative suit, Palkon v. Holmes, No. 14-CV-01234 (SRC) (D.N.J.), that tried to blame the directors and officers at hospitality company Wyndham Worldwide Corporation (“Wyndham”) for a series of data breaches.

In past posts we’ve taken a close look at the Framework for Improving Critical Infrastructure Cybersecurity put forth by the National Institute of Standards and Technology (NIST), exploring its wide-ranging implications for companies across a number of different industries.

October is National Cyber Security Awareness Month. This is an opportunity to remind employees (and yourselves) about how to keep corporate networks and their own cyber lives secure.