Privacy & Cybersecurity

When you think of catastrophic events that take place online and have a devastating effect on millions of people, you probably think of HBO Go crashing during the True Detective finale. However, California Attorney General Kamala Harris wants to remind you that you should be thinking about data breaches. 

NIST Framework: How to Best Mitigate Cyber Risk for Your Organization The National Institute of Standards and Technology (NIST) last month released its final Cybersecurity Framework.

There’s been a lot of talk about big data over the last few years and the breaches at Target and Neiman Marcus have many companies running in circles trying to figure out how to protect their systems and their data. So what are some of the big issues in our current technology landscape?

After Target Corporation’s (NYSE: TGT) net earnings dropped 46% in its fourth quarter compared to the same period last year, Target finally answered the 441 million dollar question – To 8-K, or not to 8-K? Target filed its much anticipated Current Report on Form 8-K on February 26th, just over two months after it discovered its massive data breach.

Officials at the University of Maryland (“University” or “UMD”) announced that UMD was the victim of a significant security breach that took place on Tuesday, February 18 (the “Breach” or “Incident”).

The Children’s Advertising Review Unit (CARU) announced that it has recommended that HarperCollins Publishers Ltd. (the “Company”) modify its information collection practices on its Ruby Redfort child-directed website (the “Site”) to better protect the privacy of children under 13  (“Children”) and that the  Company has agreed to do so.

The FTC has announced its unanimous approval for the kidSAFE Seal Program proposed by Samet Privacy, LLC under the “safe harbor” provision of the COPPA Rule (the “kidSAFE Seal Program”). The Commission’s decision comes after an extended public comment period due to the agency’s shutdown last year. 

In the wake of the recent massive data breaches suffered by Target and Neiman Marcus, many banks and retailers have renewed the call for a change in the way that consumers in the United States pay for goods and services.

The release yesterday of the Framework for Improving Critical Infrastructure Cybersecurity by the National Institute of Standards and Technology caps a year-long effort by NIST to find an industry consensus for assessing and improving the cybersecurity of the nation's privately-owned critical infrastructure.

The California Senate has passed a bill restricting the information that certain online retailers can collect in connection with consumer purchases. Senate Bill 383 would amend Sections 1747.02 and 1747.08 of the California Civil Code to address the collection of customer information in connection with credit card purchases in online transactions for downloadable products. 

Data privacy legislation has been introduced regularly, but has yet to pass, could this be the year? The recent breaches at Target and Neiman Marcus have drawn national attention and may be the impetus needed to pass the legislation.

The Department of Defense and the General Services Administration, which together spend more than $500 billion annually on information technology, have released a joint report to the White House recommending steps to upgrade the cybersecurity requirements of acquisitions of information technology and services throughout the federal government. 

In the latest chapter in the Sony PlayStation Network (“PSN”) data breach saga, a decision that issued on January 21, 2014 permanently dismissed all but a handful of the class action claims advanced in a 51 count complaint. 

The US CAN-SPAM Act is old hat for marketers in the US. But it is time to revisit email marketing compliance programs if you send email north of the US border. Canada's anti-spam law (known as "CASL") has been debated for years but is finally coming into effect. 

As anyone with a pulse and a computer, television or carrier pigeon knows, Target Corporation (NYSE: TGT) suffered a major data breach in December – the extent of which is still being uncovered – and pegs the latest number of customers that have had their personal information stolen anywhere from 70 to 110 million. 

FTC Chairwoman Edith Ramirez just announced (press conference) that Apple, Inc. (“Apple”) has agreed to provide consumers full refunds of at least  $32.5 Million Dollars to settle the Commission’s complaint alleging that Apple billed consumers millions of dollars in charges incurred by children in purchasing items that costs money within mobile apps for kids (“children’s in-app charges”), without parental consent.

These are busy times in the data privacy/security world.
If Misery Loves Company, Target Has Friends

The Target data breach story keeps getting worse. The December pre-Christmas disclosure was the theft of up to 40 million Target shoppers' credit and debit card information in what appeared to have been a hack of the Target point-of-sale system that allowed the thieves to swipe magnetic card data as customers checked out.

As we predicted in our prior blog post reviewing the key children’s privacy developments of the past year, 2014 is turning out to be the year of enforcement of children’s privacy regulations! The first two requests for investigation under the Amended COPPA Rule have been filed with the FTC by the Center for Digital Democracy (“CDD”), a consumer rights organization.

At the end of 2013, the Federal Financial Institutions Examination Council (FFIEC) became the latest regulator to weigh in on social media and offered their final social media guidance. The proposed regulation was released last January.