Privacy & Cybersecurity

As the summer winds down, we find that privacy and security issues remain at the top of mind for companies, hackers, and regulators alike.

Yesterday, the FTC published a Federal Register notice requesting public comment on the first new method for obtaining verifiable parental consent submitted for FTC approval by AssertID, Inc under the Voluntary Commission Approval Process provision of the COPPA Rule.

After a brief August hiatus, Privacy Monday is back with privacy goofs, gaffes and tidbits to start your week.

We've sounded warnings about the lowly copy machine before. The proliferation of digital devices in the workplace means that data security must extend beyond computer networks and laptops. Seemingly old fashioned equipment, such as copiers, can hide sensitive legally-protected data.

What did you do over your summer vacation? Yes, the sad truth is that summer is almost over. You can tell because there wasn’t a single superhero movie that opened at the box office last weekend (no, Smurfs2 does not count) and because the California Senate is preparing to reconvene from its summer recess.

Last week an Oregon jury awarded an individual plaintiff over $18 million in compensatory and punitive damages in what some sources have reported to be the first jury verdict in a case brought under the Fair Credit Reporting Act (“FCRA”), 15 U.S.C. § 1681a(c). 

The California ballot measure process permits any California voter to propose a ballot initiative to the state’s Attorney General which, if enough signatures are gathered, will then appear on state-wide ballot for approval at the next election.

It appears that Wyndham Hotel & Resorts LLC (“Wyndham”) has received reinforcements in its defense against the Federal Trade Commission’s (the “FTC”) case. A federal judge has agreed to allow the U.S. Chamber of Commerce and several other organizations to file an amicus curiae brief in support of dismissing the FTC’s case against Wyndham.

Just before the Labor Day holiday, the Federal Trade Commission issued a press release announcing its complaint against LabMD, Inc., a company that performs medical testing for consumers around the country. The complaint alleges that the company did not take reasonable measures to protect the security of consumers’ personal data. 

The "hits" to data bases, in any event. Here is a rundown of some of the most recent data breach reports --
Oregon Health & Science University Data Breach Compromises 3,000 Patients’ Records in the Cloud.

Ever since our 2013 prediction, an ever increasing number of public companies are adding disclosure related to cybersecurity and data breach risks to their public filings. We previously analyzed how the nation’s largest banks have begun disclosing their cybersecurity risks. 

Aiming to “address the real privacy and security risks that consumers face when telecommunications carriers use their control of customers’ mobile devices to collect information about their customers’ use of the network,” the Federal Communications Commission (FCC) has adopted a Declaratory Ruling holding that the existing rules requiring carriers to protect customer proprietary network information (CPNI) apply to CPNI collected by mobile devices when such collection is undertaken at the carrier’s direction and the carrier has access to or control over that information.

The latest in a series of National Institute of Standards and Technology (“NIST”) publications is the Guidelines for Managing the Security of Mobile Devices in the Enterprise (the “Guidelines”), a comprehensive document to help federal agencies manage and secure mobile devices such as smart phones and tablets used by their employees for government business (whether organization-provided or personally-owned) against a variety of threats.

Californians are a diverse bunch (as you’ve probably gathered from those commercials with Arnold Schwarzenegger), but apparently there is something that 2.5 million of us all have in common. California Attorney General Kamala Harris has released a first-of-its-kind data breach report  that includes statistics, recommendations and assessments based on breaches that were reported to the Attorney General’s office during the 2012 calendar year.

What Is COPPA?
Children’s Online Privacy Protection Act, enacted by Congress in 1998

Welcome to a new feature of Privacy & Security Matters -- Privacy Monday.
We will start your week with a fresh collection of privacy tidbits, goofs and gaffes.

In its recent decision in Harris v. comScore, Inc., the Seventh Circuit declined to review a trial court order certifying a plaintiff class consisting of hundreds of thousands of computer owners who downloaded software that permitted comScore, Inc. to track internet traffic and usage.

The National Institute of Standards and Technology (“NIST”)1 has released the fourth revision of its standard-setting computer security guide, Special Publication 800-53 titled Security and Privacy Controls for Federal Information Systems and Organizations2 (“SP 800-53 Revision 4”), and this marks a very important release in the world of data privacy controls and standards.

California Attorney General Kamala Harris’ attempt to bring an enforcement action against Delta Air Lines won’t be leaving the runway. California Superior Court Judge Marla J. Miller has dismissed a data privacy complaint against Delta brought by Attorney General Harris.

California Attorney General Kamala Harris’ attempt to bring an enforcement action against Delta Air Lines, Inc. won’t be leaving the runway. California Superior Court Judge Marla J. Miller has dismissed a data privacy complaint against Delta brought by Attorney General Harris.