Utah, like most U.S. states, has enacted laws concerning data security and steps to take when a data breach occurs. Here is what Utah law provides as codified in Utah Code Ann §§ 13–44–101 et seq. The law has been in effect...more
I. Executive Summary -
The Treasury Department and the IRS are sensitive to the data security problems facing organizations, their employees and their customers and, as a result, have provided some welcomed...more
Earlier this month, the California Attorney General’s Office released the 2016 Data Breach Report covering years 2012 through 2015 for the State of California (the “AG’s Report”). The AG’s Report reveals that 557 data...more
On February 16, 2016, the Department of Homeland Security (DHS) and Department of Justice (DOJ) issued “guidance” to assist federal agencies and non-federal entities in implementing the Cybersecurity Act of 2015. The Act was...more
Earlier this week Apple CEO Tim Cook announced to Apple customers that the company would oppose a federal court order (the “Order”) issued on February 16, 2016 that the company believes “threatens the security of our...more
2/22/2016
/ All Writs Act ,
Apple ,
Data Protection ,
Department of Justice (DOJ) ,
Electronic Frontier Foundation ,
Ex Parte ,
FBI ,
iPhone ,
Motion to Compel ,
Popular ,
Terrorist Acts
Last spring we posted a summary of Nevada’s data security laws. Since then, during the 2015 legislative session, the Nevada legislature adopted certain amendments to the statute. The changes took effect on July 1, 2015....more
Businesses engaged in big data practices should be mindful of a new report issued by the Federal Trade Commission (FTC), in which the FTC serves notice of its intention to monitor areas where big data practices can violate...more
On February 2, 2016, the European Commission announced a last-minute “political agreement” with the United States concerning a new privacy framework for transatlantic data transfers. The accord, called the “EU-U.S. Privacy...more
Good grief. You can’t even trust your phone’s caller ID feature nowadays. Scam artists have learned to manipulate the caller ID function on your phones as part of a ploy to steal your personal information and/or your money....more
Owners of many small unmanned aerial systems (“sUAS” or “drones”) and model airplanes will have to register them with the government. The Federal Aviation Administration announced the requirement in an interim final rule on...more
On November 21, the Federal Aviation Administration’s (FAA) Unmanned Aircraft Systems (UAS) Registration Task Force Aviation Rulemaking Committee (“Task Force”) released its recommendations on registration requirements for...more
Life just got a lot more confusing, complicated and expensive for organizations that transmit personal data to the United States from the European Union (EU) under the frequently-used U.S. – EU Safe Harbor program. Why?...more
10/7/2015
/ Data Protection Authority ,
EU ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
International Data Transfers ,
National Security ,
Personal Data ,
Popular ,
Privacy Policy ,
Safe Harbors ,
Umbrella Agreement ,
US-EU Safe Harbor Framework
As part of the government’s recent clarion call to improve our individual and collective cybersecurity posture, several federal and state agencies have released a variety of guidelines, frameworks, best practices and tips. ...more
9/8/2015
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
FCC ,
Federal Trade Commission (FTC) ,
Hackers ,
National Security Agency (NSA) ,
NIST ,
SBA ,
Securities and Exchange Commission (SEC) ,
Small Business ,
U.S. Commerce Department ,
Websites
In a highly-anticipated decision, the U.S. Court of Appeals for the Third Circuit has ruled in FTC v. Wyndham Worldwide Corporation that the Federal Trade Commission (“FTC”) is authorized to pursue lawsuits against those who...more
8/27/2015
/ Administrative Authority ,
Consumer Information ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC v Wyndham ,
Privacy Policy ,
Unfair or Deceptive Trade Practices ,
Wyndham
A fictional cyber-terrorist weaponizing a medical device by hacking into it has become a familiar plot premise in recent Hollywood dramas. Unfortunately, the risk of harm from medical device hacking has now become an...more
On July 20, 2015, a federal appeals court in Chicago issued what could be a watershed ruling in favor of consumers pursuing class action lawsuits against retailers and other companies following data breaches that involve the...more
7/23/2015
/ Appeals ,
Clapper v. Amnesty International ,
Class Action ,
Corporate Counsel ,
Data Breach ,
Debit and Credit Card Transactions ,
Imminent Harm ,
Injury-in-Fact ,
Neiman Marcus ,
Personally Identifiable Information ,
Popular ,
Retailers ,
Reversal
The European Union (EU), comprised of 28 member states, currently has a patchwork of privacy and data protection laws, based on the EU’s 1995 Data Protection Directive. This mix of laws has led to inconsistent data...more
Like other federal agencies exercising regulatory power in the data privacy and security arena, the Financial Industry Regulatory Authority (“FINRA”) is cracking down on firms that fail to meet required data security...more
In May 2015, the Ponemon Institute released its tenth annual Cost of Data Breach Study, sponsored by IBM. The study sets forth the average calculated cost for each lost or stolen record containing “sensitive and confidential...more
Yes, today is “World Password Day 2015? (#PasswordDay). While it may not have the same panache as Cinco de Mayo, a day devoted to passwords still can be useful, especially for those who use terms like “bieber”, “123456”,...more
On April 28, 2015, the U.S. Securities and Exchange Commission’s Division of Investment Management (the “Division”) issued a Guidance Update to investment and fund advisers on the topic of improving cyber security. While it...more
On 24 March, the Court of Justice for the European Union (CJEU) heard argument on a case that could significantly impact, if not invalidate altogether, the Safe Harbor framework that facilitates the flow of personal data from...more
In Part 1, we covered some basic privacy policy concepts. Here in Part 2, we address three problems associated with privacy policies in practice.
1. You Don’t Have One, But You Really Should -
There is no...more
A privacy policy is a key legal document in this new era of Big/Data/Breaches. When distilled to its essence, a privacy policy is simply “say what you do, and do what you say” with others’ personal information. A growing...more
For many companies, the prospect of a dreadful, costly and reputation-damaging cyber-attack and data breach is all the motivation they need to assess and improve their cyber security and data protection posture RIGHT NOW. ...more