Data Protection Data Security

News & Analysis as of

How to Design a Document Retention Policy

Data minimization can be a powerful – and seemingly simple – data security measure. The term refers to retaining the least amount of personal information necessary in order for an organization to function. Less information...more

Tennessee Amends Its Data Breach Notification Laws

Removes the Encryption Safe Harbor, Limits the Timing of Notice, and Expands “Unauthorized Persons” - Effective July 1, 2016, Tennessee becomes the first state to remove the encryption safe harbor from its data breach...more

State AG Privacy Focus Shifting From Retail To More Sensitive Data

On April 6, during a panel discussion at the International Association of Privacy Professionals’ Global Privacy Summit, officials from the Attorney General offices of New York, Illinois and the District of Columbia...more

You’ve Been Notified: Alabama May Join Other States in Enacting Data Breach Notice Law

Forty-seven states and the District of Columbia have laws requiring notice of a data breach to potentially affected individuals. Alabama may soon join the crowd. Bills creating the Alabama Information Protection Act of...more

Why and How Your Business Should Protect Sensitive Customer Data

With the battle over data privacy between Apple and the Department of Justice at the forefront of the news cycle, business owners across the country are likely asking themselves: what responsibilities do I have in protecting...more

[Webinar] Is Your Organization Compromise Ready? - April 20th, 9:00 am PDT

Please join BakerHostetler’s Privacy and Data Protection team for a webinar to cover the results of the 2016 BakerHostetler Data Security Incident Response Report. Trends, top causes for a security breach, and steps you can...more

BakerHostetler Data Security Incident Response Report: Being “Compromise Ready” Better Positions Companies to Respond to Incidents...

On March 30, 2016, we released our second annual Data Security Incident Response Report. The report analyzes data from more than 300 incidents on which the firm advised in 2015. The report looks at causes of incidents,...more

Mobile apps and data protection, the ICO revisits

Given the widespread popularity and quotidian usage of mobile apps, the issue of privacy should not be forgotten. Last year the Information Commissioner’s Office (ICO) conducted a thorough privacy review of 21 popular mobile...more

FCC unveils broadband privacy rules for Internet service providers

We have been waiting for—and the Federal Communications Commission (FCC) delivered—its long anticipated broadband data privacy and security rules on March 10, 2015. Through the proposed rules, the FCC has declared its...more

FTC issues 9 orders for PCI DSS compliance assessment information

The Federal Trade Commission (FTC) issued orders to 9 companies at the beginning of this week, seeking information on how each company conducts Payment Card Industry Data Security Standards (PCI DSS) compliance assessments....more

CFPB’s First Data Security Action; Fines Online Platform Dwolla for Alleged Weak Security Practices

On March 2, the CFPB settled its first data security enforcement action against Iowa-based Dwolla Inc. Launched as a startup in 2009, Dwolla is an online payment platform that enables customers to transfer money directly...more

FTC And ASUS Reach Settlement Over Risk To Consumer Privacy In ASUS-Branded Routers

To date, the U.S. Federal Trade Commission has brought over 60 enforcement actions regarding company data security practices, and 2016 is already no different. On February 23, 2016, the FTC and Taiwanese computer hardware...more

Rhode Island Amends Identity Theft Protection Act

Rhode Island recently amended its 10-year-old Identity Theft Protection Act effective June 26, 2016, further defining and refining existing data security and breach notification requirements, and adding a requirement to...more

Why Are My Competitors Outsourcing IT? Should I?

Many organizations in different markets and industries are outsourcing parts (or all) of their IT functions (including support, development, help desk, data storage and others). Why are they outsourcing? What are the...more

Biometrics Institute issued new privacy guidelines

The Biometrics Institute issued new privacy guidelines for the collection and safeguarding of biometric data, such as fingerprints and iris scans. The guidelines contain 16 principles that should be considered when collecting...more

PCI DSS – What It Is and Why It Is Relevant to Your Business

Increasingly, companies are raising questions about PCI-DSS and its applicability to their businesses. This Legal Alert summarizes the basic aspects of PCI-DSS and its application....more

NIST seeks comments on randomness to protect sensitive information

The National Institute of Standards and Technology (NIST) announced last week that it is seeking comments on its draft publication “Recommendation for the Entropy Sources Used for Random Bit Generation.” What does this mean...more

Federal Trade Commission PrivacyCon 2016 Recap: Insights into the FTC’s Perspective on Privacy and Data Security

The Federal Trade Commission’s PrivacyCon event brings together the FTC, researchers and academics to discuss the latest research and trends related to consumer privacy and data security. Much of the discussion today...more

The Digital Download - Privacy & Data Security Monthly Newsletter - January 2016

Senior Counsel Peter Swire to Debate European Privacy Activist Max Schrems. The debate, set to take place on January 26 in Brussels, will highlight key differences between certain European and U.S. attitudes towards U.S....more

Privacy Tip #14 – Record Destruction: an overwhelming problem

This week’s tip is applicable to both individuals and businesses, and is a headache for both. Lately, it seems that everyone I talk to is lamenting about what a hassle document retention and destruction is, both personally...more

FTC Case Against LabMD Dismissed Due to Lack of Harm

This past Friday the 13th was not a lucky day for the Federal Trade Commission (FTC). An Administrative Law Judge (ALJ) dismissed the FTC’s data security enforcement proceeding against LabMD on the grounds that the FTC failed...more

The Threat From Within

Even as organizations hunker down for a long and expensive siege against attackers from cyberspace, a determined employee with the right kind of access can be as much of a threat, if not more. ...more

FCC Issues First Privacy Enforcement Action Against Cable Operator

In the third privacy-related enforcement action of the year, the FCC Enforcement Bureau entered into a $595,000 settlement with Cox Communications to resolve an investigation into the company’s loss of customer personal data....more

Employment Law Update - November 2015

Coming Changes to Overtime Exemptions Rules Will Have Serious Impact on Employers - The Fair Labor Standards Act ("FLSA") requires that employees be paid minimum wage and overtime pay at a rate of not less than one and...more

NAIC Cybersecurity Task Force Adopts Cybersecurity Bill of Rights

On October 14, 2015, the National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force adopted the Cybersecurity Bill of Rights, a document meant to inform consumers of the services they can expect from...more

346 Results
|
View per page
Page: of 14
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×