Data Protection

News & Analysis as of

The Uber Playbook: 5 Best Practices for Protecting Data Privacy

The risks are significant if managing sensitive data is not part of a proactive plan—the consequences can include penalties, sanctions and reputational damage....more

“Backoff” Update — More Widespread, PCI Council Issues Call to Action — If You Accept Credit Cards Via Point-of-Sale, You Need to...

Some weeks ago, we wrote a piece “What You Need to Know About Backoff Malware: The New Threat Targeting Retailers” . It’s apparently gotten worse. Any business utilizing point-of-sale (POS) terminals for “swiping” credit...more

New Data Disposal Law in Delaware Requires Action by Impacted Businesses

While the federal government continues its inaction on data security bills pending in Congress, some U.S. states have been busy at work on this issue over the summer. A new Delaware law H.B. 295, signed into law on July 1,...more

HIPAA For Lawyers And Law Firms: What you need to know to prevent your law firm from paying MILLION$

For years now lawyers and law firms providing professional services to health care providers or health insurance plans should have had in place essential safeguards to meet the responsibilities and requirements as business...more

Important Changes to Russian Data Protection Rules

There has been an important development in Russian Data Protection Law. On July 22, 2014 a new law amending the law on data protection and law on information was signed off by the Russian President and thus was...more

When Acting to Prevent Data Breaches and Comply with Privacy Laws, Remember Overarching Employee Rights

The grocery business may be “fresh and easy,” but drafting a confidentiality and data protection policy that withstands the scrutiny of the current National Labor Relations Board (NLRB) is not. The NLRB, in its recent 2-1...more

The Board of Directors and Cybersecurity: Setting up the Right Structure

Security breaches have become a staple of the daily news. A national restaurant chain announced in August 2014, that a payment card processing system breach involved 33 restaurants in 18 states and that the incident lasted...more

OCC Releases Revised Comptroller’s Handbook

On August 20, the OCC released an updated booklet providing guidance to examiners and bankers on assessing and managing the risks associated with merchant processing activities. ...more

Financial Regulatory Developments Focus - August 2014 #4

In this issue: - Derivatives - Bank Prudential Regulation & Regulatory Capital - Consumer Protection - People - Excerpt from Derivatives: Regulators Request FSB to Assist in...more

In Flight Catalog: Senator Rockefeller Opens Inquiry Into Consumer Data Practices by Airlines

Last week, Senator Jay Rockefeller (D-W.Va.) sent a letter to the top ten revenue generating passenger airlines in the United States, opening an inquiry into their practices related to charging additional fees for optional...more

Orrick's Financial Industry Week in Review

Financial Stability Board Publishes Responses to Consultation on Proposed Reforms of the Forex Market - On August 20, the Financial Stability Board (FSB) published responses to its consultation in respect of proposed...more

On whose dime? Court rules California employers must pay employee cell phone expenses

In a world where mobile devices outnumber both personal computers and humans, it’s not surprising that we use our mobile devices for both business and pleasure. In a published opinion sure to wreak havoc with workplace bring...more

Secret Service Raises Warning About Backoff POS Malware

The Secret Service, which investigates financial crimes, issued a security Alert on July 31, 2014, warning of malware named “Backoff” that was being used to steal payment card data from point-of-sale (POS) systems. The Alert...more

Risks of BYOD

Q: BYOD (Bring your own device) is standard for our employees. What, if any, are the risks for BYOD when compared to company-provided devices?...more

Wearable Devices in the Workplace Challenge Data Security and Privacy

Wearable devices, including health and activity monitors, video and audio recorders, location trackers, and other interconnected devices in the form of watches, wristbands, glasses, rings, bracelets, belts, gloves, earrings,...more

We Have Your Data. Pay Up or Else…

You wake on a Tuesday morning expecting to have an average day at work. You are skimming through the emails that came in while you were asleep, when you notice an email from one of your employees. He is not only giving his...more

Delaware Court Finds Password Protection for Electronic Documents Insufficient to Preserve Trade Secrets

Key questions in most trade secret cases are whether information was misappropriated and whether that information qualified as a trade secret in the first place. Under the Uniform Trade Secrets Act’s definition of a trade...more

Week in Review

Significant electronic data breaches made headlines again this week. Supervalu announced that millions of customer credit card numbers were stolen at various stores. ...more

Singapore's first data breach?

The Straits Times reported on 14 August that Singapore’s Personal Data Protection Commission (the “Commission”) is investigating a complaint from a user that Xiaomi has breached the Personal Data Protection Act 2012 (“PDPA”)....more

Russian Hackers Stockpile Over 1 Billion Internet Credentials: Industry Leaders Across All Sectors Likely Impacted

A Russian hacking group reportedly engaged in the largest known cyberattack by amassing over 1.2 billion unique sets of usernames and passwords and 500 million email addresses from more than 420,000 web and FTP sites. The...more

4.5 Million Patients’ Information Stolen by Hackers

Community Health Systems Inc. (“CHS”), a Tennessee-based hospital provider, has reported it was the target of data hackers who were able to obtain identification information belonging to approximately 4.5 million CHS...more

Reasonable Doubt: Data Privacy, Cybersecurity, and the FTC

Today’s cybersecurity environment demands that every business establish effective corporate data privacy and consumer information security systems and practices. But, unfortunately, no single cybersecurity law exits to...more

Community Health Systems' HIPAA Breach: Significant Lessons for Health Care and Non-Health Care Companies

On August 18, 2014, Community Health Systems, Inc. (CHS) publicly confirmed, in a filing with the Securities and Exchange Commission (CHS filing), that its computer network was attacked between April and June 2014 by hackers...more

Google, the House of Lords and the timing of the EU Data Protection Regulation

In the Google Spain “Right to be Forgotten” case, the ECJ held that Google must remove links to a newspaper article containing properly published information about a Spanish individual on the basis that the information is no...more

Director Liability for Cybersecurity Risks

If a corporation is the target of a cyberattack resulting in a data breach, its board may be the target of a shareholder derivative action claiming breach of fiduciary duty. A recent example is Palkon v. Holmes, No....more

1,513 Results
|
View per page
Page: of 61