Data Security

News & Analysis as of

Receiving Data from Europe: The EU-US Privacy Shield

The European Union ("EU") recently announced that the new EU-US Privacy Shield Agreement ("Privacy Shield") is adequate to meet EU data privacy requirements and allow for the transfer of personal data from the EU to the US in...more

FTC Overturns ALJ’s LabMD Decision and Reasserts its Role as a Data Security Enforcer

On July 29, 2016, the Federal Trade Commission (“FTC” or “Commission”) reversed an FTC administrative law judge’s (“ALJ”) opinion which had ruled against the FTC, finding that the Commission had failed to show that LabMD’s...more

California Legislature Nearing Final Debate of Biometric and Geolocation Data Security Bill

With the session ending on August 31st, the California legislature is debating a bill (AB 83) that would expand data security requirements for businesses that maintain personal information of California residents to include,...more

NAIC Exposes Second Draft of Insurance Data Security Model Law

On August 17, 2016, the National Association of Insurance Commissioners’ Cybersecurity Task Force of the Executive Committee exposed for comment the second draft of the Insurance Data Security Model Act. The second exposure...more

Latest Data Breach Settlement Illustrates Need for Companies to Prioritize Cybersecurity

On Aug. 5, 2016, the New York attorney general, Eric Schneiderman, announced a $100,000 settlement with an e-retailer following an investigation of a data breach that resulted in the potential exposure of more than 25,000...more

New York A.G. Announces $100k Settlement Over Data Breach

On August 5, New York Attorney General Eric T. Schneiderman announced a settlement with Provision Supply, LLC d/b/a EZcontactsUSA.com, imposing $100,000 in penalties and ongoing obligations to maintain certain security...more

The Digital Download - Alston & Bird’s Privacy & Data Security Newsletter – August 2016

General Data Protection Regulation (GDPR) Published, Commencing Two-Year Countdown to Application. One of the most important EU legislative initiatives in recent years, and a landmark in privacy regulation worldwide, the GDPR...more

Now is a Good Time to Review Your HIPAA Policies

The HHS Office for Civil Rights (OCR) has announced it is increasing its investigations of breaches of unsecured protected health information (PHI) affecting fewer than 500 individuals. As a reminder, the HIPAA Breach...more

FTC Finds Laboratory Security Practices Caused Consumer Harm

On July 28, 2016, a panel (the “FTC Panel”) of three acting Federal Trade Commission (“FTC”) commissioners issued an opinion that found that LabMD, Inc. (“LabMD”) failed to implement reasonable security measures to protect...more

$2.75 Million OCR Settlement Underscores the Importance of Risk Management and Analysis

How the theft of a single password-protected laptop turned into an enterprise-wide review of an organization’s data protection practices. Following the announcement of a recent settlement between the U.S. Department of...more

Unanimous FTC Finds LabMD’s Data Security Practices Violated Section 5 of the FTC Act

On July 29, 2016, a unanimous Federal Trade Commission (“FTC” or “Commission”) issued its Opinion and Final Order reversing the decision of an administrative law judge (“ALJ”) and holding that LabMD engaged in “unfair”...more

SaaS Adoption Continues to Rise Despite Security Concerns

Software as a Service (SaaS) adoption has continued to climb with each passing year. Major contributors to this have been ease of deployment, improved productivity and lower cost of ownership. Furthermore, organizations have...more

Best Practices to Thwart Hackers Using Email to Get Your Money

Not a week goes by without some news report of another hacking incident. The industries targeted include large retail stores, restaurants, banks, attorneys, accountants and recently in Maryland, a title company. In...more

Employment Law Navigator – Week in Review: August 2016 #3

Last week, Vanity Fair reported that the ongoing settlement talks between Gretchen Carlson and Roger Ailes may contemplate a settlement payment in the eight-figure range as more and more women claim sexual harassment by the...more

Researchers say Chip-based Credit Cards aren’t as Secure as we Thought

Payment technology company, NCR Corporation (NCR), determined last week that the new chip-based credit card technology isn’t as secure as we thought. The technology behind these chip cards that is supposed to make them more...more

Online Contacts and Eyewear Retailer Pays $100,000 Penalty to New York AG for Security Failures

Online retailer Provision Supply LLC (Provision Supply) (operator of EZContactsUSA.com which sells contacts and eye glasses) settled with the New York attorney general last week for its failure to notify its web customers of...more

Got Data? Actual Harm Not Required for FTC Enforcement Action for Lax Security Measures

While much of Washington, D.C. is enjoying the slow and hazy days of summer, the Federal Trade Commission (FTC) is staying busy solidifying its presence as the go-to authority for data security. Most recently, on July 29,...more

Lessons for Businesses from FTC’s Opinion on LabMD’s Data Security Practices

The Federal Trade Commission (FTC) has issued an Opinion and Final Order finding that the data security practices of LabMD, Inc. were unreasonable, and therefore constituted an unfair act or practice in violation of Section 5...more

LastPass Security Vulnerabilities Discovered

Passwords have always been a challenge. It is hard to remember them, and you are not supposed to use the same password across different platforms. Several companies, including LastPass, have tried to help consumers with...more

The FTC Rules Against LabMD in On-Going Data Security Case

The lengthy saga between the Federal Trade Commission (FTC) and LabMD, Inc. reached another turning point on July 28, 2016. The FTC issued its unanimous Opinion in which it found that LabMD’s data security practices were...more

Pokémon GO Exposes Risks of Bring-Your-Own-Device (BYOD) Policies

There’s no denying it: Pokémon GO is a phenomenon. The smartphone game, in which players use their mobile device camera and GPS to capture, battle, and train virtual creatures, was released in the United States on July...more

Record-Breaking HIPAA Settlement Sends Strong Message to Covered Entities

This month marked the largest HIPAA settlement to-date for a single entity. Advocate Health Care Network (“Advocate”) agreed to pay $5.5 million and adopt a corrective action plan after an investigation by the Department of...more

White House Directive Outlines Who to Call for Help with a Cyber Incident

Last week, the White House issued a new directive that outlines how the government handles significant cyber incidents, which gives the public information on which agency to call in the event of a cyber incident. We often get...more

Privacy Tip #47 – Safety Tips for Using Twitter When Anonymity is Crucial to Your Safety

My Facebook account got hacked, so I am no longer on Facebook. LinkedIn was also hacked and users were told to reset their passwords, which I did immediately. I don’t use Twitter, because it’s just another way to get hacked,...more

UK Financial Conduct Authority—Regulated Firms Can Go to the Cloud

July 7, 2016, saw the UK’s Financial Conduct Authority (FCA) publish fresh guidance in order to clarify the requirements which apply to the financial services firms it regulates when outsourcing to the cloud. When the FCA...more

968 Results
|
View per page
Page: of 39
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×