Data Security Personally Identifiable Information

News & Analysis as of

FTC Gives Words of Warning to the Wise

The Federal Trade Commission has issued new guidance on data security to help businesses that collect, store and use consumer information to stay out of hot water with the agency. Gleaned from the more than 50...more

Indonesia publishes data protection rule aimed at government agencies

On 14 July 2015, the Indonesian government published the Draft Regulation of the Minister of Communication and Information (RPM) of the Protection of Personal Data in Electronic Systems (‘Draft Regulation’). Pursuant to...more

Systema Software exposes information of 1.5 million on Amazon Web Service

Systema Software, which provides software solutions for claims management, is investigating a breach (although it was discovered, accessed and confirmed by an independent third party) involving information of 1.5 million...more

Comment period extended for NIST Cybersecurity Practice Guide

The National Institute of Standards and Technology has announced that due to stakeholder feed-back, the period to submit comments for the draft guide, “Securing Electronic Health Records on Mobile Devices” has been extended...more

SEC brings first cybersecurity-related enforcement action

The Securities and Exchange Commission (“SEC”) recently settled its first cybersecurity-related enforcement action against a Missouri based registered investment adviser, R.T. Jones Capital Equities Management, Inc. (the ...more

Cybersecurity + Law Enforcement: The Cutting Edge Symposium | Friday, OctobeWU Law | Bristol,r 16, 2015 R Rhode Island

Cybersecurity, encryption, and government surveillance are daily challenges for public officials, corporations, and lawyers. On October 16, the Roger Williams University School of Law will present Cybersecurity and Law...more

A Compilation of Enforcement and Non-Enforcement Actions

Non-Enforcement Cybersecurity Is At the Top of SEC Examination Concerns In a recent SEC “risk alert” for registered broker-dealers and investment advisers, the SEC’s Office of Compliance Inspections and Examinations (OCIE)...more

What is reasonable? The emerging legalities of cybersecurity post-Wyndham

This month’s edition of the Advanced Cyber Security Center’s newletter includes my discussion of lessons to be learned from the Wyndham decision: Historically, security was an issue reserved in a back room for the IT...more

Notifying Parties In Username/Password Breaches . . . It’s Not Just the Law

As we head into the end of 2015, state legislators across the country continue to strengthen, update and, in some instances, broaden the scope of their respective state data breach notification laws. Specifically, many...more

FTC Fines Can Add Salt to a Cybersecurity Wound

Cyberattacks are on the rise—so much that we seem to hear about a high-profile hack more often than it probably rains in most parts of California. Although reputational damage from a cyberattack can be scarring, a recent U.S....more

The Legal Lessons of Data Breaches

Every business would love to find a fortune teller to give it insight into what trends to follow, which risks to take, and when “exposure” will convert to liability. Some clients might say that, unfortunately, their lawyers...more

SEC Penalizes Investment Adviser over Inadequate Cyber-Risk Program Prior to Data Breach

On September 22, the SEC ordered a Missouri-based investment adviser to pay a $75,000 penalty, settling allegations that the investment adviser failed to implement required written cybersecurity policies and procedures prior...more

Uncertainty for the U.S.-EU Safe Harbor Intensified by Non-Binding Recommendation for EU High Court Advisor

In a non-binding opinion issued on September 23, 2015, an Advocate General for the European Court of Justice (“ECJ”) recommended that the ECJ suspend the U.S.-EU Safe Harbor program (“Safe Harbor”) and reexamine whether the...more

The Russian Data Protection Authority, Roskomnadzor, Enforces New Russian Data Localization Law

On September 9, 2015, the Federal Service for Supervision of Communications, Information Technology and Mass Communications (the “Roskomnadzor”) reported on its website that it blocked an extensive online database of more...more

Who is Stealing Your Trade Secrets? An Overview of Key Threats

Every company has trade secrets – for some, they may be special manufacturing processes, for other organizations, trade secrets could include product formulae, customer lists, software code or marketing strategies. The more...more

Judicial Redress Act Advances

In what may prove to be a major step forward in US-EU privacy relations, the House Judicial Committee approved H.R. 1428, the Judicial Redress Act of 2015, on September 16. If enacted, the bill would allow citizens of...more

The SEC OCIE Announces Increased Scrutiny of Broker-Dealers’ and Investment Advisers’ Cybersecurity Programs

On September 15, 2015, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a National Exam Program Risk Alert (2015 Risk Alert) to provide broker-dealers and investment...more

Investment Adviser Settles SEC Charges After Data Breach

Last week, the Securities and Exchange Commission (SEC) settled charges against a registered investment adviser for failing to comply with Rule 30(a) of Regulation S-P (17 C.F.R. § 248.30(a)) (“Safeguards Rule”). The...more

The SEC Charges Investment Adviser with Violating Regulation S-P by Failing to Adopt Cybersecurity Policies and Procedures

In recent years, the SEC has been focused on cybersecurity. It has issued risk alerts, conducted examinations and provided guidance about what the agency sees as widespread weaknesses in many policies and procedures to...more

SEC Sanctions Investment Adviser Under the Safeguards Rule

The Securities and Exchange Commission (“SEC”) has sanctioned an investment adviser and fined it $75,000 for failing to “adopt written policies and procedures reasonably designed to protect customer records and information.”...more

Delaware Enacts Package of Internet Data Laws

Joining the collection of states with online privacy laws, Delaware has enacted a package of statutes governing the collection, storage and use of the personal information of Delaware residents by websites, Internet and cloud...more

EU Court: Advocate General Opinion Finds Commission’s Safe Harbor Decision Invalid

The EU-US Safe Harbor Program, facilitating the exchange of personal data between the EU and the US, has been in the limelight in recent years as it is facing challenges that may shake the very core of its existence. In...more

Weekly Privacy Tip#2 – Protecting your (and your employees’ and customers’) Social Security numbers

Social Security numbers are one of the highest risk data elements known to mankind. A Social Security number in combination with a name and date of birth (which are publicly accessible) in the hands of a bad person can...more

SEC Charges Investment Adviser With Failure to Adopt Proper Cybersecurity Policies and Procedures

A registered investment adviser agreed to settle SEC charges that it failed to adopt adequate cybersecurity policies and procedures reasonably designed to protect customer records and information as required by Rule 30(a) of...more

SEC Announces Cybersecurity Enforcement Action

On September 22, 2015, the Securities and Exchange Commission (SEC) announced the settlement of an enforcement action against a St. Louis-based registered investment adviser (Adviser) brought under Rule 30(a) of Regulation...more

145 Results
View per page
Page: of 6

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.