Data Security Privacy Policy

News & Analysis as of

What is reasonable? The emerging legalities of cybersecurity post-Wyndham

This month’s edition of the Advanced Cyber Security Center’s newletter includes my discussion of lessons to be learned from the Wyndham decision: Historically, security was an issue reserved in a back room for the IT...more

The SEC OCIE Announces Increased Scrutiny of Broker-Dealers’ and Investment Advisers’ Cybersecurity Programs

On September 15, 2015, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a National Exam Program Risk Alert (2015 Risk Alert) to provide broker-dealers and investment...more

Advocate General Of ECJ Rules EU Data Protection Authorities Can Investigate Complaints About Safe Harbor Programme

Data transfers can be suspended until investigation is complete. In Maximillian Schrems v. Data Protection Commissioner (case C-362/14), the Advocate General ruled that EU data protection authorities do have powers to...more

Delaware Enacts Package of Internet Data Laws

Joining the collection of states with online privacy laws, Delaware has enacted a package of statutes governing the collection, storage and use of the personal information of Delaware residents by websites, Internet and cloud...more

Weekly Privacy Tip#2 – Protecting your (and your employees’ and customers’) Social Security numbers

Social Security numbers are one of the highest risk data elements known to mankind. A Social Security number in combination with a name and date of birth (which are publicly accessible) in the hands of a bad person can...more

Huge fine of nearly U.S. $2 million levied on Mexican bank after data breach

In early September, Mexico’s data protection authority, the National Transparency, Information Access and Data Protection Institute (INAI), issued a fine of 32 million pesos (U.S. $1.95 million) to Mexican bank Grupo...more

SEC Releases First Cybersecurity Enforcement Action for Failure to Protect Client Data

The SEC’s focus in the action was not on the manner of the firm’s responses to the breach or whether there was any actual harm, but predominantly on the adequacy of the firm’s written policies for safeguarding customer...more

Just Like Neiman Case, FTC v. Wyndham Decision Not All It’s Cracked Up to Be

Back on July 20 this year, the Seventh Circuit Court of Appeals decided Remijas v. Neiman Marcus, leading a chorus of pundits to declare that case changed everything when it comes to data breach cases, signaling a “new tilt...more

Advertising Law - September 2015

Third Circuit Affirms FTC's Power to Regulate Data Security Practices - Affirming the power of the Federal Trade Commission to regulate corporate cybersecurity, the Third Circuit Court of Appeals held that the agency may...more

FTC to Host Privacy and Security Event

On August 28, the FTC announced that it will hold a public event, PrivacyCon, to examine current research and trends in protecting consumer privacy and security. Several “whitehat” researchers, academics, industry...more

Are Your Directors Talking Enough About Privacy and Data Security?

The number of companies suffering data breaches, and the average cost associated with each incident, continues to rise. According to the Ponemon Institute’s 2014 Cost of Data Breach Study: Global Analysis, the average...more

$750,000 Settlement Agreement Reiterates Importance of HIPAA Security Rule Compliance

On September 2, 2015, the U.S. Department of Health and Human Services ("HHS") announced that it had entered into a Settlement Agreement with an Indiana-based medical practice for alleged violations of the Health Insurance...more

Also In the News - Data, Privacy, & Security Practice Report - August 2015

King & Spalding Client Alert On Unprecedented Hacking And Trading Scheme — On August 11, 2015, prosecutors in the District of New Jersey and the Eastern District of New York unsealed indictments against several individuals...more

Federal appeals court confirms FTC authority to regulate cybersecurity policies and procedures

Banks and other companies subject to the CFPB’s jurisdiction face the possibility that the CFPB could begin using its authority under Sections 1031 and 1036 of the Dodd-Frank Act (which proscribe unfair, deceptive or abusive...more

Social networking service, MeetMe, Inc., settles minors’ privacy violations for $200,000

On August 19, 2015, MeetMe, Inc. (MeetMe), a social networking website and mobile app, agreed to pay $200,000 and to change its privacy policies to settle a lawsuit alleging that MeetMe distributed teenagers’ geolocation and...more

Third Circuit affirms FTC’s jurisdiction over security practices in Wyndham case

In a strongly worded opinion, the Third Circuit Court of Appeals on Monday slammed Wyndham Worldwide Corporation’s arguments that the FTC did not have jurisdiction to enforce the security practices of businesses following a...more

The FTC Continues to Flex its Safe Harbor Enforcement Muscles

On August 17, 2015, the Federal Trade Commission (FTC) announced settlements with 13 companies on charges that they misled consumers by claiming that they were certified members of the U.S.-EU or U.S.-Swiss Safe Harbor...more

Appellate Court Confirms the FTC’s Power to Regulate Cybersecurity

In a highly-anticipated decision, the U.S. Court of Appeals for the Third Circuit has ruled in FTC v. Wyndham Worldwide Corporation that the Federal Trade Commission (“FTC”) is authorized to pursue lawsuits against those who...more

Newest FDA Newsletter from AGG

Once a month, AGG’s terrific FDA team publishes a newsletter updating readers on the latest regulatory news affecting food/drug companies–including those from Ireland and Northern Ireland. The August newsletter is here and...more

New Potential Liability for Data Security: U.S. Court of Appeals for the Third Circuit Announces FTC has Authority to Scrutinize a...

The U.S. Court of Appeals for the Third Circuit announced that the Federal Trade Commission (FTC) has the authority to scrutinize a business’s data security protocol -- and to file a complaint if the FTC finds that protocol...more

Encryption: What is it, Why do it!

Encryption is a basic term used to describe the act of encoding data, files, and digital communications such that only those with the cipher could read or understand the information.  Think back to the decoder ring you got in...more

Cybersecurity for Startups Now a Cost of Entry for Consideration by Larger Clients: What is Your Company's Plan?

For technology startups, maintaining strong security controls remains vital to winning new business opportunities and strengthening existing relationships. Despite the global spike in cybersecurity attacks (there were 42.8...more

Ashley Madison and Coming to “Terms” with Data Protection

A recent massive data hack of an online dating site Ashley Madison once again proves that what one publishes, says, or does online, even in seemingly private forums, is never completely private. It’s also a reminder that the...more

Update: Department of Defense Privacy and Information Handling/Department of Defense Proposed Rule

There is a lot going on with the government right now regarding information and privacy. As the saying goes, it is not a matter of if the system is hacked or taken advantage of but when. This update will quickly cover two...more

SEC Issues Final Rule on Pay Ratio Disclosure

Nearly two years after issuing the proposed rule, the U.S. Securities and Exchange Commission (SEC) on August 5, 2015, adopted by a 3-2 vote, the final rule on CEO-to-median employee pay ratio disclosure in what has become...more

34 Results
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.