Encryption

News & Analysis as of

Massachusetts High Court Permits Compelled Decryption of Seized Digital Evidence

Today, in Commonwealth v. Gelfgatt, No. SJC-11358 (Mass. June 25, 2014), a divided Massachusetts Supreme Judicial Court held that under certain circumstances, a court may compel a criminal defendant to provide the password to...more

Financial Services Report, Summer 2014

In This Issue: - Beltway Report - Bureau Report - Mobile Payments - Mortgage and Fair Lending Report - Operations Report - Preemption Report - Privacy Report - Arbitration Report - TCPA...more

Failure to Encrypt Mobile Devices = Nearly $2 Million in Settlements

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled for the collective amount of $1,975,220 with Concentra Health Services (Concentra) and QCA Health Plan, Inc. (QCA). The settlements stem...more

New rules for biometric data

New rules on the usage of biometric data issued by the Italian data protection authority (the “Garante” or “DPA“) are meant to clarify the applicable obligations with the purpose to ease the adoption of technologies relying...more

Stolen Laptops Lead to $2 Million Fine To Settle HIPAA Violations

Lost or stolen unencrypted mobile devices — commonly laptops — are the primary cause of major healthcare data breaches. This unfortunate trend persists, despite warnings from the Office for Civil Rights (OCR) of the U.S....more

Physical Therapy Provider Enters into HIPAA Settlement

U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced yet another enforcement action. Specifically, OCR opened a compliance review of Concentra Health Services (Concentra) upon...more

No More Excuses: Encrypt Your Laptops or Pay Big $

Two companies were hit with fines equaling a total of almost $2 million to settle alleged Health Insurance Portability and Accountability Act (HIPAA) violations involving stolen, unencrypted laptops, the U.S. Department of...more

The Heartbleed Lesson for All Companies? Manage the Risk...

Threats to data privacy are not going away, but establishing appropriate security measures up-front, performing regular stress-tests on a security system, putting in place procedures to address a data breach and implementing...more

Agencies Issue Denial of Service Guidance and Guidance on ATMs

On April 3, the members of the Federal Financial Institutions Examination Council (FFIEC), including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union...more

First Glance: Legal Implications of the Heartbleed OpenSSL Bug?

The vulnerability caused by the Heartbleed bug circumvents the purpose of OpenSSL: encryption. Therefore, the conclusion would appear to be that any data breach during the time of OpenSSL vulnerability would be reportable...more

Data-Encryption Is Patent Eligible Despite Not Being Tied to a Particular Machine - TQP Development, LLC v. Intuit Inc.

Addressing an argument that a data-encryption patent was directed to non-eligible subject matter because it covered an abstract idea divorced from a particular machine, Judge William Bryson, sitting by designation in the U.S....more

Do Not Forget to Lock the Backdoor: Adopting a Holistic Approach to Cybersecurity

While cybersecurity has traditionally focused on blocking attacks from the outside through perimeter defenses (e.g., firewalls, intrusion detection, penetration testing), unfolding facts concerning the recent Target data...more

Data Breach Wall of Shame: 2013's Highlights and Lessons

Since 2009, the HHS Office for Civil Rights (“OCR”) has posted all large data breaches – those that involve 500 or more individuals – online on its so-called “Wall of Shame.” In 2013, 160 large data breaches were reported to...more

Covered Entity Fined $150,000 For Stolen Unencrypted Thumb Drive

HHS recently announced that it fined a dermatology practice $150,000 for failing to reasonably safeguard an unencrypted thumb drive and failing to conduct an accurate and thorough risk analysis of electronic PHI....more

Another major medical data breach in California

Or….why are health care institutions still leaving laptops containing PHI unencrypted???? The Los Angeles Times (the “Times”) reported this week the theft of two laptops from an administrative office of hospital group...more

9th Circuit Joffe v. Google "Street View" Decision Raises Questions About Wiretap Act's "Radio Transmissions" Exception

Last week, the Ninth Circuit held that the Wiretap Act prohibits the kind of “interception” and collection of transmissions from unencrypted Wi-Fi networks that Google reportedly followed in compiling Street View data....more

Securing The Package Before It Goes Out: A Guide To Encryption

Preparing a production to opposing counsel is no longer a simple matter of Bates labeling paper documents, making copies of them, and putting the copies in a FedEx box. The advent of electronic discovery has made the...more

Free network feed-in for public channels in Germany

The German district court in Bremen held on the 9th of August 2013 that Kabel Deutschland (plaintiff), the biggest cable network company in Germany, is legally obliged to carry public channels, including that of Radio Bremen,...more

California Attorney General’s Report Reveals Millions Affected By Data Breaches In 2012

A report recently issued by the California Attorney General reveals that millions of Californians were the victims of a data breach in 2012, mostly due to intentional intrusions by outsiders or by unauthorized insiders....more

Recent California Decision Demonstrates Challenges Faced By Plaintiffs In Data Breach Litigation

On July 11, 2013, the U.S. District Court for the Central District of California granted a motion for judgment on the pleadings with respect to the majority of claims brought against Blizzard Entertainment, Inc. (“Blizzard”)...more

Privacy Monday - Breaches, lawsuits and legislation this Monday, July 15

Programming Error Leads to “Low Tech” Data Breach at Indiana Family and Social Services Administration - Although it started with a programming error, the breach itself was paper document. Apparently, a programming...more

A Hurdle To Obtaining Electronic Evidence

While many cases focus on electronic evidence available on employee laptops and behind corporate firewalls, massive volumes of electronic evidence can be found on the servers of companies that provide electronic processing...more

Is Your Cyber-Security Better Than a Fortune 500's?

Half of Fortune 500 companies would face “serious harm” or be “adversely impacted” by a cyber-attack. The greatest perceived harms are loss or theft of confidential information, loss of reputation and direct loss from...more

California AG Releases Data Breach Report, Proposes Data Security Policy Changes

On July 1, California Attorney General Kamala Harris (AG) released a report analyzing data breaches reported to her office in 2012, the first year companies were required to report to the AG any breach involving more than 500...more

Use Caution When Traveling With Encryption Software

"If you bring a laptop or smartphone outside of the United States, you need a basic understanding of how international export control laws may apply to your device’s encryption software."...more

44 Results
|
View per page
Page: of 2