Personally Identifiable Information

News & Analysis as of

Investment Adviser Settles SEC Cybersecurity Enforcement Action; SEC Issues Investor Alert

On September 22, the U.S. Securities and Exchange Commission (“SEC”) and R.T. Jones Capital Equities Management, Inc. (“R.T. Jones”), a St. Louis-based investment adviser, settled charges that R.T. Jones failed to adopt...more

Court Grants Standing Against Coca-Cola Employer for Breach of Employee Information

The decision does not change the law on what is necessary to prove standing, although it does reinforce the notion that a plaintiff will have standing if he or she can allege a concrete injury. In the latest in a slew of...more

SEC Brings First Cybersecurity Enforcement Proceeding in Wake of Risk Alert

Highlights Areas of High Risk and Examination Priorities for Financial Industry Firms - On September 15, the U.S. Securities and Exchange Commission’s (SEC’s) Office of Compliance, Inspections and Examinations (OCIE),...more

The SEC Opens Up a New Front in the Cybersecurity Wars

For the last few years, the SEC has been issuing guidance as to appropriate cybersecurity policies and procedures for financial firms. In a move that signal’s the regulator’s willingness to put muscle into its cybersecurity...more

SEC Fines Investment Firm $75,000 for Failing to Adopt Written Cybersecurity Policies and Procedures

Investment firm R.T. Jones Capital Equities Management (R.T. Jones) has agreed to settle with the Securities and Exchange Commission (SEC) and pay a $75,000 penalty over charges that it failed to adopt written policies and...more

Effects of Schrems Ruling on International Internal Investigations

In a recent landmark decision, Maximillian Schrems v. Data Protection Commissioner, Europe’s highest court struck down a US-EU agreement that allowed companies to move personal electronic data between the European Union and...more

OIG Report Finds CMS’s MIDAS System Needs Improvement in Information Security Controls

On September 14, 2015, the OIG released a Public Summary Report finding that although CMS had implemented controls to secure the Multidimensional Insurance Data Analytics System (MIDAS) and consumer personally identifiable...more

New Delaware Act Requires Online Privacy Policy for Websites

A new privacy law requires companies to make specific statements about what information is collected on its website. Like California, it also requires that companies state in writing whether they respect “Do Not Track”...more

Trump Hotel Collection Confirms Year-Long Data Breach

Trump Hotel Collection, the high-end hotel chain owned by the billionaire Republican presidential hopeful and real estate developer Donald Trump, has confirmed a data security breach involving malware that the company says...more

Investment Adviser and SEC Agree to Settle Charges Arising out of Failure to Adopt Written Cybersecurity Policies Required by the...

The SEC charged investment adviser R.T. Jones with willfully violating the Safeguards Rule by failing to adopt written policies and procedures designed to protect customer records and information. The Safeguards Rule requires...more

CFPB Information Security Remains a Challenge

The Office of the Inspector General (OIG) has released the “2015 list of major management challenges” faced by the CFPB that the OIG believes will hamper the CFPB’s ability to accomplish the CFPB’s strategic objectives. Like...more

Defense Contractors – Under the DOD’s Interim Rule, It Is Time Once Again To Update Your Data Breach Response Plans

In an interim final rule published on October 2, another layer has been added to the compliance landscape for defense contractors. In addition to complying with breach notification requirements in as many as 47 different...more

SEC Ramps up Cybersecurity Scrutiny With Examination Priorities and an Enforcement Action

Why it matters - Signaling that it will continue to increase its scrutiny of firms' cybersecurity readiness, the Office of Compliance, Inspections and Examinations of the Securities and Exchange Commission (SEC) issued a...more

SEC Steps Up Cybersecurity Enforcement

September has been a busy month for the SEC in addressing cybersecurity. In the span of a week, the SEC issued a new alert in connection with its cybersecurity examination of Wall Street firms, entered a Cease and Desist...more

States Continue To Grapple With Data Breach Notification Issues

Connecticut’s data breach notification law currently requires notification “without unreasonable delay.” Effective October 1, 2015, Connecticut will (a) require notice of any breach of security not only “without unreasonable...more

US Safe Harbor Not Safe from EU Court Ruling

A major European court has just pulled the rug out from under nearly 5,000 US companies, snatching away the relative business certainty of the Data Transfer Safe Harbor, and maybe the safety of standard contract clauses and...more

Pennsylvania Data Breach Class Action Survives Motion to Dismiss

A federal judge in Pennsylvania has allowed a data breach class action against Coca-Cola and several bottling companies to proceed, finding that the plaintiff has Article III standing even though he had left Coca-Cola’s...more

Second Chance to File Oppositions to CTIA Challenge

In its June 2015 Lifeline Order on Reconsideration, the FCC adopted a new rule which requires ETCs to retain documentation demonstrating subscriber eligibility for Lifeline, such as a copy of the applicant’s food stamp card...more

ECJ Decision on Safe Harbor Framework Could Have Far Reaching Implications

A landmark decision is expected on Tuesday by the European Court of Justice (“ECJ”) on the validity of the EU-US Safe Harbor Framework as an adequacy mechanism for European companies to transfer personal information to U.S....more

"Phantom" Debt Collectors Actually Sued by FTC, Banned From Business

Why it matters - The operators of a scam that processed more than $5.2 million in payments from consumers for payday loans that were not owed to the operators are now banned from the debt collection business, the Federal...more

Safe Harbor Invalidated – What’s Next on the Chopping Block?

As I reported earlier today, the Court of Justice of the EU (ECJ) has declared Safe Harbor invalid. The full decision is now available online in English (other languages also available at by searching on...more

EU Top Court’s Safe Harbor Decision Invalidates Safe Harbor and Sends Facebook Case Back to Irish Data Protection Authority

The initial reports of the ECJ’s decision in the Schrems Safe Harbor case (C-362/14) indicate that the Court of Justice of the EU has declared Safe Harbor invalid and sent the case back to the Irish Data Protection Authority...more

EU U.S. Data Protection: The Safe Harbor Framework Under Attack

As a reaction to recent disclosures and revelations about the data collection and surveillance by the US government, the Safe Harbor permitting the transfer of personal information from the EU to the US is under attack, and...more

Security Breach at Experian Exposes Personal Data of 15 Million T-Mobile Customers and Prospective Customers

On October 1, 2015, Experian, the world’s largest consumer credit monitoring firm, announced that an unauthorized party (i.e., hacker) had gained access to the personal data of approximately 15 million customers and...more

Is the Safe Harbor Framework Still Safe?

On October 6, 2015, the European Court of Justice (ECJ) will issue its decision in Schrems v. Data Protection Commissioner, Case C-362/14, which may invalidate the U.S.-EU Safe Harbor Framework. The Safe Harbor Framework...more

1,045 Results
View per page
Page: of 42

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.