Personally Identifiable Information

News & Analysis as of

The Uber Playbook: 5 Best Practices for Protecting Data Privacy

The risks are significant if managing sensitive data is not part of a proactive plan—the consequences can include penalties, sanctions and reputational damage....more

Foreign Data Center Subject to Reach of U.S. Government

Following the July 31, 2014 decision of a New York federal judge in In re Warrant to Search a Certain E-mail Account Controlled and Maintained by Microsoft Corp., 1:13-mj-02814 (SDNY), U.S. companies should be aware that data...more

California Federal Court Dismisses User Information Claims Against Digital Wallet Company

On August 12, the U.S. District Court for the Northern District of California dismissed for failure to state a claim a putative class action alleging that a digital wallet provider made unauthorized disclosures of user...more

Chinese Hackers Infiltrate Health System Network – Information of 4.5 Million Individuals Stolen

Community Health Systems, Inc. (“CHS”) reported yesterday that the information of approximately 4.5 million individuals has been affected by a Chinese cyber-attack. CHS and its affiliates own and operate 206 hospitals in 29...more

Consumer Protection Organization Petitions FTC To Enforce U.S.-EU Safe Harbor Framework

On August 14, the Center for Digital Democracy (CDD) announced that it filed a complaint with the FTC claiming that 30 U.S. companies are compiling, using, and sharing EU consumers’ personal information without their...more

New Guidance for Merchants on Ensuring that Service Providers Share Security Responsibility

For merchants, long gone are the days of using a card reader with a dial-up connection to their payment processor. Today’s omni-channel retailers rely on multiple third party service providers to complete payment card...more

The EU Article 29 Working Party's Guidance on the "Legitimate Interest" Ground for Processing Personal Data

When precisely is a data controller lawfully permitted to process personal data? If a data controller does not have the consent of a data subject to process his or her data, when does the “legitimate interest”...more

How Are You Affected By The Recent Massive Data Breach?

As you have probably seen, it was announced on Tuesday, August 5th, that usernames and passwords from 1.2 billion Internet accounts from over 420,000 websites were stolen by a criminal organization in Russia. According to...more

Privacy Tuesday – August 2014

We are just two Mondays away from Labor Day, the traditional end of summer in the United States. Here are some privacy tidbits to get your week started. See especially Jake Romero’s piece on the new Delaware data...more

Russian Cyberattack May Trigger State Security Laws And Notification Obligations

Now that entities are aware that at least 1.2 billion records have been compromised from websites spanning across all industries, a question arises whether entities have an obligation to investigate whether their websites...more

From Russia With Love: ‘Do svidaniya’ Peace Of Mind, Hello Information Security Training

So, this is rather embarrassing to admit, but I am one of those people that knows exactly what to do when your personal information is stolen. It’s not embarrassing that I know what to do. It’s embarrassing why I know what to...more

Dutch court rules that asking clients to share their personal banking security credentials is unlawful

On Wednesday 30 July 2014, the District Court of Midden-Nederland ruled in preliminary relief proceedings (kort geding) that AFAS Software B.V. (AFAS) is acting unlawfully and must desist from asking customers of ING Bank...more

The Great Russian Internet Heist – What Now?

A breach of this nature is reportable under the breach notification laws in both California and Florida, as recently amended: “Personal Information” includes user name or email address, in combination with a password or...more

Privacy Update: In For A Penny, In For A Pound

A Warning for Health Service Providers - The Australian Privacy Commissioner has found that a suburban Melbourne medical practice has breached the Privacy Act 1988 (Cth) by failing to take reasonable steps to secure...more

Employment Law Commentary -- Volume 26, Issue 7 July 2014 -- Building A Workforce Culture Of Data Security In The Post-Snowden Era

Last month’s Employment Law Commentary discussed the high level of international attention now being paid to protecting trade secrets from misappropriation, with recommendations for practical steps that companies may take to...more

Sourcing Reference Guide: A reference tool for customers and service providers explaining current best practice and thinking from...

Outsourcing and the New Australian Privacy Law: In a nutshell - In Australia all APP Entities which collect, use or disclose Personal Information must, under the Privacy Act 1988 (Cth) (“Act”), take reasonable steps...more

Trending Information: The Connection Between Data Brokers and the Fashion Industry

Consumers frequently reveal personal information about themselves through a variety of daily online and offline activities. For fashion designers and retailers, this consumer information represents a valuable tool to...more

Delaware Adopts Law Requiring the Destruction of Consumers’ Personally Identifiable Information

On July 1, 2014, Delaware Governor Jack Markell signed into law Delaware House Bill 295, which amends Section 6 of the Delaware Code relating to trade and commerce. The new law, 6 Delaware Code §§50C-101 thru 50C-401, places...more

How can you avoid identity theft?

Getting charged for $1000 worth of electronics that you didn’t buy. Seeing your credit score plummet for seemingly no reason. These types of scenarios are potential nightmares for most of us, but they seem unlikely...more

Florida’s New Data Breach Notification Law And What It Means for Florida Businesses

The Florida Information Protection Act of 2014 (the “Act”) became effective July 1, 2014 and replaced Florida’s previous data breach notification law. Under the Act, all Florida businesses must take “reasonable measures to...more

Delaware's New Data Destruction Law Takes Effect January 1, 2015

Delaware House Bill 295 was signed into law on July 1. The law provides that if a commercial entity seeks to dispose of records containing consumers' personal identifying information, the commercial entity must take...more

Have You Upgraded Your XP Yet?

Microsoft officially ended support for Windows XP in April 2014, but not everyone has made the decision to upgrade their operating systems. By choosing to stick with Windows XP, users may be leaving themselves vulnerable to...more

Report From Counsel: Insights and Developments in the Law - Summer 2014

In this Issue: - Small Businesses and Job Discrimination - Noncompetition Agreements and Arbitration - Real Estate Deals Gone Wrong - Ensure Your Financial Privacy - Excerpt from Small...more

Financial missteps and equal access: Is bounced check history now private information?

A consumer reporting agency may collect and compile this information, and it may be accessed, but others cannot use it If you want to open a consumer checking or savings account at a bank, credit union or other...more

DOJ and FTC’s Cybersecurity Policy Statement Should Ease Antitrust Nerves

Several recent and well-publicized cyberattacks have increased the visibility of their threat to businesses’ private financial information and customers’ personal information. The increased attention has also led companies...more

493 Results
|
View per page
Page: of 20