Personally Identifiable Information

News & Analysis as of

Iowa Breach Notification Law Now Requires AG Notification, Applies to Paper Records

Iowa recently joined an increasing number of states that require notification of state regulatory authorities following a breach, as well as a handful of states in which paper records can trigger notification obligations....more

How Significant is the Wyndham Case to the US Cybersecurity Legal Landscape?

The security community has been abuzz this week with the US. District Court of New Jersey's April 7 ruling in Federal Trade Commission v. Wyndham Worldwide Corporation, et al. Wyndham had asserted in a motion to dismiss that...more

Kentucky Enacts Data Breach Notification Statute

On April 10, 2014, Kentucky Governor Steve Beshear signed H.B. 232 into law, making Kentucky the 47th state to enact data breach notification legislation. Prior to H.B. 232, Kentucky was one of only four states—including...more

With Nowhere to Hide, Couch Potatoes Offer Opportunity and Peril for Content Providers

The emerging home entertainment market is rife with both opportunity and peril for media and entertainment content providers. Home entertainment is increasingly provided through “Smart” devices such as Microsoft Xbox and...more

HIPAA Complaint Seeks Class Action Status

A complaint filed in the Superior Court of California on March 14, 2014, requested certification as a class action and sought a wide variety of damages arising from a breach of personal information. Doe vs. Sutherland Health...more

How Much Are You Willing To Pay For Privacy?

How much are you willing to pay for personal privacy? 50% off a McDonald’s hamburger? 20% off groceries? Participation in the $1 Billion NCAA Tournament Bracket Challenge?...more

EDRM Releases A New Model For Analyzing Private Data

Recent high-profile data breaches have placed security of personally identifiable information (PII) at the forefront of many organizations’ concerns. Protecting PII and other private data can be a significant undertaking....more

Over 20 Million Customer Accounts Affected by Data Breaches in California; Attorney General Harris Promises Increased Enforcement

When you think of catastrophic events that take place online and have a devastating effect on millions of people, you probably think of HBO Go crashing during the True Detective finale. However, California Attorney General...more

CFTC Staff Issues Best Practices for Customer Information Safeguards

The CFTC’s Division of Swap Dealer and Intermediary Oversight issued a Staff Advisory outlining recommended best practices for covered financial institutions to comply with Title V of the Gramm-Leach-Bliley Act of 1999...more

Five Reasons Why The Sony Data Breach Coverage Decision Is Wrong

Five Reasons Why The Sony Data Breach Coverage Decision Is Wrong On Friday February 21st, a New York trial court judge let Sony’s insurers, Zurich American Insurance Co. and Mitsui Sumitomo Insurance Co., off the coverage...more

Congress Steps Up its Scrutiny of Data Brokers

In keeping with Congress’s heightened focus on privacy practices in the data broker industry, Senators Jay Rockefeller (D-W.Va.) and Ed Markey (D-Mass.) introduced a bill that would require increased transparency and...more

Bernard v. Canada (Attorney General): Appellate Review of a Lower Court’s Interpretation of its Own Order & New Charter Arguments...

On February 7, 2014, the Supreme Court of Canada released its judgment in Bernard v. Canada (Attorney General), 2014 SCC 13, a case involving the judicial review of a decision by the Public Service Labour Relations Board...more

Avoid Identity Theft Tax Troubles

Anyone can become a victim of identity theft, and it can happen anywhere. Michael Stores, Neiman Marcus and Target are simply the latest merchants to report that customer information was stolen. While being a victim of...more

California Moves to Restrict Collection of Consumer Personal Information Online: the Process, History and Politics Behind Senate...

The California Senate has passed a bill restricting the information that certain online retailers can collect in connection with consumer purchases. Senate Bill 383 would amend Sections 1747.02 and 1747.08 of the California...more

Target Data Breach: Dangerous Credit

In December, retail giant Target Brands, Inc. revealed it had suffered a data breach affecting approximately 40 million customers across the country. The breach occurred between November 27 and December 15 of last year....more

U.S. Privacy and Data Protection: 2013 Year in Review and a Look Ahead to 2014

In Boston, we celebrated Data Privacy Day (January 28) by presenting “U.S. Privacy and Data Protection: 2013 Year In Review and a Prediction of What’s to Come in 2014” for participants in an IAPP KnowledgeNet. Our panel of...more

What is the Difference Between FERPA and PPRA? Protecting Student Privacy and Confidential Education Records

Two important federal laws protect the privacy rights of all students: the Family Educational Rights and Privacy Act of 1974, 20 U.S.C. 1232g, “FERPA” and Protection of Pupil Rights Amendment, 20 U.S.C. §1232h, “PPRA.” Both...more

Failure To Protect Data May Be an Unfair Business Practice

The Federal Trade Commission (FTC) has announced settlement of charges against Accretive Health, Inc. The FTC had alleged that Accretive engaged in an unfair business practice when it failed "to employ reasonable and...more

FTC Continues Aggressive FCRA Enforcement against Data Brokers

The Federal Trade Commission continues to aggressively enforce the Fair Credit Reporting Act (FCRA) against data brokers, as shown by its recent settlement with TeleCheck Services, Inc. The settlement requires TeleCheck to...more

Damages Issues Again Thwart the Bulk of Plaintiffs’ Claims in the PlayStation Network Data Breach Class Action

In the latest chapter in the Sony PlayStation Network (“PSN”) data breach saga, a decision that issued on January 21, 2014 permanently dismissed all but a handful of the class action claims advanced in a 51 count complaint. ...more

FTC and Accretive Health Settle Unfair Business Practice Complaint Centered on Data Security Measures

Accretive Health recently agreed to settle a Federal Trade Commission (FTC) complaint that stems from a July, 2011 incident in which an Accretive employee’s laptop was stolen from his car. As a medical billing and revenue...more

FTC Clamps Down on EU Safe Harbor Compliance: If Your Company Says It Is Certified, Keep Your Certification Current

Once again using its administrative litigation process, the Federal Trade Commission (“FTC”) announced settlements with twelve large businesses, including the Atlanta Falcons and Denver Broncos football teams, the Baker Tilly...more

Guidance on Personal Data Used in Advertising in Germany

German data protection authorities published new guidelines in December 2013 about the collection and processing of personal data for advertising purposes. The 2013 advertising guidelines (available here in German)...more

Retail Industry On High Alert In Wake Of Security Breaches

The massive cyber-security breach at Target put the company in the media spotlight with as many as 110 million customers potentially at risk. With another security breach reported at Neiman Marcus, dozens of lawsuits have...more

Connecticut Appellate Court Affirms Denial of Coverage Under CGL Policy for Data Breach

As more data breaches and information security events occur, the insurance industry will see more disputes over whether losses from these events are covered under commercial general liability (CGL) policies. In the latest...more

409 Results
|
View per page
Page: of 17