Personally Identifiable Information

News & Analysis as of

Administrative Law Judge Dismisses FTC’s Complaint Against LabMD In Data Breach Case, Citing Lack Of Consumer Harm

On November 13, 2015, the Chief Administrative Law Judge (“ALJ”) Of the Federal Trade Commission (“FTC”) dismissed an Administrative Complaint against LabMD, Inc. (“LabMD”) regarding its data security practices. In a 92-page...more

Upping the Ante: Cybersecurity, the SEC and the Perils of Being Unprepared

The U.S. Securities and Exchange Commission is finally getting serious about cybersecurity – and for good reason. If the ever-growing business and headline risks aren’t enough to scare investment advisers and broker-dealers...more

FCC Settles Data Breach Investigation with Cox Communications

Recently, the Enforcement Bureau of the Federal Communications Commission (FCC) entered into a settlement with Cox Communications (Cox) resolving an investigation into whether the cable operator failed to properly protect its...more

Lab tech indicted for identity theft

A lab tech working at a Las Vegas pediatric cardiology practice has been indicted on one count of illegal use and disclosure of patient health information and one count of aggravated identity theft. The lab tech had...more

7th Circuit: Consumers are Not Injured by the Undisclosed Sale of Personally-Identifiable Information

On November 18, 2015, the U.S. Court of Appeals for the 7th Circuit held that consumers who authorized defendants to share their personally-identifiable information (PII) with third parties were not injured when defendants...more

Class Action Exposes Massive Data Leak Of Social Security and Drivers’ License Numbers of Every Registered Georgia Voter;...

Did the Georgia Secretary of State release the social security numbers, driver’s license numbers, and dates of birth of every registered Georgia voter? Those are the allegations first made by putative class representatives,...more

ALJ Dismisses FTC’s Data Security Suit Against LabMD for Failure to Prove ‘Substantial Injury’ to Consumers

In a landmark decision, an administrative law judge dismissed the FTC’s long-running data security lawsuit against Atlanta-based cancer screening laboratory, LabMD Inc., following an alleged data breach. Chief Administrative...more

The LabMD Case: Further Defining the FTC’s Enforcement Powers

The scaffolding of the FTC’s powers in the realm of cybersecurity continues to be built. On Monday, the FTC’s Chief Administrative Law Judge D. Michael Chappell issued an initial decision in the FTC’s closely watched...more

DOJ Unseals Indictment Against Individuals for Alleged Involvement in Hacks Against Various U.S. Institutions

On November 10, the DOJ unsealed an indictment against three individuals, Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein, for allegedly orchestrating and committing computer hacking crimes against U.S. financial...more

Solving the PII Problem: Securing Rogue Data in Discovery

In a recent article, my Kroll Ontrack colleagues Jim Loveall and John Pilznienski discussed the challenges of finding and removing personally identifiable information (PII) during discovery. While most organizations recognize...more

Commission Examines Privacy and Cybersecurity Issues Associated With Emerging Cross-Device Tracking Technology

On Monday, November 16, the Federal Trade Commission (FTC) held a workshop that examined the key privacy and security issues raised by emerging technologies that track users across their various devices, such as smartphones,...more

FTC Theory of Unrealized Consumer Injury Rejected in LabMD Data Security Case

In what could be a major setback for the Federal Trade Commission (FTC) in the data security arena, an Administrative Law Judge (ALJ) has ruled that an unfairness claim brought by the FTC under Section 5 of the FTC Act...more

California Amends Breach Notification Law: Unique New Refinements and Requirements

The California legislature has again amended the state’s breach notification statutes to impose new and unique requirements and refinements, adding further complexity to the patchwork of breach notification requirements....more

Delaware Enacts Comprehensive Online Privacy Protection Law

On January 1, 2016, the Delaware Online Privacy and Protection Act (“DOPPA”) will go into force, a law that provides strong online privacy protection for its residents. The new law targets three areas of compliance: (1)...more

New York DFS Submits Letter to Federal Regulators Regarding Potential Cybersecurity Regulations

On November 9, the New York DFS sent a letter to federal regulators and other interested parties, including the CFPB, Federal Reserve Board, and the OCC, regarding potential new regulations aimed at increasing cybersecurity...more

Dow Jones & Co. notifies 3500 of data breach

Dow Jones & Co. Has notified 3500 of its customers that their information has been accessed by unauthorized individual in a data breach that spanned August of 2012 through July of 2015. The unauthorized access, through...more

Privacy Tip #9: Destroying prescription information

Have you ever noticed how much of your personal information is included on a prescription bottle and its packaging? Take a look next time you pick up a prescription at the pharmacy. The outer packaging may include your name,...more

FCC Settles with Company Over Alleged Data Protection Failures

On November 5, the FCC resolved its first ever data security action against a cable company with a $595,000 settlement. According to the FCC, the company did not have adequate data security measures in place for employees and...more

“And That’s the End!” 11th Circuit Ends VPPA Action in Ellis, But Leaves the Question of What is PII Unresolved

Digital content and media providers got some good news from the U.S. Court of Appeals for the Eleventh Circuit in October when the court held that plaintiffs must be “subscribers” and not just users of a provider’s service to...more

Eleventh Circuit Affirms That Users of Free Mobile Applications Are Not Subscribers Under the Video Privacy Protection Act

The Video Privacy Protection Act was enacted in 1988 following the publication of Supreme Court nominee Robert Bork’s family video rental records. The Act generally prohibits “video tape service providers” from knowingly...more

National Labor Relations Board Issues Guidance Regarding Electronic Signatures

On October 26, the National Labor Relations Board issued revised guidance regarding its acceptance of electronic signatures to support a showing of interest. The revised guidance requires electronic signatures to contain the...more

Ninth Circuit Gives EEOC Broad Access to Employee Personal Information During Charge Investigation

When investigating administrative charges of discrimination, the Equal Employment Opportunity Commission often sends employers Requests for Information that seek details about employees similarly situated to the charging...more

Privacy Tip #8 – How teachers can assist students to be safe online

It is scary to read the headlines that kids become victims of crimes, some of them horrific, because of online activity. Kids are naive and susceptible to online predators. Parents must be vigilant in educating their children...more

Recent Amendments to Security Breach Notification Laws Further Complicate Breach Notification for Employers

It is not a matter of "if" but "when" an employer will be required to notify employees of a security breach.  Forty-seven states require employers to notify employees when defined categories of personal information, including...more

Data Breach Planning in 10 Easy Steps: How to Think Like A Litigator

For the first Tuesday in November, we have 10 easy steps to make sure that your data breach incident response planning is viewed from that pesky point of view of a litigator....more

1,120 Results
View per page
Page: of 45

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.