Personally Identifiable Information

News & Analysis as of

Delaware Data Destruction Law Highlights the Necessity of Data Destruction Plans

The list of states requiring the disposal or destruction of personal data is growing, and companies need to respond accordingly by adopting data destruction plans. Delaware recently became the latest in a series of states to...more

Recent Changes to California Laws - the Healthcare Perspective

Workers’ Compensation Insurance for Professional Athletes - AB 1309; Labor Code §3600.5 - The efforts made by professional athletes seeking workers’ compensation benefits for injuries that they sustained on the...more

Breaking News: The COPPA Enforcement Actions Are Here!

As we predicted in prior blog posts, the Federal Trade Commission has begun its vigorous enforcement of the Amended COPPA Rule. And one of the players is not a child-related site, so read on. The Commission just announced ...more

Why Worry About a Little Skimmer?

Merchants—rightfully so—are worried about securing their payment card environments so that their name does not appear in a headline discussing how millions of cards were stolen from them. Faced with the challenge of...more

Europe Not Yet Satisfied with Adequacy of Québec’s Privacy Law

On June 4, 2014, the Article 29 Working Party (WP 29) issued a report to the European Commission (EC) regarding an application by the Province of Québec, Canada for status as a jurisdiction providing an adequate level of...more

FTC Final Orders with Fandango and Credit Karma Provide Guidance on Mobile App Security

In August 2014, the Federal Trade Commission (“FTC”) approved final orders resolving its actions against Fandango, LLC (“Fandango”) and Credit Karma, Inc. (“Credit Karma”) for allegedly misrepresenting the security of their...more

Proposed FERPA Update Would Strengthen Student Data Privacy

On July 30, 2014, two U.S. senators introduced the Protecting Student Privacy Act, which would update the sections of the Family Educational Rights and Privacy Act (FERPA) that deal with protecting the privacy of students'...more

Privacy Top Five: Issues And Concerns In The First Six Months Of The Apps

That is, on receiving the personal information from a third party, you must contact each individual whose personal information you have now “collected” and notify them of the mandatory matters specified in the APPs, if such...more

New Zealand: The ‘naming names’ drive for privacy compliance

In a move that will be of great interest to any agency dealing with personal information, the New Zealand Privacy Commissioner has indicated that it will be adopting a policy to routinely ‘name names’ of agencies that have...more

ICO publish Data Protection Guide for the media

The Leveson Inquiry highlighted a prevailing confusion as to how data protection law applies to journalism and the media. To tackle this it was recommended that the Information Commissioner’s Office (ICO) work to prepare a...more

Record Actions Force Companies to Reevaluate How They Protect Consumers

Last week the FCC’s Enforcement Bureau announced that Verizon agreed to pay a record US$7.4 million to settle an investigation related to the company’s treatment of consumer personal information. Specifically, the Commission...more

Court Holds that Privacy Violations Allegations Are Not Covered

A federal court in Washington recently issued an unpublished decision affirming that a common policy exclusion protects insurers from having to provide coverage in certain cases of alleged privacy violations. The same court...more

Privacy or Politics? – Russia Seeks More Control Over its Citizens’ Personal Data

Back in July, President Vladimir Putin signed a law (Federal Law No. 242-FZ) that compels “data operators” to store Russian citizens’ personal data only inside Russia. Previously, Russian law allowed the storage of data...more

The Uber Playbook: 5 Best Practices for Protecting Data Privacy

The risks are significant if managing sensitive data is not part of a proactive plan—the consequences can include penalties, sanctions and reputational damage....more

Foreign Data Center Subject to Reach of U.S. Government

Following the July 31, 2014 decision of a New York federal judge in In re Warrant to Search a Certain E-mail Account Controlled and Maintained by Microsoft Corp., 1:13-mj-02814 (SDNY), U.S. companies should be aware that data...more

California Federal Court Dismisses User Information Claims Against Digital Wallet Company

On August 12, the U.S. District Court for the Northern District of California dismissed for failure to state a claim a putative class action alleging that a digital wallet provider made unauthorized disclosures of user...more

Chinese Hackers Infiltrate Health System Network – Information of 4.5 Million Individuals Stolen

Community Health Systems, Inc. (“CHS”) reported yesterday that the information of approximately 4.5 million individuals has been affected by a Chinese cyber-attack. CHS and its affiliates own and operate 206 hospitals in 29...more

Consumer Protection Organization Petitions FTC To Enforce U.S.-EU Safe Harbor Framework

On August 14, the Center for Digital Democracy (CDD) announced that it filed a complaint with the FTC claiming that 30 U.S. companies are compiling, using, and sharing EU consumers’ personal information without their...more

New Guidance for Merchants on Ensuring that Service Providers Share Security Responsibility

For merchants, long gone are the days of using a card reader with a dial-up connection to their payment processor. Today’s omni-channel retailers rely on multiple third party service providers to complete payment card...more

The EU Article 29 Working Party's Guidance on the "Legitimate Interest" Ground for Processing Personal Data

When precisely is a data controller lawfully permitted to process personal data? If a data controller does not have the consent of a data subject to process his or her data, when does the “legitimate interest”...more

How Are You Affected By The Recent Massive Data Breach?

As you have probably seen, it was announced on Tuesday, August 5th, that usernames and passwords from 1.2 billion Internet accounts from over 420,000 websites were stolen by a criminal organization in Russia. According to...more

Privacy Tuesday – August 2014

We are just two Mondays away from Labor Day, the traditional end of summer in the United States. Here are some privacy tidbits to get your week started. See especially Jake Romero’s piece on the new Delaware data...more

Russian Cyberattack May Trigger State Security Laws And Notification Obligations

Now that entities are aware that at least 1.2 billion records have been compromised from websites spanning across all industries, a question arises whether entities have an obligation to investigate whether their websites...more

From Russia With Love: ‘Do svidaniya’ Peace Of Mind, Hello Information Security Training

So, this is rather embarrassing to admit, but I am one of those people that knows exactly what to do when your personal information is stolen. It’s not embarrassing that I know what to do. It’s embarrassing why I know what to...more

Dutch court rules that asking clients to share their personal banking security credentials is unlawful

On Wednesday 30 July 2014, the District Court of Midden-Nederland ruled in preliminary relief proceedings (kort geding) that AFAS Software B.V. (AFAS) is acting unlawfully and must desist from asking customers of ING Bank...more

500 Results
|
View per page
Page: of 20