Personally Identifiable Information

News & Analysis as of

EU U.S. Data Protection: The Safe Harbor Framework Under Attack

As a reaction to recent disclosures and revelations about the data collection and surveillance by the US government, the Safe Harbor permitting the transfer of personal information from the EU to the US is under attack, and...more

Security Breach at Experian Exposes Personal Data of 15 Million T-Mobile Customers and Prospective Customers

On October 1, 2015, Experian, the world’s largest consumer credit monitoring firm, announced that an unauthorized party (i.e., hacker) had gained access to the personal data of approximately 15 million customers and...more

Is the Safe Harbor Framework Still Safe?

On October 6, 2015, the European Court of Justice (ECJ) will issue its decision in Schrems v. Data Protection Commissioner, Case C-362/14, which may invalidate the U.S.-EU Safe Harbor Framework. The Safe Harbor Framework...more

FTC Gives Words of Warning to the Wise

The Federal Trade Commission has issued new guidance on data security to help businesses that collect, store and use consumer information to stay out of hot water with the agency. Gleaned from the more than 50...more

The Legacy of the RadioShack Bankruptcy and the Importance of PII

Customer information has become an increasingly valuable business asset. And, the volume and detail of other available information about consumers has increased along with it, well beyond mere customer names and addresses to...more

Indonesia publishes data protection rule aimed at government agencies

On 14 July 2015, the Indonesian government published the Draft Regulation of the Minister of Communication and Information (RPM) of the Protection of Personal Data in Electronic Systems (‘Draft Regulation’). Pursuant to...more

Systema Software exposes information of 1.5 million on Amazon Web Service

Systema Software, which provides software solutions for claims management, is investigating a breach (although it was discovered, accessed and confirmed by an independent third party) involving information of 1.5 million...more

Comment period extended for NIST Cybersecurity Practice Guide

The National Institute of Standards and Technology has announced that due to stakeholder feed-back, the period to submit comments for the draft guide, “Securing Electronic Health Records on Mobile Devices” has been extended...more

SEC Settles Charges Against Investment Firm that Failed to Adopt Cybersecurity Policies Before Data Breach

Recently, the SEC announced that R.T. Jones Capital Equities Management, a St. Louis-based investment adviser, agreed to settle charges that it failed to establish the required cybersecurity policies and procedures before a...more

Retail Industry EMV Compliance Deadline Arrives Today - Credit Card Fraud Liability Shifts

Starting today, October 1, 2015, a substantial portion of the liability associated with in-store fraudulent credit card purchases shifts from credit card issuers, such as banks or credit unions, to retail merchants. Credit...more

SEC brings first cybersecurity-related enforcement action

The Securities and Exchange Commission (“SEC”) recently settled its first cybersecurity-related enforcement action against a Missouri based registered investment adviser, R.T. Jones Capital Equities Management, Inc. (the ...more

Boston’s MBTA joins the bluetooth beacon bus –it will now track the movement of its riders

If you don’t think you are being tracked as you move around Target or Macy’s or even through a local museum, you must not have a smartphone. Many companies are now using beacons –or stationary devices that measure the...more

Cybersecurity + Law Enforcement: The Cutting Edge Symposium | Friday, OctobeWU Law | Bristol,r 16, 2015 R Rhode Island

Cybersecurity, encryption, and government surveillance are daily challenges for public officials, corporations, and lawyers. On October 16, the Roger Williams University School of Law will present Cybersecurity and Law...more

A Compilation of Enforcement and Non-Enforcement Actions

Non-Enforcement Cybersecurity Is At the Top of SEC Examination Concerns In a recent SEC “risk alert” for registered broker-dealers and investment advisers, the SEC’s Office of Compliance Inspections and Examinations (OCIE)...more

What is reasonable? The emerging legalities of cybersecurity post-Wyndham

This month’s edition of the Advanced Cyber Security Center’s newletter includes my discussion of lessons to be learned from the Wyndham decision: Historically, security was an issue reserved in a back room for the IT...more

SEC Announces First Cybersecurity Enforcement Action Against an Investment Adviser for Failure to Protect Client Data

On September 22, 2015, the Securities and Exchange Commission (SEC) announced its first cybersecurity-related enforcement action against an investment adviser for failure to protect customer records and information. According...more

Notifying Parties In Username/Password Breaches . . . It’s Not Just the Law

As we head into the end of 2015, state legislators across the country continue to strengthen, update and, in some instances, broaden the scope of their respective state data breach notification laws. Specifically, many...more

FTC Fines Can Add Salt to a Cybersecurity Wound

Cyberattacks are on the rise—so much that we seem to hear about a high-profile hack more often than it probably rains in most parts of California. Although reputational damage from a cyberattack can be scarring, a recent U.S....more

Status Updates: Court nixes VPPA claim; lawyer suspended over blog posts; Facebook ‘unfriending’ cited in bullying decision

Tale of the tape. The Video Privacy Protection Act (VPPA), which requires video service providers to destroy personally identifiable information after a specified time, doesn’t provide a private right of action for plaintiffs...more

The Legal Lessons of Data Breaches

Every business would love to find a fortune teller to give it insight into what trends to follow, which risks to take, and when “exposure” will convert to liability. Some clients might say that, unfortunately, their lawyers...more

SEC Penalizes Investment Adviser over Inadequate Cyber-Risk Program Prior to Data Breach

On September 22, the SEC ordered a Missouri-based investment adviser to pay a $75,000 penalty, settling allegations that the investment adviser failed to implement required written cybersecurity policies and procedures prior...more

Uncertainty for the U.S.-EU Safe Harbor Intensified by Non-Binding Recommendation for EU High Court Advisor

In a non-binding opinion issued on September 23, 2015, an Advocate General for the European Court of Justice (“ECJ”) recommended that the ECJ suspend the U.S.-EU Safe Harbor program (“Safe Harbor”) and reexamine whether the...more

The Russian Data Protection Authority, Roskomnadzor, Enforces New Russian Data Localization Law

On September 9, 2015, the Federal Service for Supervision of Communications, Information Technology and Mass Communications (the “Roskomnadzor”) reported on its website that it blocked an extensive online database of more...more

Who is Stealing Your Trade Secrets? An Overview of Key Threats

Every company has trade secrets – for some, they may be special manufacturing processes, for other organizations, trade secrets could include product formulae, customer lists, software code or marketing strategies. The more...more

Data Breach Class Claims Survive Clapper

On appeal to the Seventh Circuit, a three-judge panel opinion written by Chief Judge Woods reversed the lower court. Remijas v. Neiman Marcus Group, LLC, No. 14-3122, 2015 WL 4394814, at *3 (7th Cir. July 20, 2015). The panel...more

1,023 Results
View per page
Page: of 41

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.