Personally Identifiable Information Data Security

News & Analysis as of

Air Force Security Clearance Files Compromised on Unsecured Backup Drive

Security researchers have discovered that an unsecured backup drive has compromised thousands of U.S. Air Force documents, including personnel files and sensitive forms filled out by senior and high-ranking officials. These...more

Are Your Federal Contractor Employees Required To Have Privacy Training?

The Federal Acquisition Regulations were recently updated to include a requirement that certain federal contractors provide privacy training to some of their employees. The training obligation does not apply to all employees...more

Global Privacy & Cybersecurity Update Vol. 13

On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more

Legal Considerations in the Aftermath of the Cloudflare Bug That Resulted in the Leak of Sensitive Data

On February 23, 2017, content delivery network (“CDN”) provider Cloudflare disclosed a computer bug in its software that resulted in the leak of sensitive information from potentially thousands of websites over the course of...more

OMB Federal Agency Data Breach Guidelines – Considerations for Industry

Earlier in February, the Executive Office of Management and Budget (“OMB”) issued Memorandum M-17-12 to federal agencies to set out guidelines and procedures for preparing for or responding to a breach involving the release...more

Sony Cyber-Attackers Lurking at Financial Supervisor “Watering Hole” Target Banks and Others

Cybersecurity specialists at BAE Systems and Symantec announced last week new evidence suggesting that the criminals behind the notorious 2014 attack on Sony Corp. are also responsible for recent cyber-attacks involving 104...more

Eighth Circuit Undoes Target Data Breach Settlement Class

The $10 million settlement class in the Target data breach case was unraveled by the Eighth Circuit Court of Appeals in a recent decision that will force the district court to address the impact of the Supreme Court’s...more

Employment Law Navigator – Week in Review: February 2017 #2

Last week, in her first public comments since her appointment, new EEOC Chair Victoria Lipnic indicated that the agency will focus on age discrimination, equal pay, and job growth. Lipnic also indicated that the agency will...more

Data Breach Notification Archive Made Publicly Available Online By Massachusetts Office Of Consumer Affairs

On January 3, 2017, the Massachusetts Office of Consumer Affairs and Business Regulation announced the online public availability of data breach notification records that it receives and maintains pursuant to the...more

ISO’s Privacy Standard for Cloud Service Providers

In July 2014, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) issued a new security standard – ISO 27018 – which attempts to outline best practices for public...more

Business Cybersecurity: Two Recent Court Decisions Highlight the Need to Take Preemptive Action Against Data Breaches

Nowadays, the prudent business owner should be cognizant of cybersecurity and the public relations and legal costs that can arise from a data breach. By holding personal information of customers, employees, or anyone else,...more

Changes in Japan Privacy Law to Take Effect in Mid -2017; Key Regulator Provides Compliance Insights

Recent changes to Japan’s Act on the Protection of Personal Information and the establishment of a new Personal Information Protection Commission have raised questions about how the world’s third-largest economy plans to...more

Happy Data Privacy Day! A Few Tips from the MVA Privacy and Data Security Group

Saturday January 28, 2017 is Data Privacy Day. The Moore & Van Allen Privacy and Data Security group took a break from the pre-holiday revelries to put together some thoughts and tips for DataPoints. So hoist a glass and...more

Cross-Device Tracking: An FTC Staff Report

On January 23, the Federal Trade Commission (FTC) released “Cross-Device Tracking: An FTC Staff Report,” which explains how cross-device tracking is used to track consumers across multiple devices, sets out the benefits and...more

Data Breaches: An Employer’s Duty to Protect Employees’ Personal Information

Recently, there has been much discussion about the Superior Court of Pennsylvania’s ruling in Dittman v. UPMC, which affirmed a lower court’s order dismissing an employee class action against their employer over a data...more

Employer Has No Legal Duty To Protect Employee Electronic Information

A court in Pennsylvania recently held that an employer does not have a legal duty to act reasonably in managing its computer systems to safeguard sensitive personal information collected from its employees, when the employer...more

Superior Court of Pennsylvania Affirms Rejection of Proposed Data Breach Class of UPMC Workers, Finding Hospital Owed No Duty to...

Affirming a lower court decision this blog discussed here, the Superior Court of Pennsylvania held January 12 that dismissal of a proposed data breach class action was proper, because the University of Pittsburgh Medical...more

OMB Issues Guidelines for Preparing for and Responding to PII Breaches

On January 3, the Office of Management and Budget (OMB) issued Memorandum M-17-12, which clarifies how federal agencies should prepare for and respond to data security breaches involving personally identifiable information...more

Bullet Points on a Primer: The Quick Version of the Sedona Conference’s Data Privacy Primer

The Sedona Conference has just published the public comment version of its Data Privact Primer, a publication of its very active Working Group on Data Security and Privacy Libaility. The primer is excellent. ...more

U.S. Military Special Operations Command Workers’ Data Exposed by Vendor

Military personnel continue to be victimized by data breaches. This time, the personal information of healthcare workers employed by Potomac Healthcare Solutions (Potomac), who work for a U.S. Special Operations Command were...more

State Data Breach Notification Laws

While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more

FTC Settles Data Breach Case with AshleyMadison for $1.6 Million

The Federal Trade Commission (“FTC”) settled with online dating website AshleyMadison.com for $1.6 million stemming from FTC and state actions brought against the company as a result of a July 2015 data breach that exposed...more

One Less (Regulator) Affair for AshleyMadison.com: Site Operators Agree to Settle U.S. Charges Stemming from 2015 Breach

Remember the 2015 AshleyMadison.com data breach, where hackers gained access to the personal information of about 36 million users from over 46 countries, and threatened and carried through on their promise to release the...more

Legal Considerations for Website Privacy Policies

We get questions from clients about whether they are required to include a privacy policy and, if so, what should it say. The answers may surprise you, but a privacy policy should definitely not be an afterthought for...more

“Life Is Short. Settle with the FTC” – The Cost of Ashley Madison’s 2015 Data Breach

On December 14, 2016, operators of online extramarital dating and social networking website AshleyMadison.com came to an agreement with the Federal Trade Commission, and several States, to settle FTC and related state charges...more

314 Results
|
View per page
Page: of 13
Cybersecurity

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×