Privacy Policy

News & Analysis as of

The Legacy of the RadioShack Bankruptcy and the Importance of PII

Customer information has become an increasingly valuable business asset. And, the volume and detail of other available information about consumers has increased along with it, well beyond mere customer names and addresses to...more

Alert: Student Data Privacy: States Keep Up the Momentum

While Congress continues to consider (but not act on) nationwide student data privacy initiatives, the states continued to lead the charge in 2015. Earlier this year, we reported that, in 2014, 36 states introduced 110...more

Weekly Privacy Tip #3 – Know how apps are accessing and using your constant location

Everyone loves their smartphone. Everyone loves the newest app. Angry Birds has lots of company now. But most people don’t know the back end of apps and how they are accessing, using and selling your data. Why? Because no one...more

Apple and The World’s Most Public Privacy Policy

It bears mentioning when one of the world’s most famous brands releases one of the world’s most prominent and readable privacy policies. That’s just what Apple did this week, and the message to other brands is clear – privacy...more

Is it legal to ask for a social security number on an application?

Q. Our current job application asks for the applicant’s SSN. Is that legal? I feel it might not be a good idea with all the high-profile news of identity theft. Originally published in the Utah Legal Law Letter....more

What is reasonable? The emerging legalities of cybersecurity post-Wyndham

This month’s edition of the Advanced Cyber Security Center’s newletter includes my discussion of lessons to be learned from the Wyndham decision: Historically, security was an issue reserved in a back room for the IT...more

SEC Announces First Cybersecurity Enforcement Action Against an Investment Adviser for Failure to Protect Client Data

On September 22, 2015, the Securities and Exchange Commission (SEC) announced its first cybersecurity-related enforcement action against an investment adviser for failure to protect customer records and information. According...more

The SEC OCIE Announces Increased Scrutiny of Broker-Dealers’ and Investment Advisers’ Cybersecurity Programs

On September 15, 2015, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a National Exam Program Risk Alert (2015 Risk Alert) to provide broker-dealers and investment...more

Advocate General Of ECJ Rules EU Data Protection Authorities Can Investigate Complaints About Safe Harbor Programme

Data transfers can be suspended until investigation is complete. In Maximillian Schrems v. Data Protection Commissioner (case C-362/14), the Advocate General ruled that EU data protection authorities do have powers to...more

Advertising Law - September 2015 #2

FTC Reviews Kids’ Apps for Privacy Progress - Three years after conducting a survey on apps directed to children, the Federal Trade Commission’s Office of Technology Research and Investigation decided to check back with...more

Delaware Enacts Package of Internet Data Laws

Joining the collection of states with online privacy laws, Delaware has enacted a package of statutes governing the collection, storage and use of the personal information of Delaware residents by websites, Internet and cloud...more

Weekly Privacy Tip#2 – Protecting your (and your employees’ and customers’) Social Security numbers

Social Security numbers are one of the highest risk data elements known to mankind. A Social Security number in combination with a name and date of birth (which are publicly accessible) in the hands of a bad person can...more

Automakers receive request for information letters about vehicle-to-vehicle communications’ privacy

This week, Senator Ed Markey and Senator Richard Blumenthal sent letters to 18 automakers requesting an update on vehicle-to-vehicle communications’ (V2V) privacy and security. The Senators are seeking information on each...more

Huge fine of nearly U.S. $2 million levied on Mexican bank after data breach

In early September, Mexico’s data protection authority, the National Transparency, Information Access and Data Protection Institute (INAI), issued a fine of 32 million pesos (U.S. $1.95 million) to Mexican bank Grupo...more

SEC Releases First Cybersecurity Enforcement Action for Failure to Protect Client Data

The SEC’s focus in the action was not on the manner of the firm’s responses to the breach or whether there was any actual harm, but predominantly on the adequacy of the firm’s written policies for safeguarding customer...more

Just Like Neiman Case, FTC v. Wyndham Decision Not All It’s Cracked Up to Be

Back on July 20 this year, the Seventh Circuit Court of Appeals decided Remijas v. Neiman Marcus, leading a chorus of pundits to declare that case changed everything when it comes to data breach cases, signaling a “new tilt...more

Don’t Wait for It; Recent HIPAA Enforcement Action Signal More to Come in Phase 2 Audits

Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called “Phase 2 Audits” are set to commence...more

Blog: The Importance of Online Agreements on UK Websites

The Terms of Use Agreement (“TOU”) and the Privacy Policy found on most websites govern the relationship between the website operator and all of its customers. Although it may be tempting to copy and use online agreements...more

Advertising Law - September 2015

Third Circuit Affirms FTC's Power to Regulate Data Security Practices - Affirming the power of the Federal Trade Commission to regulate corporate cybersecurity, the Third Circuit Court of Appeals held that the agency may...more

FTC to Host Privacy and Security Event

On August 28, the FTC announced that it will hold a public event, PrivacyCon, to examine current research and trends in protecting consumer privacy and security. Several “whitehat” researchers, academics, industry...more

NLRB Extends Its Email Rule to the Health Care Workplace

The National Labor Relations Board (Board) continues its scrutiny of employer policies—this time striking down an email policy designed to ensure that health care employees provide patient care without distraction. UPMC, 362...more

UCLA cleared in lawsuit alleging breach as to sexually transmitted disease information

UCLA was absolved by a California judge last week in a suit filed by a patient of a UCLA affiliated doctor’s group, who alleged that a temporary worker in the doctor’s office used the doctor’s username and password to get...more

Third Circuit to Wyndham (Part II): "Deceptive" is also "Unfair" in the Cybersecurity Context

In Part I, we discussed the Third Circuit's finding that the "unfair" prong of the FTC Act does not require the agency to provide specific cybersecurity standards with "ascertainable certainty" to which companies must...more

Time for a HIPAA Security Check-Up!

The 2015 HIPAA Security conference held by the National Institute of Standards and Technology (“NIST”) and the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) kicked off last week with OCR’s...more

Are Your Directors Talking Enough About Privacy and Data Security?

The number of companies suffering data breaches, and the average cost associated with each incident, continues to rise. According to the Ponemon Institute’s 2014 Cost of Data Breach Study: Global Analysis, the average...more

498 Results
View per page
Page: of 20

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.