Personally Identifiable Information

News & Analysis as of

ECJ Decision on Safe Harbor Framework Could Have Far Reaching Implications

A landmark decision is expected on Tuesday by the European Court of Justice (“ECJ”) on the validity of the EU-US Safe Harbor Framework as an adequacy mechanism for European companies to transfer personal information to U.S....more

"Phantom" Debt Collectors Actually Sued by FTC, Banned From Business

Why it matters - The operators of a scam that processed more than $5.2 million in payments from consumers for payday loans that were not owed to the operators are now banned from the debt collection business, the Federal...more

Safe Harbor Invalidated – What’s Next on the Chopping Block?

As I reported earlier today, the Court of Justice of the EU (ECJ) has declared Safe Harbor invalid. The full decision is now available online in English (other languages also available at by searching on...more

EU Top Court’s Safe Harbor Decision Invalidates Safe Harbor and Sends Facebook Case Back to Irish Data Protection Authority

The initial reports of the ECJ’s decision in the Schrems Safe Harbor case (C-362/14) indicate that the Court of Justice of the EU has declared Safe Harbor invalid and sent the case back to the Irish Data Protection Authority...more

EU U.S. Data Protection: The Safe Harbor Framework Under Attack

As a reaction to recent disclosures and revelations about the data collection and surveillance by the US government, the Safe Harbor permitting the transfer of personal information from the EU to the US is under attack, and...more

Security Breach at Experian Exposes Personal Data of 15 Million T-Mobile Customers and Prospective Customers

On October 1, 2015, Experian, the world’s largest consumer credit monitoring firm, announced that an unauthorized party (i.e., hacker) had gained access to the personal data of approximately 15 million customers and...more

Is the Safe Harbor Framework Still Safe?

On October 6, 2015, the European Court of Justice (ECJ) will issue its decision in Schrems v. Data Protection Commissioner, Case C-362/14, which may invalidate the U.S.-EU Safe Harbor Framework. The Safe Harbor Framework...more

FTC Gives Words of Warning to the Wise

The Federal Trade Commission has issued new guidance on data security to help businesses that collect, store and use consumer information to stay out of hot water with the agency. Gleaned from the more than 50...more

The Legacy of the RadioShack Bankruptcy and the Importance of PII

Customer information has become an increasingly valuable business asset. And, the volume and detail of other available information about consumers has increased along with it, well beyond mere customer names and addresses to...more

Indonesia publishes data protection rule aimed at government agencies

On 14 July 2015, the Indonesian government published the Draft Regulation of the Minister of Communication and Information (RPM) of the Protection of Personal Data in Electronic Systems (‘Draft Regulation’). Pursuant to...more

Systema Software exposes information of 1.5 million on Amazon Web Service

Systema Software, which provides software solutions for claims management, is investigating a breach (although it was discovered, accessed and confirmed by an independent third party) involving information of 1.5 million...more

Comment period extended for NIST Cybersecurity Practice Guide

The National Institute of Standards and Technology has announced that due to stakeholder feed-back, the period to submit comments for the draft guide, “Securing Electronic Health Records on Mobile Devices” has been extended...more

SEC Settles Charges Against Investment Firm that Failed to Adopt Cybersecurity Policies Before Data Breach

Recently, the SEC announced that R.T. Jones Capital Equities Management, a St. Louis-based investment adviser, agreed to settle charges that it failed to establish the required cybersecurity policies and procedures before a...more

Retail Industry EMV Compliance Deadline Arrives Today - Credit Card Fraud Liability Shifts

Starting today, October 1, 2015, a substantial portion of the liability associated with in-store fraudulent credit card purchases shifts from credit card issuers, such as banks or credit unions, to retail merchants. Credit...more

SEC brings first cybersecurity-related enforcement action

The Securities and Exchange Commission (“SEC”) recently settled its first cybersecurity-related enforcement action against a Missouri based registered investment adviser, R.T. Jones Capital Equities Management, Inc. (the ...more

Boston’s MBTA joins the bluetooth beacon bus –it will now track the movement of its riders

If you don’t think you are being tracked as you move around Target or Macy’s or even through a local museum, you must not have a smartphone. Many companies are now using beacons –or stationary devices that measure the...more

Cybersecurity + Law Enforcement: The Cutting Edge Symposium | Friday, OctobeWU Law | Bristol,r 16, 2015 R Rhode Island

Cybersecurity, encryption, and government surveillance are daily challenges for public officials, corporations, and lawyers. On October 16, the Roger Williams University School of Law will present Cybersecurity and Law...more

A Compilation of Enforcement and Non-Enforcement Actions

Non-Enforcement Cybersecurity Is At the Top of SEC Examination Concerns In a recent SEC “risk alert” for registered broker-dealers and investment advisers, the SEC’s Office of Compliance Inspections and Examinations (OCIE)...more

What is reasonable? The emerging legalities of cybersecurity post-Wyndham

This month’s edition of the Advanced Cyber Security Center’s newletter includes my discussion of lessons to be learned from the Wyndham decision: Historically, security was an issue reserved in a back room for the IT...more

SEC Announces First Cybersecurity Enforcement Action Against an Investment Adviser for Failure to Protect Client Data

On September 22, 2015, the Securities and Exchange Commission (SEC) announced its first cybersecurity-related enforcement action against an investment adviser for failure to protect customer records and information. According...more

Notifying Parties In Username/Password Breaches . . . It’s Not Just the Law

As we head into the end of 2015, state legislators across the country continue to strengthen, update and, in some instances, broaden the scope of their respective state data breach notification laws. Specifically, many...more

FTC Fines Can Add Salt to a Cybersecurity Wound

Cyberattacks are on the rise—so much that we seem to hear about a high-profile hack more often than it probably rains in most parts of California. Although reputational damage from a cyberattack can be scarring, a recent U.S....more

Status Updates: Court nixes VPPA claim; lawyer suspended over blog posts; Facebook ‘unfriending’ cited in bullying decision

Tale of the tape. The Video Privacy Protection Act (VPPA), which requires video service providers to destroy personally identifiable information after a specified time, doesn’t provide a private right of action for plaintiffs...more

The Legal Lessons of Data Breaches

Every business would love to find a fortune teller to give it insight into what trends to follow, which risks to take, and when “exposure” will convert to liability. Some clients might say that, unfortunately, their lawyers...more

SEC Penalizes Investment Adviser over Inadequate Cyber-Risk Program Prior to Data Breach

On September 22, the SEC ordered a Missouri-based investment adviser to pay a $75,000 penalty, settling allegations that the investment adviser failed to implement required written cybersecurity policies and procedures prior...more

1,027 Results
View per page
Page: of 42

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.