Security and Privacy Controls

News & Analysis as of

Director Cybersecurity Risk Oversight and Actions

This article begins by providing an overview of the duty of directors to oversee risk, including cybersecurity risk, in the cyberattack context and then outlines actions that board of directors are taking as reported by...more

RBAC – Is it implemented in your organization?

Traditionally it was very common for organizations to adopt an optimistic security model. Give everyone access to everything unless specifically denied access to sensitive areas, like HR or Finance. While this approach is...more

Phishing for Christmas

As the Wall Street Journal noted yesterday, banks are being deluged with phishing attacks. These attacks are especially fierce around the holiday season, when more personnel are absent and normal procedures are ignored or...more

Online Trust Alliance releases smart device privacy + security checklist for consumers

Here’s a question: do you review each smart device’s policies and terms before you purchase the device? Probably not. However, when you pick out or receive a smart device, you really need to be aware of the privacy and...more

When Do Data Security Breaches Cause Substantial Consumer Harm? Lessons from the LabMD FTC Complaint Dismissal

On November 19, 2015, an Administrative Law Judge (the “ALJ”) at the Federal Trade Commission (“FTC”) dismissed the FTC’s 2013 complaint against LabMD, a clinical testing laboratory, stating that the FTC failed to demonstrate...more

LabMD Successfully Challenges FTC’s Cyber Authority

On November 13, 2015, the Federal Trade Commission’s Chief Administrative Law Judge, D. Michael Chappell, issued an Initial Decision dismissing the FTC’s cyber security lawsuit against LabMD, Inc. This is the first time that...more

The WSGR Data Advisor - November 2015

The last two months certainly have been eventful in the world of privacy. In this issue of The WSGR Data Advisor, we examine the Court of Justice of the European Union’s recent and highly significant Schrems decision that...more

How to prevent data theft from lost devices

Technology can be a blessing and a curse for attorneys. While technology enables attorneys to be able to conduct business on the go, it also puts client and firm data at risk. In the United States, someone loses a cellphone...more

FTC Administrative Law Judge Issues Initial Decision in LabMD Matter

In a stunning victory, an administrative law judge has recommended the dismissal of a long-pending US Federal Trade Commission (FTC) complaint against LabMD, Inc. (LabMD). In a strongly worded opinion in a case that had...more

FCC Fines Cable Operator Following Data Breach Investigation

The FCC has been flexing its muscles in 2015 when it comes to enforcing data security requirements. In April, it reached a $25 million settlement with AT&T Services, Inc. for failing to safeguard customers’ personal...more

"Intellectual Property and Technology News (Asia Pacific) - November 2015

Welcome to the latest Asia Pacific Edition of Intellectual Property and Technology News, our biannual publication designed to report on worldwide developments in intellectual property and technology law, offering perspective,...more

Senate passes Cybersecurity Information Sharing Act

After a long delay, with a vote of 74 to 21, the United States Senate passed the Cybersecurity Information Sharing Act (CISA) on October 27, 2015. The bill has been touted as being controversial and is opposed by...more

OCR Announces HIPAA Security Settlement with Cancer Care Group, P.C.

In September, 2015, OCR and HHS issued a press release announcing a Resolution Agreement with the Cancer Care Group, P.C., which included entry into the agreement, the adoption of a robust compliance plan, and the payment of...more

California Does It Again – Data Breach Notification Requirements

California adopted the first breach notification statute in the nation, and prides itself at being in the forefront of consumer privacy and security issues. On October 6, 2015, for the third time in the past three years,...more

There’s a New (Cybersecurity) Sheriff in Town: FTC vs. Wyndham

On August 24, 2015, the Third Circuit United States Court of Appeals issued its ruling in Federal Trade Commission v. Wyndham Worldwide Corporation. The case was highly anticipated by the data security community generally for...more

Everybody’s Talkin’ At Me: 5 Things Clients Should Be Talking About

E-discovery is complex, even for the most sophisticated corporations. A wrong turn or inadvertent misstep can send the case spiraling down quickly, not to mention what it can do to your budget. Here’s what we believe clients...more

Smart-TV now regulated under new California law

Californians are now protected from smart-TV eavesdropping under new law, Assembly Bill 1116, which requires that smart-TV manufacturers ensure that voice-recognition features will not be enabled without consumer consent, and...more

Pennsylvania Federal Court Finds Standing in Data Breach Class Action

The debate over standing in data breach litigation is gaining more attention lately. While many courts have hesitated to find standing prior to lost personally identifiable information (PII) actually being misused, the U.S....more

SEC Fines Investment Firm $75,000 for Failing to Adopt Written Cybersecurity Policies and Procedures

Investment firm R.T. Jones Capital Equities Management (R.T. Jones) has agreed to settle with the Securities and Exchange Commission (SEC) and pay a $75,000 penalty over charges that it failed to adopt written policies and...more

OCR Launches Interactive HIPAA Site for Mobile Health App Developers

On October 5, 2015, the Office for Civil Rights (OCR) announced the launch of a new platform for mobile health (mHealth) developers and others interested in the intersection of health information technology and HIPAA privacy...more

SEC Settles Charges Against Investment Firm that Failed to Adopt Cybersecurity Policies Before Data Breach

Recently, the SEC announced that R.T. Jones Capital Equities Management, a St. Louis-based investment adviser, agreed to settle charges that it failed to establish the required cybersecurity policies and procedures before a...more

OCIE Issues Cybersecurity Risk Alert and Exam Plans; Follows Up with Enforcement Action

The Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) recently released a Risk Alert containing its plan for a second round of cybersecurity examinations of registered...more

What's So Great About an Information Security Policy?

Lawyers and compliance professionals constantly tout the importance of internal information security policies, particularly in light of data privacy problems that are reported almost daily in the media. Admittedly, drafting...more

SEC Charges Investment Adviser with Failure to Adopt Proper Cybersecurity Policies and Procedures Prior to Cyberattack

On Tuesday, September 22, 2015, the SEC charged an investment adviser with failing to adopt a written policy and procedure reasonably designed to safeguard customer records and information. The charge spawned from a July 2013...more

SEC Enforcement Action Alleges an Adviser Failed to Adopt Adequate Cybersecurity Policies and Procedures; SEC Issues an Investor...

On September 22, 2015, the Securities and Exchange Commission (SEC) filed a settled administrative proceeding[1] alleging that a registered investment adviser failed to adopt cybersecurity procedures in violation of an SEC...more

115 Results
|
View per page
Page: of 5

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×