Security and Privacy Controls

News & Analysis as of

HHS Releases Guidance on Privacy and Security Audits and Ransomware

If your organization operates in the healthcare industry, particularly if it qualifies as a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA), you may have noticed the...more

Heads of the FTC Push Back on Chief Administrative Law Judge and Find Consumer Harm in LabMD Data Leak

On July 29, 2016, the three Federal Trade Commission (“FTC”) commissioners vacated their chief administrative law judge’s bold decision to dismiss the agency’s action against a medical testing lab, LabMD, In the Matter of...more

Federal Trade Commission Holds Medical Laboratory Liable for Allegedly Unfair Data Security Practices

On July 29, the Federal Trade Commission (“FTC” or “Commission”) issued a unanimous Opinion and Final Order reversing the FTC Administrative Law Judge (“ALJ”) Initial Opinion issued November 13, 2015, which had dismissed the...more

LabMD Opinion Reverses ALJ Decision; Articulates Standard for “Substantial Injury” Under the Unfairness Prong of the FTC Act for...

In a widely anticipated move, the Federal Trade Commission (FTC) has overruled a decision by its own Administrative Law Judge (ALJ) that had dismissed a case against a medical testing laboratory accused of unreasonable data...more

No Harm, Yes Foul: FTC Rules Risk of Consumer Harm Sufficient to Find LabMD Liable for Security Breach.

In a unanimous decision published Friday, July 28, attached here, the Federal Trade Commission (FTC) overruled an administrative law judge and found that a medical testing company’s lack of security measures violated federal...more

Three Tips to Verify the Security of Your E-Discovery Software

SOC 2® Type 2 Certification and Zapproved–Building Trust and Confidence that Your Data is Secure - Today in e-discovery, it should be no surprise that cyber security is a rising concern among corporate leaders and that...more

Business Associates of HIPAA Covered Entities Beware!

If your organization is a business associate of a HIPAA covered entity (such as a health care provider or employee health benefit plan), you should know that the Department of Health and Human Services' Office of Civil Rights...more

"Data Privacy Protection and Cybersecurity: A Business and Legal Primer"

The news regularly reports on data breaches and cybersecurity. While we read about the biggest breaches – Home Depot, Target, Anthem, JP Morgan, Wyndham – probably every business has been hacked and will be hacked again. ...more

Lessons from LinkedIn: Privacy and Data Security Representations in the M&A Context

Microsoft’s blockbuster acquisition of LinkedIn earlier this month—a deal where concerns for privacy and data security loomed large—provides a glimpse into the growing trend of including separate privacy and data security...more

District Court Ruling in FTC v. Amazon Carries Implications for Data Security Breach Cases

Since the outset of its controversial foray into the data security space, the Federal Trade Commission (“FTC” or “Commission”) has cited its statutory power to seek injunctive relief as a basis for bringing actions against...more

The ICO: A force to be reckoned with

From recent prosecutions it seems that the Information Commissioner's Office (ICO) is a body to be taken seriously. Not only has it continued to bring enforcement action against organisations for data protection breaches, it...more

Drone experts say human and machine should be treated the same when it comes to privacy and security

Last week I attended the International Conference on Unmanned Aircraft Systems (ICUAS) in Arlington, Virginia. An “Ethics and Engineering” panel set forth some interesting questions for those individuals and businesses...more

CFPB Brings First Data Security Enforcement Action

The Consumer Financial Protection Bureau (CFPB) recently brought its first data security enforcement action, adding itself to the growing list of federal regulators tackling data security issues. The CFPB’s enforcement action...more

Phishing: Data Breach Is “Chalkdust Torture”

Seyfarth Synopsis: Hernandez v. Sprouts Farmers Market, Inc., a case stemming from a phishing scam, emphasizes the need for California employers to implement comprehensive data protection and data breach notification policies...more

Business Litigation Alert: "The Panama Papers: Implications for Business"

The recent press around the "Panama Papers" leads to some serious considerations for businesses that engage outside counsel. As many of you know, the story centers on the leak of 11.5 million internal documents from the...more

Data Privacy Due Diligence: Questions to Consider in a Merger or Acquisition

The FTC can hold an acquirer responsible for the bad data security and privacy practices of a company that they acquire. Evaluating a potential target’s data privacy and security practices, however, can be daunting and...more

Key Data Privacy and Security Concerns for Investment Firms

Privacy and data security concerns are among the most critical issues facing investment funds, advisors and managers (collectively, “investment firms”). This article outlines the privacy and data security challenges...more

SEC Brings Enforcement Action Against a Broker-Dealer for Weak Cybersecurity Controls

On April 12, 2016, the U.S. Securities and Exchange Commission (“SEC”) continued its enforcement of reasonable cybersecurity controls, announcing cease and desist proceedings against a broker-dealer and two of its principals...more

2016 Mobile Data Privacy and Security Update and 2015 Review

To say that mobile device usage has reached a tipping point would be an understatement. There are now more mobile devices than people in the world, a staggering 7.9 billion mobile devices for 7.4 billion people on Earth. In...more

Healthcare Industry Sees Increase in Malware Attacks

In the last couple of weeks, numerous large health organizations, including hospitals, have been the target of malware attacks. Last night, MedStar, which operates ten hospitals in Washington, D.C. and Maryland was hit with...more

Privacy & Data Security Advisory: Even More EU Data Regulation: The Network Information Security Directive

While most of the attention in the EU data landscape in late 2015 and early 2016 was focused on the Schrems decision, negotiations regarding the EU-U.S. Privacy Shield and passage of the General Data Protection Regulation...more

Hotels, Hospitality and Guest Privacy: Six Important Questions to Ask After the Andrews Verdict

Earlier this month, a Nashville jury awarded sportscaster Erin Andrews $55 million after she sued the companies that franchise, own and operate a hotel, alleging that the hotel improperly gave her private information to...more

FTC Settles with Manufacturer of Home Network Routers over Alleged Data Security Flaws

On February 23, 2016, the Federal Trade Commission (FTC) announced a settlement with computer hardware maker ASUSTeK Computer, Inc. (ASUS).1 The ASUS settlement highlights the FTC’s position regarding security in the...more

Hackers Target Hyatt Hotels in Data Breach Affecting 250 Hotels in 50 Countries

On December 23, 2015, Hyatt Hotels (Hyatt) reported that it was investigating cyberattacks that caused data breaches at its properties from August 13 to December 8, 2015. The investigation has revealed that hackers infected...more

Director Cybersecurity Risk Oversight and Actions

This article begins by providing an overview of the duty of directors to oversee risk, including cybersecurity risk, in the cyberattack context and then outlines actions that board of directors are taking as reported by...more

132 Results
|
View per page
Page: of 6
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×