The International Association of Privacy Professionals held its annual Global Privacy Summit on April 4-5 in Washington, D.C. Here are some things we learned.
1. Generative Artificial Intelligence (“AI”) is Ubiquitous in the...more
4/13/2023
/ Artificial Intelligence ,
Corporate Governance ,
CPOs ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Information Technology ,
Internet ,
Machine Learning ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management ,
Web Scraping
With the adoption of new technology, including the quick and unexpected shift to virtual learning because of the COVID-19 pandemic, K-12 institutions are at an increased risk of cyberattacks and threats thereof. The rise in...more
A data security incident will always require a technical response, and usually that technical response will come from outside experts. Those experts are hired to investigate and remediate an incident. Since data incidents...more
On April 21, 2021, the European Commission released a highly-anticipated proposal for a regulation governing artificial intelligence (AI). The proposal has been drafted by the Commission and its advisers, and plays a central...more
5/11/2021
/ Artificial Intelligence ,
Data Protection ,
Data Security ,
Enforcement ,
EU ,
European Commission ,
Facial Recognition Technology ,
Proposed Regulation ,
Registration Requirement ,
Regulatory Oversight ,
Transparency
What do businesses need to do to comply with privacy and data security laws? The first place to look is to relevant statutes. If you store or process the personal information of Massachusetts residents, then you will at...more
5/4/2020
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Enforcement ,
Equifax ,
Personal Information ,
Popular ,
Privacy Laws ,
State and Local Government ,
WISP
Shifting how businesses think about privacy.
Let’s stop thinking about privacy policies alone, and let’s start thinking about data governance plans.
For the ordinary business trying to generate revenue and minimize risk,...more
8/27/2019
/ Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Governance ,
Personal Data ,
Popular ,
Privacy Laws ,
Privacy Policy ,
Risk Management
Imagine this scenario: you’ve had a productive and mutually advantageous ongoing contractual relationship of several years with another party. You have built up quite a bit of trust over the years, and communicate regularly...more
4/29/2019
/ Best Practices ,
Corporate Liability ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybertheft ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Phishing Scams ,
Risk Mitigation ,
Wire Fraud ,
Wire Transfers
You probably are employed by an organization that has a website privacy policy. I am. That’s because most organizations process personal information through their websites in some way, such as through online forms that ask...more
4/10/2019
/ Best Practices ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Use Policies ,
Personal Data ,
Privacy Policy ,
Risk Assessment ,
Risk Mitigation ,
Websites
The long-anticipated decision in LabMD v. FTC has finally arrived. The 11th Circuit held that the FTC’s cease-and-desist order against LabMD is unenforceable...more
As we have noted before in this space, states have begun going through the process of amending their data breach notification laws. California, for example, recently amended its data breach notification statute to expand the...more
In Case You Missed It: In a sign of the growing importance of cyber operations in warfare, the Obama administration plans to elevate the status of the Pentagon’s Cyber Command. The U.S. Cyber Command, or USCYBERCOM, was...more
In Case You Missed It: The Federal Trade Commission issued an opinion in the LabMD case, overturning an ALJ’s November 2015 decision holding that the FTC failed to meet its burden to prove that LabMD’s data security...more
8/1/2016
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
Hackers ,
Hillary Clinton ,
LabMD ,
Political Campaigns ,
Section 5 ,
Unfair or Deceptive Trade Practices
In Case You Missed It: Ruling in FTC v. Amazon Suggests a Way Forward for Companies Responding to Actions Brought by the FTC after a Data Breach. The FTC’s recent actions in the realm of data security have been predicated on...more
7/6/2016
/ Administrative Authority ,
Amazon ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Security ,
Department of Homeland Security (DHS) ,
Federal Trade Commission (FTC) ,
Google ,
Invasion of Privacy ,
Viacom ,
VPPA
In Case You Missed It: Illinois strengthened its data privacy and security law, with the amendments going into effect in January 2017. The amendments include expanding the definition of “personal information” to include a...more
On December 9, 2015, Wyndham and the FTC settled the enforcement action brought by the FTC that had led to a significant decision by the Third Circuit in August of this year. While the details of the settlement are...more
The scaffolding of the FTC’s powers in the realm of cybersecurity continues to be built. On Monday, the FTC’s Chief Administrative Law Judge D. Michael Chappell issued an initial decision in the FTC’s closely watched...more
I had the pleasure of moderating an excellent panel at the Advanced Cyber Security Center’s annual conference on November 4. The panel’s topic for discussion was “What is Reasonable in Cybersecurity: Responsibility and...more
11/5/2015
/ Audits ,
Best Practices ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Training ,
Information Technology ,
Popular ,
Risk Management ,
Risk Mitigation
A timely new resource for business executives, technology professionals, and lawyers alike is the newly-published Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers from the New York...more
10/26/2015
/ Board of Directors ,
Corporate Officers ,
Crisis Management ,
Cyber Incident Reporting ,
Cyber Insurance ,
Cyber Threats ,
Cybersecurity ,
Data Breach Plans ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Directors ,
Employee Training ,
Information Technology ,
Personal Data ,
Popular ,
Risk Management ,
Risk Mitigation
The Cybersecurity and Information Sharing Act (S.754), or CISA, cleared an important hurdle on October 22, 2015 when the Senate voted 83-14 to end debate on several amendments to the bill. CISA creates a cyberthreat...more
Data breaches are crisis moments that business must prepare for in many ways: not just in taking steps at prevention, but also mitigating losses, arranging for business continuity, complying with legal and regulatory...more
10/19/2015
/ Business Continuity Plans ,
Crisis Management ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Privacy ,
Data Protection ,
Data Security ,
Loss Mitigation ,
Popular ,
Public Relations ,
Reputation Management
What makes data privacy law interesting for academics, challenging for lawyers, and frustrating for businesses its shape-shifting structure in the face of rapidly changing technology. The recent change in the invalidation of...more
10/19/2015
/ Administrative Authority ,
Breach Notification Rule ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
Federal Trade Commission (FTC) ,
FTC v Wyndham ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Popular ,
Unfair or Deceptive Trade Practices ,
US-EU Safe Harbor Framework ,
Wyndham
Data breaches are often followed by class action suits in which the affected individuals seek damages. Corporations defending against such suits have used a 2013 Supreme Court case, Clapper v. Amnesty International, 133 S....more
A key distinguishing feature of U.S. data privacy laws is their patchwork nature. There are industry-specific data privacy laws at the federal level (think HIPAA or the GLBA), yet there are no comprehensive federal standards...more
7/27/2015
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Data Security and Breach Notification Act of 2015 ,
Electronic Medical Records ,
Medical Records ,
Personally Identifiable Information ,
Privacy Legislation ,
Proposed Legislation ,
Uniformity