Data Security Law Journal Focusing on legal trends in data security, cloud computing, data privacy, and anything E

Category Archives: Data Privacy

Subscribe to Data Privacy RSS Feed

What’s The Next Wave of Privacy Litigation? “Failure to Match”

Posted in Being Proactive, Data Privacy, Lawsuits

A client recently asked me to identify the next wave of data privacy litigation.  I said that with so much attention on lawsuits arising from data breaches, particularly in light of some recent successes for the plaintiffs in those lawsuits, the way in which companies collect information and disclose what they are collecting is flying… Continue Reading

Healthcare Organizations Take It On The Chin

Posted in Data Breach, Data Breach, Data Privacy, Data Security, FTC, Health Care Industry, Lawsuits

If you have noticed an increasing number of high profile problems for healthcare organizations with respect to privacy and security issues these last few weeks you’re not alone.  The issues have ranged from employee misuse of protected health information, web-based breaches, photocopier breaches, and theft of stolen computers that compromised millions of records containing unsecured… Continue Reading

Law Firms: How Are You Securing Your Clients’ Information?

Posted in All Things E, Data Privacy, Data Security, Vendor Management

What are law firms doing to protect their clients’ sensitive information?  What are clients doing to determine whether their outside counsel are using reasonable security measures to protect their sensitive information (confidential communication, customer data, financial information, protected health information, intellectual property, etc.)? According to the data forensic firm Mandiant, at least 80 major law… Continue Reading

Texas’s Data Privacy Training Laws Change (Again)

Posted in Data Privacy, Data Security, Health Care Industry

In August of last year, I wrote about HB 300, a Texas law that, beginning September 1, 2012, created employee training and other requirements for any company doing business in Texas that collects, uses, stores, transmits, or comes into possession of protected health information (PHI).  The law’s training provisions required covered entities to train their… Continue Reading

U.S. Senate Considers Federal Data Security Legislation

Posted in Data Breach, Data Breach, Data Privacy, Data Security

Legislation was introduced in the U.S. Senate late last week that, if passed, would create proactive and reactive requirements for companies that maintain personal information about U.S. citizens and residents.  The legislation, titled the “Data Security and Breach Notification Act of 2013” (s. 1193) creates two overarching obligations:  to secure personal information and to notify… Continue Reading

Data Breach Lawsuits – Revisiting the Risks

Posted in Data Breach, Data Breach, Data Privacy, Data Security, Lawsuits

Until recently, individuals whose information was compromised as a result of a company suffering a data breach faced an uphill battle when suing the company in a class action lawsuit.  Far more often than not, Courts dismissed the lawsuits or entered summary judgment in favor of defendants on grounds that the plaintiffs could not establish… Continue Reading

What’s In Your Trash?

Posted in Data Privacy, Data Security, FTC

How does your company dispose of personally identifiable information (medical records, financial information, applications containing sensitive information, etc.) and other sensitive information when the information is no longer needed?  Do you throw it in the trash can next to your desk?  Where does it go after that? Is it securely shredded, or thrown into an… Continue Reading

Is Secrecy A Prerequisite For Privacy?

Posted in Data Privacy

It can be easy in the data privacy and security sphere to focus significantly on best practices, changing statutes, new administrative investigations, and evolving industry standards.  It is important, however, not to lose the forest for the trees by ignoring larger issues like “what criteria should we use to determine whether information is in fact… Continue Reading

Where’s Your Privacy Policy?

Posted in Data Privacy, FTC

Regulators increasingly want to know what companies are telling consumers about how the companies are using information about their consumers.  Companies that do not properly explain how they collect, store, and use their customers’ information are facing increased scrutiny.  Nowhere is this increased scrutiny move evident than in the $22.5 million civil penalty that the… Continue Reading

Data Privacy – Is Your Business Ready For HB 300?

Posted in Data Privacy

On September 1, 2012, a new law will go into effect in Texas that imposes new requirements on organizations that maintain protected heath information (PHI).  The new legislation, HB 300, imposes even tighter standards than required by the federal Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical… Continue Reading

Why is the Countrywide data breach lawsuit dismissal important?

Posted in Data Breach, Data Security, Lawsuits

Another court has weighed in on the issue of what constitutes a cognizable injury in a data breach case. In a lengthy opinion, the U.S. District Court for the Western District of Kentucky in Holmes v. Countrywide Financial Corp. dismissed a lawsuit against Countrywide by plaintiffs who claimed that their personal information had been compromised… Continue Reading

Video Interview: Discussing the LinkedIn Data Breach Class Action Suit with LXBN TV

Posted in Data Breach, Data Security, Lawsuits

Following my post on the subject last week, I had the chance to speak with Colin O’Keefe of LXBN regarding the class action suit filed against LinkedIn following their recent high-profile data breach. In the brief interview, I explain the background of the case, what damages the plaintiffs are alleging and why it’s too early… Continue Reading

Should Companies Be Allowed To Ask Their Employees For Their Social Media Passwords?

Posted in Data Privacy, Social media

Tom Barnett, Managing Director and eDiscovery Practice Leader for Stroz Friedberg, has written an article entitled “What Happens on Facebook Stays on Facebook”.  The article provides a good overview of legislation passed recently by the Maryland legislature, which prohibits an employer or prospective employer from asking their employees or prospective employees for their social media… Continue Reading

FTC Action – Companies Must Guard Against Software That Threatens Private Information

Posted in Data Privacy, Data Security, FTC

Flying “under the radar” this week as a result of the high profile LinkedIn data breach, was news that the Federal Trade Commission charged two businesses with illegally exposing the sensitive personal information of consumers by allowing peer-to-peer (P2P) file-sharing software to be installed on their corporate computer systems.  P2P software is commonly used to… Continue Reading

State Data Breach Notification Laws

Posted in Data Breach, Data Breach, Data Security

In 2005, a company called ChoicePoint, which collected personal and financial information for millions of consumers, was the victim of a security breach.  Criminals stole from ChoicePoint personal information for more than 145,000 individuals.  The floodgates opened and a variety of other corporations and organizations revealed similar data breaches that had resulted in unauthorized access… Continue Reading

Video Interview: Discussing the Global Payments Inc. Data Breach with LXBN TV

Posted in Data Breach, Data Breach, Data Security

Yesterday I had the opportunity to speak with Colin O’Keefe of LXBN TV regarding the recent major data breach involving Global Payments Inc. In the interview, I explain the background of the breach, which impacted all major credit cards, the lessons companies can learn from the breach and exactly who bears the burden—financially and otherwise—of… Continue Reading

Hacking the “Middle Man”

Posted in Data Breach, Data Breach, Data Security

Another massive high profile data breach was in the news this past week. MasterCard, Visa, American Express, and Discover, as well as other banks and franchises were affected.  Significantly, the breadth of the effect was not a result of separate attacks against each bank, but rather a hacking of one common third-party service provider—Global Payments… Continue Reading

Foreign Economic Cyber-Espionage (Part 3)

Posted in Data Breach, Data Security

This final blog entry in the series about economic cyber-espionage focuses on what, if anything, the government can do and is doing to limit cyber attacks that result in the theft of billions dollars worth of intellectual property and confidential proprietary information. The issue of cyber-espionage is receiving attention from the highest levels of government. … Continue Reading