Until recently, individuals whose information was compromised as a result of a company suffering a data breach faced an uphill battle when suing the company in a class action lawsuit. Far more often than not, Courts dismissed the lawsuits or entered summary judgment in favor of defendants on grounds that the plaintiffs could not establish… Continue Reading
Category Archives: Data Privacy
Subscribe to Data Privacy RSS FeedWhat’s In Your Trash?
Posted in Data Privacy, Data Security, FTCHow does your company dispose of personally identifiable information (medical records, financial information, applications containing sensitive information, etc.) and other sensitive information when the information is no longer needed? Do you throw it in the trash can next to your desk? Where does it go after that? Is it securely shredded, or thrown into an… Continue Reading
Is Secrecy A Prerequisite For Privacy?
Posted in Data PrivacyIt can be easy in the data privacy and security sphere to focus significantly on best practices, changing statutes, new administrative investigations, and evolving industry standards. It is important, however, not to lose the forest for the trees by ignoring larger issues like “what criteria should we use to determine whether information is in fact… Continue Reading
Where’s Your Privacy Policy?
Posted in Data Privacy, FTCRegulators increasingly want to know what companies are telling consumers about how the companies are using information about their consumers. Companies that do not properly explain how they collect, store, and use their customers’ information are facing increased scrutiny. Nowhere is this increased scrutiny move evident than in the $22.5 million civil penalty that the… Continue Reading
Data Privacy – Is Your Business Ready For HB 300?
Posted in Data PrivacyOn September 1, 2012, a new law will go into effect in Texas that imposes new requirements on organizations that maintain protected heath information (PHI). The new legislation, HB 300, imposes even tighter standards than required by the federal Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical… Continue Reading
The FTC Fines Google $22.5 Million – Why Should Companies Care?
Posted in Data Privacy, FTCToday, the Federal Trade Commission levied a $22.5 million penalty against Google, the largest civil penalty by the FTC against a single defendant. Here is a copy of the Stipulated Order entered into between the FTC and Google. The penalty stems from an FTC Complaint alleging that Google violated “privacy promises” it agrees to as… Continue Reading
Why is the Countrywide data breach lawsuit dismissal important?
Posted in Data Breach, Data Security, LawsuitsAnother court has weighed in on the issue of what constitutes a cognizable injury in a data breach case. In a lengthy opinion, the U.S. District Court for the Western District of Kentucky in Holmes v. Countrywide Financial Corp. dismissed a lawsuit against Countrywide by plaintiffs who claimed that their personal information had been compromised… Continue Reading
Video Interview: Discussing the LinkedIn Data Breach Class Action Suit with LXBN TV
Posted in Data Breach, Data Security, LawsuitsFollowing my post on the subject last week, I had the chance to speak with Colin O’Keefe of LXBN regarding the class action suit filed against LinkedIn following their recent high-profile data breach. In the brief interview, I explain the background of the case, what damages the plaintiffs are alleging and why it’s too early… Continue Reading
Should Companies Be Allowed To Ask Their Employees For Their Social Media Passwords?
Posted in Data Privacy, Social mediaTom Barnett, Managing Director and eDiscovery Practice Leader for Stroz Friedberg, has written an article entitled “What Happens on Facebook Stays on Facebook”. The article provides a good overview of legislation passed recently by the Maryland legislature, which prohibits an employer or prospective employer from asking their employees or prospective employees for their social media… Continue Reading
FTC Action – Companies Must Guard Against Software That Threatens Private Information
Posted in Data Privacy, Data Security, FTCFlying “under the radar” this week as a result of the high profile LinkedIn data breach, was news that the Federal Trade Commission charged two businesses with illegally exposing the sensitive personal information of consumers by allowing peer-to-peer (P2P) file-sharing software to be installed on their corporate computer systems. P2P software is commonly used to… Continue Reading
Federal Data Breach Notification Laws
Posted in Data Breach, Data Breach, Data SecurityThe title of this blog entry is somewhat of a misnomer because there is no single national data breach notification law that governs all information the same way as the state data breach notification laws do. So, for the time being, companies and consumers are forced to determine which state data breach notification laws apply… Continue Reading
State Data Breach Notification Laws
Posted in Data Breach, Data Breach, Data SecurityIn 2005, a company called ChoicePoint, which collected personal and financial information for millions of consumers, was the victim of a security breach. Criminals stole from ChoicePoint personal information for more than 145,000 individuals. The floodgates opened and a variety of other corporations and organizations revealed similar data breaches that had resulted in unauthorized access… Continue Reading
Video Interview: Discussing the Global Payments Inc. Data Breach with LXBN TV
Posted in Data Breach, Data Breach, Data SecurityYesterday I had the opportunity to speak with Colin O’Keefe of LXBN TV regarding the recent major data breach involving Global Payments Inc. In the interview, I explain the background of the breach, which impacted all major credit cards, the lessons companies can learn from the breach and exactly who bears the burden—financially and otherwise—of… Continue Reading
Hacking the “Middle Man”
Posted in Data Breach, Data Breach, Data SecurityAnother massive high profile data breach was in the news this past week. MasterCard, Visa, American Express, and Discover, as well as other banks and franchises were affected. Significantly, the breadth of the effect was not a result of separate attacks against each bank, but rather a hacking of one common third-party service provider—Global Payments… Continue Reading
Foreign Economic Cyber-Espionage (Part 3)
Posted in Data Breach, Data SecurityThis final blog entry in the series about economic cyber-espionage focuses on what, if anything, the government can do and is doing to limit cyber attacks that result in the theft of billions dollars worth of intellectual property and confidential proprietary information. The issue of cyber-espionage is receiving attention from the highest levels of government. … Continue Reading
Private Civil Lawsuits Arising From Data Breaches
Posted in Data Breach, Data Breach, Data SecurityThe U.S. Circuit Court of Appeals for the First Circuit recently weighed in on the causes of action and damages that are (and are not) cognizable in a data breach case. In Anderson v. Hannaford Bros. Co., No 10-2384 (1st Cir. Oct. 20, 2011), the plaintiffs were customers of a grocery store chain. The grocery… Continue Reading
Subscribe to this blog via RSS
View Al's Linkedin Profile