Last August, I wrote about a survey by Corporate Board Member and FTI Consulting, Inc., showing that data security was the top legal risk for corporate directors and general counsel. That same survey was taken again in 2013, and the results were released last week in a report entitled “Law in the Boardroom.” The gist… Continue Reading
Category Archives: Data Security
Subscribe to Data Security RSS FeedWhat Does A Cyber Attack Look Like?
Posted in All Things E, Data Breach, Data SecurityThe phrase “cyber attack” elicits thoughts of a compromised information system, a crashed computer network, or inappropriate access to sensitive electronic information. It doesn’t usually conjure up images of machinery setting on fire, and smoke emerging from a factory. Nevertheless, here is a video of an experimental cyber attack named Aurora, which took place on… Continue Reading
Data Breaches – Who is Causing Them, How, and What Can Companies Do About It?
Posted in Data Security, Surveys and studiesOne of the leading annual studies analyzing the causes of data breaches was released earlier today. The 2013 Verizon Data Breach Investigations Report analyzes what is causing data breaches, how the breaches are occurring, who are the hackers and the victims, and what trends can be gleaned from this information. The report has become a… Continue Reading
Data Breach Lawsuits – Revisiting the Risks
Posted in Data Breach, Data Breach, Data Privacy, Data Security, LawsuitsUntil recently, individuals whose information was compromised as a result of a company suffering a data breach faced an uphill battle when suing the company in a class action lawsuit. Far more often than not, Courts dismissed the lawsuits or entered summary judgment in favor of defendants on grounds that the plaintiffs could not establish… Continue Reading
The Cybersecurity Executive Order – Have Your Say!
Posted in Data SecurityOn February 12th, President Obama issued an Executive Order on Cybersecurity that seeks to improve critical infrastructure cybersecurity in the United States by encouraging sharing of important cybersecurity information between the government and owners and operators of critical infrastructure. “Critical infrastructure” means systems and assets so vital to the United States that the incapacity or… Continue Reading
Busy Day for Cybersecurity in D.C.
Posted in All Things E, Data SecurityI’m a big fan of Bloomberg West. Perhaps more so than almost any other television news program, it does a terrific job of providing both depth and breadth on issues that are important to the technology industry. Tonight’s report by Megan Hughes about breaking developments on the cybersecurity front today was no exception. Watch it here:… Continue Reading
New U.S. Supreme Court Decision Will Likely Impact Data Breach Litigation
Posted in Data Breach, Data Security, LawsuitsThe following Data Security Law Journal post was authored by Becky Schwartz, my law partner at Shook Hardy & Bacon. Becky is an experienced class action litigator who has developed a specialty in privacy litigation. In this post, Becky discusses a recent U.S. Supreme Court decision that may make it more difficult for consumers to… Continue Reading
Cyber Espionage — The Threat and The Response
Posted in Data Security, Surveys and studiesCyber attacks and cyber espionage have been the focus of media attention (again) lately. In addition to the news of Apple, Facebook, the New York Times, the Wall Street Journal, and Twitter all suffering cyber attacks, two important documents were released this past week. The first, a report by the data forensic investigation firm, Mandiant,… Continue Reading
The White House Issues Executive Order On Cybersecurity
Posted in Data SecurityYesterday, President Obama issued an Executive Order to improve critical infrastructure cybersecurity in the United States. The Order attempts to facilitate sharing of important information between the federal government and certain critical infrastructure in an effort to protect that infrastructure against cyber intrusions. The Order, which was formally announced and became effective during the President’s… Continue Reading
Identity Theft –Who Is A Victim?
Posted in Data Security, LawsuitsAre you a victim of identity theft when your personally identifiable information is stolen? Is the theft alone, and the risk that your information may be misused, sufficient? Does your information have to be misused in some fraudulent manner before you can be considered a victim? A federal appellate court recently weighed in on these… Continue Reading
What’s In Your Trash?
Posted in Data Privacy, Data Security, FTCHow does your company dispose of personally identifiable information (medical records, financial information, applications containing sensitive information, etc.) and other sensitive information when the information is no longer needed? Do you throw it in the trash can next to your desk? Where does it go after that? Is it securely shredded, or thrown into an… Continue Reading
The Southern District of Florida Weighs In On Data Breach Lawsuits
Posted in Data Breach, Data Security, LawsuitsLate last week, another Federal District Court (the Southern District of Florida) weighed in on the circumstances under which a plaintiff may sue a breached entity civilly for damages when the plaintiff’s personally identifiable information (PII) is inappropriately accessed or acquired. The Court allowed the case to proceed with counts for violation of Florida’s Unfair… Continue Reading
Congress asks the Fortune 500: “Where’s your cybersecurity plan?”
Posted in Data SecurityOn September 19th, U.S. Senator John Rockefeller, writing on behalf of the Senate’s Committee on Commerce, Science, and Transportation, sent a letter to the Fortune 500 Chief Executive Officers seeking information about their cybersecurity policies and their positions on certain cybersecurity issues. (Read the Committee’s press release here). The letter is a result of the Senate’s… Continue Reading
Private Lawsuits Arising From Data Breaches – The Eleventh Circuit Weighs In
Posted in Data Breach, Data Security, Health Care Industry, LawsuitsLast week, the United States Court of Appeals for the Eleventh Circuit decided Resnick v. AvMed, Inc., No. 11-13694 (11th Cir. Sep. 5, 2012). The Court’s opinion addresses some important issues regarding an individual’s right to bring a private lawsuit when her personally identifiable information or protected health information is compromised. In its decision, the… Continue Reading
The SEC Is Cracking Down on Companies That Do Not Disclose Cyber Incidents
Posted in Data Security, SECAs I wrote in a previous post, the Securities and Exchange Commission’s (SEC) Division of Corporation Finance issued a Disclosure Guidance on October 13, 2011, that states publicly traded companies may be obligated to disclose cyber incidents and the risk of cyber incidents, depending on the application of various factors. Now, according to a recent… Continue Reading
How Secure is the Health Care Industry?
Posted in Data Security, Health Care IndustryFor years, health care providers have worked hard to comply with the HIPAA Security Rule that requires implementation of administrative, technical, and physical safeguards to secure protected health information (PHI). This recent study by Jorge Rey and Tyler Quinn at Kaufman, Rossin & Co. analyzes data breaches reported to the U.S. Department of Health and… Continue Reading
Why Should Companies Care About Identity Theft?
Posted in Data SecurityCriminals are increasingly stealing tax refunds by obtaining personally identifiable information about individuals and using that information to file fraudulent tax refunds. The IRS identified $6.5 billion in identity-related tax refund fraud last year. CNN Presents recently investigated the crime and, as Randi Kaye explained in this news report, it is “one of the biggest,… Continue Reading
Data Security – Is Corporate America Finally Getting The Message?
Posted in Data Security, Surveys and studiesA recent survey of corporate general counsel and directors by Corporate Board Member and FTI Consulting, Inc., provides some eye-opening findings about the importance of data security to U.S. companies and the ability of those companies to respond to a data breach. On the one hand, the survey of approximately 13,400 corporate directors and general… Continue Reading
Why is the Countrywide data breach lawsuit dismissal important?
Posted in Data Breach, Data Security, LawsuitsAnother court has weighed in on the issue of what constitutes a cognizable injury in a data breach case. In a lengthy opinion, the U.S. District Court for the Western District of Kentucky in Holmes v. Countrywide Financial Corp. dismissed a lawsuit against Countrywide by plaintiffs who claimed that their personal information had been compromised… Continue Reading
How Secure Is Your Copy Machine?
Posted in Data Security, FTCDoes your organization use a photocopier? If so, what types of documents do you copy, fax, and email with it? Do those documents contain proprietary information or personal information of your consumers/employees? If so, then you should review a guide issued by the Federal Trade Commission, called “Copier Data Security: A Guide for Businesses.” The… Continue Reading
Video Interview: Discussing the LinkedIn Data Breach Class Action Suit with LXBN TV
Posted in Data Breach, Data Security, LawsuitsFollowing my post on the subject last week, I had the chance to speak with Colin O’Keefe of LXBN regarding the class action suit filed against LinkedIn following their recent high-profile data breach. In the brief interview, I explain the background of the case, what damages the plaintiffs are alleging and why it’s too early… Continue Reading
“The Disconnect” – Let’s Talk About It
Posted in Data SecurityAn interesting new study by CORE Security highlights a disconnect between the boardroom and the IT room in Corporate America with respect to how each view threats to IT infrastructure security. The study found that, “[m]ore than 60% of CISOs [Chief Information Security Officers] responding said that they are very concerned about their IT systems… Continue Reading
LinkedIn Sued Over Data Breach
Posted in Data Breach, Data Security, LawsuitsWell THAT didn’t take long! Less than 10 days after LinkedIn announced that it suffered a data breach of approximately 6.5 million user passwords, a class action lawsuit was filed against it in California federal court seeking in excess of $5 million. The lawsuit alleges that, contrary to its Privacy Policy, LinkedIn failed to comply… Continue Reading
FTC Action – Companies Must Guard Against Software That Threatens Private Information
Posted in Data Privacy, Data Security, FTCFlying “under the radar” this week as a result of the high profile LinkedIn data breach, was news that the Federal Trade Commission charged two businesses with illegally exposing the sensitive personal information of consumers by allowing peer-to-peer (P2P) file-sharing software to be installed on their corporate computer systems. P2P software is commonly used to… Continue Reading
Subscribe to this blog via RSS
View Al's Linkedin Profile