Data Security Law Journal Focusing on legal trends in data security, cloud computing, data privacy, and anything E

Category Archives: Data Security

Subscribe to Data Security RSS Feed

Why Every Business Should Care About Florida’s Information Protection Act

Posted in Breach Notification Statutes, Data Breach, Data Breach, Data Privacy, Data Security

My last post described what the recently passed Florida Information Protection Act (FIPA) will do.  This post analyzes how FIPA differs from Florida’s existing breach notification law and explains why those differences will hurt or help companies that maintain information about Florida residents.  Florida’s Governor must still sign the FIPA into law, but his signature… Continue Reading

Everything You Need To Know About Florida’s New Data Protection Law

Posted in Breach Notification Statutes, Data Breach, Data Privacy, Data Security

The Florida Legislature recently passed the Florida Information Protection Act of 2014 (FIPA).  This post describes the FIPA and analyzes the advantages and disadvantages to businesses governed by the new law.  The FIPA must still be signed by the Governor, but the law received unanimous support in the legislature, so his signature is expected.  Once… Continue Reading

$3,000,000 Settlement Reached in Data Breach Lawsuit

Posted in Data Breach, Data Security, Lawsuits

How much of a headache can a couple of stolen laptops cause your organization?  How about a $3 million headache??  That is the amount of a settlement proposed in an Unopposed Motion in Support of Preliminary Approval of Class Action Settlement in Resnick/Curry v. AvMed, Inc., No. 1:10-cv-24513-JLK (S.D. Fla.), a data breach lawsuit pending in the Southern District of… Continue Reading

Data Breach Lawsuits Settling in the Southern District of Florida

Posted in Data Breach, Data Security, Lawsuits

Plaintiffs in data breach lawsuits around the country have had a difficult time surviving motions to dismiss and for summary judgment.  A number of courts have rejected these lawsuits because they failed to allege or demonstrate cognizable injuries, standing, causation, and the requisite elements to withstand an economic loss rule defense.  It is dangerous, however,… Continue Reading

Healthcare Organizations Take It On The Chin

Posted in Data Breach, Data Breach, Data Privacy, Data Security, FTC, Health Care Industry, Lawsuits

If you have noticed an increasing number of high profile problems for healthcare organizations with respect to privacy and security issues these last few weeks you’re not alone.  The issues have ranged from employee misuse of protected health information, web-based breaches, photocopier breaches, and theft of stolen computers that compromised millions of records containing unsecured… Continue Reading

Law Firms: How Are You Securing Your Clients’ Information?

Posted in All Things E, Data Privacy, Data Security, Vendor Management

What are law firms doing to protect their clients’ sensitive information?  What are clients doing to determine whether their outside counsel are using reasonable security measures to protect their sensitive information (confidential communication, customer data, financial information, protected health information, intellectual property, etc.)? According to the data forensic firm Mandiant, at least 80 major law… Continue Reading

Texas’s Data Privacy Training Laws Change (Again)

Posted in Data Privacy, Data Security, Health Care Industry

In August of last year, I wrote about HB 300, a Texas law that, beginning September 1, 2012, created employee training and other requirements for any company doing business in Texas that collects, uses, stores, transmits, or comes into possession of protected health information (PHI).  The law’s training provisions required covered entities to train their… Continue Reading

U.S. Senate Considers Federal Data Security Legislation

Posted in Data Breach, Data Breach, Data Privacy, Data Security

Legislation was introduced in the U.S. Senate late last week that, if passed, would create proactive and reactive requirements for companies that maintain personal information about U.S. citizens and residents.  The legislation, titled the “Data Security and Breach Notification Act of 2013” (s. 1193) creates two overarching obligations:  to secure personal information and to notify… Continue Reading

The SEC’s Guidance on Cyber Risks and Incidents: A Deeper Dive

Posted in Data Security, SEC

In October 2011, the U.S. Securities and Exchange Commission’s Division of Corporation Finance issued “CF Disclosure Guidance: Topic No. 2”, which was a guidance intended to provide some clarity as to the material cyber risks that a publicly traded company should disclose.  I previously wrote about the guidance.  This blog post is the first of… Continue Reading

What Does A Cyber Attack Look Like?

Posted in All Things E, Data Breach, Data Security

The phrase “cyber attack” elicits thoughts of a compromised information system, a crashed computer network, or inappropriate access to sensitive electronic information.  It doesn’t usually conjure up images of machinery setting on fire, and smoke emerging from a factory.  Nevertheless, here is a video of an experimental cyber attack named Aurora, which took place on… Continue Reading

Data Breaches – Who is Causing Them, How, and What Can Companies Do About It?

Posted in Data Security, Surveys and studies

One of the leading annual studies analyzing the causes of data breaches was released earlier today.  The 2013 Verizon Data Breach Investigations Report analyzes what is causing data breaches, how the breaches are occurring, who are the hackers and the victims, and what trends can be gleaned from this information.  The report has become a… Continue Reading

Data Breach Lawsuits – Revisiting the Risks

Posted in Data Breach, Data Breach, Data Privacy, Data Security, Lawsuits

Until recently, individuals whose information was compromised as a result of a company suffering a data breach faced an uphill battle when suing the company in a class action lawsuit.  Far more often than not, Courts dismissed the lawsuits or entered summary judgment in favor of defendants on grounds that the plaintiffs could not establish… Continue Reading

The Cybersecurity Executive Order – Have Your Say!

Posted in Data Security

On February 12th, President Obama issued an Executive Order on Cybersecurity that seeks to improve critical infrastructure cybersecurity in the United States by encouraging sharing of important cybersecurity information between the government and owners and operators of critical infrastructure.  “Critical infrastructure” means systems and assets so vital to the United States that the incapacity or… Continue Reading

Busy Day for Cybersecurity in D.C.

Posted in All Things E, Data Security

I’m a big fan of Bloomberg West.  Perhaps more so than almost any other television news program, it does a terrific job of providing both depth and breadth on issues that are important to the technology industry.  Tonight’s report by Megan Hughes about breaking developments on the cybersecurity front today was no exception.  Watch it here:… Continue Reading

New U.S. Supreme Court Decision Will Likely Impact Data Breach Litigation

Posted in Data Breach, Data Security, Lawsuits

The following Data Security Law Journal post was authored by Becky Schwartz, my law partner at Shook Hardy & Bacon.  Becky is an experienced class action litigator who has developed a specialty in privacy litigation.  In this post, Becky discusses a recent U.S. Supreme Court decision that may make it more difficult for consumers to… Continue Reading

The White House Issues Executive Order On Cybersecurity

Posted in Data Security

Yesterday, President Obama issued an Executive Order to improve critical infrastructure cybersecurity in the United States.  The Order attempts to facilitate sharing of important information between the federal government and certain critical infrastructure in an effort to protect that infrastructure against cyber intrusions.  The Order, which was formally announced and became effective during the President’s… Continue Reading

Identity Theft –Who Is A Victim?

Posted in Data Security, Lawsuits

Are you a victim of identity theft when your personally identifiable information is stolen?  Is the theft alone, and the risk that your information may be misused, sufficient?  Does your information have to be misused in some fraudulent manner before you can be considered a victim? A federal appellate court recently weighed in on these… Continue Reading

What’s In Your Trash?

Posted in Data Privacy, Data Security, FTC

How does your company dispose of personally identifiable information (medical records, financial information, applications containing sensitive information, etc.) and other sensitive information when the information is no longer needed?  Do you throw it in the trash can next to your desk?  Where does it go after that? Is it securely shredded, or thrown into an… Continue Reading

The Southern District of Florida Weighs In On Data Breach Lawsuits

Posted in Data Breach, Data Security, Lawsuits

Late last week, another Federal District Court (the Southern District of Florida) weighed in on the circumstances under which a plaintiff may sue a breached entity civilly for damages when the plaintiff’s personally identifiable information (PII) is inappropriately accessed or acquired.  The Court allowed the case to proceed with counts for violation of Florida’s Unfair… Continue Reading

Congress asks the Fortune 500: “Where’s your cybersecurity plan?”

Posted in Data Security

On September 19th, U.S. Senator John Rockefeller, writing on behalf of the Senate’s Committee on Commerce, Science, and Transportation, sent a letter to the Fortune 500 Chief Executive Officers seeking information about their cybersecurity policies and their positions on certain cybersecurity issues.  (Read the Committee’s press release here). The letter is a result of the Senate’s… Continue Reading