Data Security Law Journal Focusing on legal trends in data security, cloud computing, data privacy, and anything E

Category Archives: Data Security

Subscribe to Data Security RSS Feed

The SEC Makes Clear There is No Room For Error in Cybersecurity

Posted in Being Proactive, Data Breach, Data Security, SEC

The SEC recently agreed to a $1,000,000 settlement of an enforcement action against Morgan Stanley for its failure to have sufficient data security policies and procedures to protect customer data. The settlement was significant for its amount. The true noteworthiness here, however, lies not in the end result but the implications of how it was… Continue Reading

Understanding EMV Payment Card Technology

Posted in Data Security, Payment Cards

A significant change is happening to payment card technology. Any company that accepts credit cards as a form of payment needs to know about it if they intend to continue accepting payment cards in the future. The technology is called “EMV” (EuroPay, MasterCard, Visa). The card brands hope that EMV technology will significantly reduce the… Continue Reading

FDA Issues Draft Guidance on Postmarket Cybersecurity Programs for Medical Devices

Posted in Being Proactive, Data Security, FDA, Pharma

In 2014, the Food and Drug Administration (“FDA”) articulated its expectations for how device manufacturers address cybersecurity premarket in Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. Recently, the FDA released complementary draft guidance in Postmarket Management of Cybersecurity in Medical Devices. In the new guidance, the FDA explains what constitutes an… Continue Reading

Why Every Business Should Care About Florida’s Information Protection Act

Posted in Breach Notification Statutes, Data Breach, Data Breach, Data Privacy, Data Security

My last post described what the recently passed Florida Information Protection Act (FIPA) will do.  This post analyzes how FIPA differs from Florida’s existing breach notification law and explains why those differences will hurt or help companies that maintain information about Florida residents.  Florida’s Governor must still sign the FIPA into law, but his signature… Continue Reading

Everything You Need To Know About Florida’s New Data Protection Law

Posted in Breach Notification Statutes, Data Breach, Data Privacy, Data Security

The Florida Legislature recently passed the Florida Information Protection Act of 2014 (FIPA).  This post describes the FIPA and analyzes the advantages and disadvantages to businesses governed by the new law.  The FIPA must still be signed by the Governor, but the law received unanimous support in the legislature, so his signature is expected.  Once… Continue Reading

$3,000,000 Settlement Reached in Data Breach Lawsuit

Posted in Data Breach, Data Security, Lawsuits

How much of a headache can a couple of stolen laptops cause your organization?  How about a $3 million headache??  That is the amount of a settlement proposed in an Unopposed Motion in Support of Preliminary Approval of Class Action Settlement in Resnick/Curry v. AvMed, Inc., No. 1:10-cv-24513-JLK (S.D. Fla.), a data breach lawsuit pending in the Southern District of… Continue Reading

Data Breach Lawsuits Settling in the Southern District of Florida

Posted in Data Breach, Data Security, Lawsuits

Plaintiffs in data breach lawsuits around the country have had a difficult time surviving motions to dismiss and for summary judgment.  A number of courts have rejected these lawsuits because they failed to allege or demonstrate cognizable injuries, standing, causation, and the requisite elements to withstand an economic loss rule defense.  It is dangerous, however,… Continue Reading

Healthcare Organizations Take It On The Chin

Posted in Data Breach, Data Breach, Data Privacy, Data Security, FTC, Health Care Industry, Lawsuits

If you have noticed an increasing number of high profile problems for healthcare organizations with respect to privacy and security issues these last few weeks you’re not alone.  The issues have ranged from employee misuse of protected health information, web-based breaches, photocopier breaches, and theft of stolen computers that compromised millions of records containing unsecured… Continue Reading

Law Firms: How Are You Securing Your Clients’ Information?

Posted in All Things E, Data Privacy, Data Security, Vendor Management

What are law firms doing to protect their clients’ sensitive information?  What are clients doing to determine whether their outside counsel are using reasonable security measures to protect their sensitive information (confidential communication, customer data, financial information, protected health information, intellectual property, etc.)? According to the data forensic firm Mandiant, at least 80 major law… Continue Reading

Texas’s Data Privacy Training Laws Change (Again)

Posted in Data Privacy, Data Security, Health Care Industry

In August of last year, I wrote about HB 300, a Texas law that, beginning September 1, 2012, created employee training and other requirements for any company doing business in Texas that collects, uses, stores, transmits, or comes into possession of protected health information (PHI).  The law’s training provisions required covered entities to train their… Continue Reading

U.S. Senate Considers Federal Data Security Legislation

Posted in Data Breach, Data Breach, Data Privacy, Data Security

Legislation was introduced in the U.S. Senate late last week that, if passed, would create proactive and reactive requirements for companies that maintain personal information about U.S. citizens and residents.  The legislation, titled the “Data Security and Breach Notification Act of 2013” (s. 1193) creates two overarching obligations:  to secure personal information and to notify… Continue Reading

What Does A Cyber Attack Look Like?

Posted in All Things E, Data Breach, Data Security

The phrase “cyber attack” elicits thoughts of a compromised information system, a crashed computer network, or inappropriate access to sensitive electronic information.  It doesn’t usually conjure up images of machinery setting on fire, and smoke emerging from a factory.  Nevertheless, here is a video of an experimental cyber attack named Aurora, which took place on… Continue Reading

Data Breaches – Who is Causing Them, How, and What Can Companies Do About It?

Posted in Data Security, Surveys and studies

One of the leading annual studies analyzing the causes of data breaches was released earlier today.  The 2013 Verizon Data Breach Investigations Report analyzes what is causing data breaches, how the breaches are occurring, who are the hackers and the victims, and what trends can be gleaned from this information.  The report has become a… Continue Reading

Data Breach Lawsuits – Revisiting the Risks

Posted in Data Breach, Data Breach, Data Privacy, Data Security, Lawsuits

Until recently, individuals whose information was compromised as a result of a company suffering a data breach faced an uphill battle when suing the company in a class action lawsuit.  Far more often than not, Courts dismissed the lawsuits or entered summary judgment in favor of defendants on grounds that the plaintiffs could not establish… Continue Reading

The Cybersecurity Executive Order – Have Your Say!

Posted in Data Security

On February 12th, President Obama issued an Executive Order on Cybersecurity that seeks to improve critical infrastructure cybersecurity in the United States by encouraging sharing of important cybersecurity information between the government and owners and operators of critical infrastructure.  “Critical infrastructure” means systems and assets so vital to the United States that the incapacity or… Continue Reading

Busy Day for Cybersecurity in D.C.

Posted in All Things E, Data Security

I’m a big fan of Bloomberg West.  Perhaps more so than almost any other television news program, it does a terrific job of providing both depth and breadth on issues that are important to the technology industry.  Tonight’s report by Megan Hughes about breaking developments on the cybersecurity front today was no exception.  Watch it here:… Continue Reading

New U.S. Supreme Court Decision Will Likely Impact Data Breach Litigation

Posted in Data Breach, Data Security, Lawsuits

The following Data Security Law Journal post was authored by Becky Schwartz, my law partner at Shook Hardy & Bacon.  Becky is an experienced class action litigator who has developed a specialty in privacy litigation.  In this post, Becky discusses a recent U.S. Supreme Court decision that may make it more difficult for consumers to… Continue Reading

The White House Issues Executive Order On Cybersecurity

Posted in Data Security

Yesterday, President Obama issued an Executive Order to improve critical infrastructure cybersecurity in the United States.  The Order attempts to facilitate sharing of important information between the federal government and certain critical infrastructure in an effort to protect that infrastructure against cyber intrusions.  The Order, which was formally announced and became effective during the President’s… Continue Reading