In three months, the EU’s General Data Protection Regulation (GDPR), one of the strictest privacy laws in the world, will go into effect. It will apply to companies that collect or process personal data of EU residents, regardless of whether the company is physically located in the EU. Companies that violate the law will be… Continue Reading
Category Archives: Data Privacy
Subscribe to Data Privacy RSS FeedBiometric Privacy Webinar: A Guide for Corporate Counsel
Posted in Biometric Privacy, Data PrivacyDoes your company collect biometric information? Are you not entirely sure what “biometric information” means? Would you like to understand the differences between the different state biometric privacy laws? Do you want to know why more than 50 companies were hit with class action lawsuits within a period of three months as a result of… Continue Reading
New Wave of Biometric Privacy Class Actions: Could You Be A Target?
Posted in Biometric Privacy, Data Privacy, LawsuitsWhile the privacy world is focused on the Equifax data breach, another development is taking place that could have a more lasting effect on privacy law. In the last month, plaintiffs’ lawyers in Illinois have filed over 20 lawsuits against companies that authenticate their employees or customers with their fingerprints. The lawsuits are based on… Continue Reading
Incident Response: The Increasing Risks to Corporate Legal Departments
Posted in Data Breach, Data Breach, Data SecurityThe consequences of a data breach reached new heights last week when Yahoo announced the resignation of its General Counsel in response to a series of security incidents the company suffered. A more fulsome explanation of the security incidents and Yahoo’s response can be found in item seven of the company’s 10-K, but here are… Continue Reading
60 Minutes Reports on Payment Card Data Breaches
Posted in Data Breach, Data Breach, Data SecurityEver wonder how your credit card gets compromised and how the bad guys get your information? This report on tonight’s episode of 60 Minutes provides an overview of what happens from the moment you swipe your card at the point-of-sale terminal to the moment when the card number is compromised and sold on a black… Continue Reading
Why Every Business Should Care About Florida’s Information Protection Act
Posted in Breach Notification Statutes, Data Breach, Data Breach, Data Privacy, Data SecurityMy last post described what the recently passed Florida Information Protection Act (FIPA) will do. This post analyzes how FIPA differs from Florida’s existing breach notification law and explains why those differences will hurt or help companies that maintain information about Florida residents. Florida’s Governor must still sign the FIPA into law, but his signature… Continue Reading
Everything You Need To Know About Florida’s New Data Protection Law
Posted in Breach Notification Statutes, Data Breach, Data Privacy, Data SecurityThe Florida Legislature recently passed the Florida Information Protection Act of 2014 (FIPA). This post describes the FIPA and analyzes the advantages and disadvantages to businesses governed by the new law. The FIPA must still be signed by the Governor, but the law received unanimous support in the legislature, so his signature is expected. Once… Continue Reading
What’s The Next Wave of Privacy Litigation? “Failure to Match”
Posted in Being Proactive, Data Privacy, LawsuitsA client recently asked me to identify the next wave of data privacy litigation. I said that with so much attention on lawsuits arising from data breaches, particularly in light of some recent successes for the plaintiffs in those lawsuits, the way in which companies collect information and disclose what they are collecting is flying… Continue Reading
Healthcare Organizations Take It On The Chin
Posted in Data Breach, Data Breach, Data Privacy, Data Security, FTC, Health Care Industry, LawsuitsIf you have noticed an increasing number of high profile problems for healthcare organizations with respect to privacy and security issues these last few weeks you’re not alone. The issues have ranged from employee misuse of protected health information, web-based breaches, photocopier breaches, and theft of stolen computers that compromised millions of records containing unsecured… Continue Reading
Law Firms: How Are You Securing Your Clients’ Information?
Posted in All Things E, Data Privacy, Data Security, Vendor ManagementWhat are law firms doing to protect their clients’ sensitive information? What are clients doing to determine whether their outside counsel are using reasonable security measures to protect their sensitive information (confidential communication, customer data, financial information, protected health information, intellectual property, etc.)? According to the data forensic firm Mandiant, at least 80 major law… Continue Reading
Texas’s Data Privacy Training Laws Change (Again)
Posted in Data Privacy, Data Security, Health Care IndustryIn August of last year, I wrote about HB 300, a Texas law that, beginning September 1, 2012, created employee training and other requirements for any company doing business in Texas that collects, uses, stores, transmits, or comes into possession of protected health information (PHI). The law’s training provisions required covered entities to train their… Continue Reading
U.S. Senate Considers Federal Data Security Legislation
Posted in Data Breach, Data Breach, Data Privacy, Data SecurityLegislation was introduced in the U.S. Senate late last week that, if passed, would create proactive and reactive requirements for companies that maintain personal information about U.S. citizens and residents. The legislation, titled the “Data Security and Breach Notification Act of 2013” (s. 1193) creates two overarching obligations: to secure personal information and to notify… Continue Reading
Data Breach Lawsuits – Revisiting the Risks
Posted in Data Breach, Data Breach, Data Privacy, Data Security, LawsuitsUntil recently, individuals whose information was compromised as a result of a company suffering a data breach faced an uphill battle when suing the company in a class action lawsuit. Far more often than not, Courts dismissed the lawsuits or entered summary judgment in favor of defendants on grounds that the plaintiffs could not establish… Continue Reading
What’s In Your Trash?
Posted in Data Privacy, Data Security, FTCHow does your company dispose of personally identifiable information (medical records, financial information, applications containing sensitive information, etc.) and other sensitive information when the information is no longer needed? Do you throw it in the trash can next to your desk? Where does it go after that? Is it securely shredded, or thrown into an… Continue Reading
Is Secrecy A Prerequisite For Privacy?
Posted in Data PrivacyIt can be easy in the data privacy and security sphere to focus significantly on best practices, changing statutes, new administrative investigations, and evolving industry standards. It is important, however, not to lose the forest for the trees by ignoring larger issues like “what criteria should we use to determine whether information is in fact… Continue Reading
Where’s Your Privacy Policy?
Posted in Data Privacy, FTCRegulators increasingly want to know what companies are telling consumers about how the companies are using information about their consumers. Companies that do not properly explain how they collect, store, and use their customers’ information are facing increased scrutiny. Nowhere is this increased scrutiny move evident than in the $22.5 million civil penalty that the… Continue Reading
Data Privacy – Is Your Business Ready For HB 300?
Posted in Data PrivacyOn September 1, 2012, a new law will go into effect in Texas that imposes new requirements on organizations that maintain protected heath information (PHI). The new legislation, HB 300, imposes even tighter standards than required by the federal Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical… Continue Reading
The FTC Fines Google $22.5 Million – Why Should Companies Care?
Posted in Data Privacy, FTCToday, the Federal Trade Commission levied a $22.5 million penalty against Google, the largest civil penalty by the FTC against a single defendant. Here is a copy of the Stipulated Order entered into between the FTC and Google. The penalty stems from an FTC Complaint alleging that Google violated “privacy promises” it agrees to as… Continue Reading
Why is the Countrywide data breach lawsuit dismissal important?
Posted in Data Breach, Data Security, LawsuitsAnother court has weighed in on the issue of what constitutes a cognizable injury in a data breach case. In a lengthy opinion, the U.S. District Court for the Western District of Kentucky in Holmes v. Countrywide Financial Corp. dismissed a lawsuit against Countrywide by plaintiffs who claimed that their personal information had been compromised… Continue Reading
Video Interview: Discussing the LinkedIn Data Breach Class Action Suit with LXBN TV
Posted in Data Breach, Data Security, LawsuitsFollowing my post on the subject last week, I had the chance to speak with Colin O’Keefe of LXBN regarding the class action suit filed against LinkedIn following their recent high-profile data breach. In the brief interview, I explain the background of the case, what damages the plaintiffs are alleging and why it’s too early… Continue Reading
Should Companies Be Allowed To Ask Their Employees For Their Social Media Passwords?
Posted in Data Privacy, Social mediaTom Barnett, Managing Director and eDiscovery Practice Leader for Stroz Friedberg, has written an article entitled “What Happens on Facebook Stays on Facebook”. The article provides a good overview of legislation passed recently by the Maryland legislature, which prohibits an employer or prospective employer from asking their employees or prospective employees for their social media… Continue Reading
FTC Action – Companies Must Guard Against Software That Threatens Private Information
Posted in Data Privacy, Data Security, FTCFlying “under the radar” this week as a result of the high profile LinkedIn data breach, was news that the Federal Trade Commission charged two businesses with illegally exposing the sensitive personal information of consumers by allowing peer-to-peer (P2P) file-sharing software to be installed on their corporate computer systems. P2P software is commonly used to… Continue Reading
Federal Data Breach Notification Laws
Posted in Data Breach, Data Breach, Data SecurityThe title of this blog entry is somewhat of a misnomer because there is no single national data breach notification law that governs all information the same way as the state data breach notification laws do. So, for the time being, companies and consumers are forced to determine which state data breach notification laws apply… Continue Reading
State Data Breach Notification Laws
Posted in Data Breach, Data Breach, Data SecurityIn 2005, a company called ChoicePoint, which collected personal and financial information for millions of consumers, was the victim of a security breach. Criminals stole from ChoicePoint personal information for more than 145,000 individuals. The floodgates opened and a variety of other corporations and organizations revealed similar data breaches that had resulted in unauthorized access… Continue Reading
Subscribe to this blog via RSS
View Al's Linkedin Profile