The Florida Legislature recently passed the Florida Information Protection Act of 2014 (FIPA). This post describes the FIPA and analyzes the advantages and disadvantages to businesses governed by the new law. The FIPA must still be signed by the Governor, but the law received unanimous support in the legislature, so his signature is expected. Once
Data Privacy
What’s The Next Wave of Privacy Litigation? “Failure to Match”
A client recently asked me to identify the next wave of data privacy litigation. I said that with so much attention on lawsuits arising from data breaches, particularly in light of some recent successes for the plaintiffs in those lawsuits, the way in which companies collect information and disclose what they are collecting is flying…
Healthcare Organizations Take It On The Chin
If you have noticed an increasing number of high profile problems for healthcare organizations with respect to privacy and security issues these last few weeks you’re not alone. The issues have ranged from employee misuse of protected health information, web-based breaches, photocopier breaches, and theft of stolen computers that compromised millions of records containing unsecured…
Law Firms: How Are You Securing Your Clients’ Information?
What are law firms doing to protect their clients’ sensitive information? What are clients doing to determine whether their outside counsel are using reasonable security measures to protect their sensitive information (confidential communication, customer data, financial information, protected health information, intellectual property, etc.)?
According to the data forensic firm Mandiant, at least 80 major…
Texas’s Data Privacy Training Laws Change (Again)
In August of last year, I wrote about HB 300, a Texas law that, beginning September 1, 2012, created employee training and other requirements for any company doing business in Texas that collects, uses, stores, transmits, or comes into possession of protected health information (PHI). The law’s training provisions required covered entities to train…
U.S. Senate Considers Federal Data Security Legislation
Legislation was introduced in the U.S. Senate late last week that, if passed, would create proactive and reactive requirements for companies that maintain personal information about U.S. citizens and residents. The legislation, titled the “Data Security and Breach Notification Act of 2013” (s. 1193) creates two overarching obligations: to secure personal information and…
Data Breach Lawsuits – Revisiting the Risks
Until recently, individuals whose information was compromised as a result of a company suffering a data breach faced an uphill battle when suing the company in a class action lawsuit. Far more often than not, Courts dismissed the lawsuits or entered summary judgment in favor of defendants on grounds that the plaintiffs could not establish…
What’s In Your Trash?
How does your company dispose of personally identifiable information (medical records, financial information, applications containing sensitive information, etc.) and other sensitive information when the information is no longer needed? Do you throw it in the trash can next to your desk? Where does it go after that? Is it securely shredded, or thrown into an…
Is Secrecy A Prerequisite For Privacy?
It can be easy in the data privacy and security sphere to focus significantly on best practices, changing statutes, new administrative investigations, and evolving industry standards. It is important, however, not to lose the forest for the trees by ignoring larger issues like “what criteria should we use to determine whether information is in fact…
Where’s Your Privacy Policy?
Regulators increasingly want to know what companies are telling consumers about how the companies are using information about their consumers. Companies that do not properly explain how they collect, store, and use their customers’ information are facing increased scrutiny. Nowhere is this increased scrutiny move evident than in the $22.5 million civil penalty that the…