OR PHONE (866) 635-1838 for Bankruptcy Help, (866) 635-6190 for Divorce,
(866) 635-2689 for Personal Injury or (866) 635-9402 for Criminal Defense

Find a Local Lawyer

Bankruptcy (866) 635-1838
Divorce (866) 635-6190
Personal Injury (866) 635-2689
Criminal Defense (866) 635-9402

Legal Niches

The Privacy and Security Law Blog The Privacy and Security Law Blog

Daily analysis of data security and privacy issues.

Post Frequency: 2.8/day

Last Entry: January 28, 2015 at 12:41:47

Recent Entries: 353

Track this blog ()

Go to The Privacy and Security Law Blog, find other Legal Niches blogs, or browse all law blogs.

This Blog Only All Blogs


Law360 Talks to Christopher Avery About New York?s Data Security Proposal

Posted on January 28, 2015
Last week we summarized the four must-know things regarding the New York Attorney General?s new data security proposal. Commentary still surrounds the proposal and has wide appeal. Christopher Avery offered the following insights to Law 360: “The 47 state breach notification laws are reactive?But the New York proposal, instead of being reactive, is focusing on what are the things that companies can be doing in advance to eliminate the breaches that result in those notifications...

New FTC Report on IoT Maintains Need for Baseline Privacy Legislation and Begins to Recognize Limitations of FIPPS in a Connected World

Posted on January 27, 2015
The Federal Trade Commission released its long awaited staff report on privacy and security issues presented by the emerging market for connected devices, also known as, the Internet of Things (?IoT?) (the ?Report?) this morning. The report follows up on the Workshop held in November 2013 and defines the IoT as ?devices or sensors ? other than computers, smartphones, or tablets ? that connect, store or transmit information with or between each other via the Internet...

FTC Director Rich: Greater Transparency Needed in Post-Mad Men Era of Online Advertising

Posted on January 23, 2015
The world of the popular television show Mad Men may be glamorous, but according to the Director of the Federal Trade Commission?s Bureau of Consumer Protection, Jessica Rich, it depicts more fiction than fact about modern advertising practices which has moved online and depends on vast amount of customer data...

World Economic Forum Releases Framework to Quantify Cyber Threats

Posted on January 22, 2015
In conjunction with its annual meeting this week, the World Economic Forum released a report on its current efforts to develop a common framework to model and quantify the impact and risk of cyber threats. The report highlights that ?even well-guarded [organizations] face the threat of a cyberattack...

To access this complete feed in the blog feed reader login or register for free.

4 Things You Must Know About the New York Attorney General?s New Data Security Proposal

Posted on January 16, 2015
Fast on the heels of President Obama?s proposal to create a national data breach notification standard, yesterday, New York Attorney General, Eric Schneiderman announced that he will propose legislation that would significantly strengthen New York?s existing data security laws and establish new consumer privacy protections...

President Obama Proposes National Data Breach Law, Unveils New Consumer and Student Privacy Initiatives

Posted on January 15, 2015
On January 12 President Obama visited the Federal Trade Commission (?FTC?) where he unveiled several new data security and privacy initiatives, including proposed legislation to create a national data breach notification law and strengthen student privacy...

The Future of FTC Data Security

Posted on January 13, 2015
Earlier this month, Peter Karanjia discussed the future of FTC Data Security surrounding the Wyndham ruling. ?What business really needs here is clear rules of the road, and unfortunately when there?s after-the-fact enforcement like this based on broad concepts like unfair practices, that doesn?t provide the clarity that business needs...

Latest PCI Standards Pushes Toward Risk Management

Posted on January 13, 2015
In today?s Compliance Week, Christopher Avery discussed the latest PCI Data Security Standard (PCI-DSS). ?There are a still a large number of organizations that look at PCI DSS as just a compliance obligation with point-in-time assessments,? says Christopher Avery, a data security expert with the law firm Davis Wright Tremaine...

Cybersecurity: The Human Factor

Posted on January 06, 2015
Financial institutions are under a constant and growing cyber assault from hacktivists that want to cause online mischief, criminals that want to steal consumer data and nation-states that are looking for a military, political or economic advantage. In this increasingly costly war, the focus is often on the latest hardware, software and analytics to fortify the defenses...

Legal Departments: Are You Ready for The New PCI DSS Requirements?

Posted on December 30, 2014
Starting Jan. 1, 2015, the Payment Card Industry Data Security Standard (PCI DSS) Version 3.0 (click-through agreement required) will replace Version 2.0. The PCI DSS is a set of requirements developed by the four major credit card networks andis designed to enhance the security of credit card transactions and cardholder data...

Advisory Alert: A Corporate Counsel?s Guide to Cyber Insurance

Posted on December 29, 2014
On an almost daily basis, you are reminded of why you should worry about the security of your company?s data and information systems. Whether it be from headlines in hard copy, broadcast, or online media, your senses have been slammed with one sensational story after another about increasingly massive data breaches...

Congress Funds Cybersecurity: Spending Bill Allocates over $1 Billion to Cybersecurity

Posted on December 18, 2014
The final spending bill of the 113th Congress, which keeps the government doors open until September 30th of 2015, was passed by the House on December 11th, the Senate on the 13th, and signed by the President on December 16th. It is a $1.1 trillion omnibus spending bill that will direct well over $1 billion toward cybersecurity...

Congress Confirms NIST?s Role in Cybersecurity ? and the Continuation of the Cybersecurity Framework

Posted on December 18, 2014
The Cybersecurity Enhancement Act of 2014 (CEA) was passed by the House and the Senate on December 11th, and signed by the President on the 18th. The bill formalizes the role of the National Institute for Standards and Technology (NIST) in continuing to develop the voluntary Cybersecurity Framework...

Congress Passes Cybersecurity Workforce Legislation

Posted on December 18, 2014
The Border Patrol Agent Pay Reform Act of 2014 was passed by the Senate on September 18th, by the House on December 10th, and signed by the President on December 18th. It contains provisions from the Cybersecurity Workforce Recruitment and Retention Act of 2014, which allows the Secretary of the Department of Homeland Security (DHS) to establish cybersecurity positions within DHS to better meet its cybersecurity mission...

Congress Passes The Federal Information Security Modernization Act of 2014: Bringing Federal Agency Information Security into the New Millennium

Posted on December 18, 2014
The Federal Information Security Modernization Act of 2014 (FISMA) was passed by the Senate on December 8th, by the House on December 10th, and by the President on December 18th. It is a comprehensive bill intended to bring federal agency information security practices into the new millennium ? to better respond to evolving cybersecurity threats...

Congress Passes the National Cybersecurity Protection Act: Codifies National Cybersecurity Center & Creates Federal Agency Data Breach Notification Law

Posted on December 18, 2014
The National Cybersecurity Protection Act of 2014 (NCPA) was passed by the House on December 8th, by the Senate on December 10th, and signed by the President on December 18th. Senate Committee on Homeland Security and Governmental Affairs Chairman Tom Carper (D-Del...

Cybersecurity Legislation Focuses on Federal Government Initiatives ? Leaves Private Sector Reforms for 2015

Posted on December 18, 2014
One of the few things the parties in Congress can agree upon these days is cybersecurity ? at least when it comes to directing the federal government?s cyber activities. In its final days, the 113th Congress reached agreement on several major pieces of legislation intended to improve the nation?s cybersecurity: the National Cybersecurity Protection Act of 2014, the Federal Information Security Modernization Act of 2014, the Border Patrol Agent Pay Reform Act of 2014 (a bill that contains provisions from the Department of Homeland Security (DHS) Cybersecurity Workforce Recruitment and Retention Act of 2014), the Cybersecurity Workforce Assessment Act, and the Cybersecurity Enhancement Act of 2014...

Advisory Alert: Latest HIPAA Settlement

Posted on December 17, 2014
Compliance is an Ongoing Process The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) issued its first settlement under new OCR Director Jocelyn Samuels earlier this month. This latest settlement serves as a reminder that a successful privacy and security compliance program is an ongoing process...

Advisory Alert: Refill Reminders and the TCPA

Posted on December 05, 2014
The Telephone Consumer Protection Act (?TCPA?) presents another challenge as health care providers continue to engage patients and seek to meet Meaningful Use reminder objectives. Over the past year, there have been several class action suits alleging pharmacies? prescription refill reminders violated TCPA...

State AGs Looking to Crack Down on Telemarketers Press FCC and FTC

Posted on December 05, 2014
A majority of the nation?s state and territorial Attorneys General have collectively urged the Federal Communications Commission and Federal Trade Commission to revisit rules and policies in ways that would help law enforcement crack down on telemarketing practices...

Is Your Website Ready for California?s ?Minor Eraser? Law?

Posted on December 01, 2014
Starting on Jan. 1, 2015, California?s new ?Minor Eraser? law goes into effect and allows minors in California to remove content or information that they have posted as a registered user on a website, online service, online application or mobile application (collectively, an ?online service?)...

Encryption and Securing BYO Devices at the Heart of Massachusetts AG $100,000 Settlement

Posted on November 25, 2014
The Massachusetts Attorney General announced Friday that her office had reached a settlement with Beth Israel Deaconess Medical Center (BIDMC) surrounding a 2012 data breach in which a physician?s unencrypted personal laptop containing patient and employee information was stolen from BIDMC?s grounds...

AgeCheq, Inc. Looking for Second Bite at the Parental Consent Apple

Posted on November 25, 2014
FTC Denies Company?s First Proposed COPPA Parental Consent Method, Seeks Public Comment on Second Proposal The Federal Trade Commission announced that it has denied AgeCheq, Inc.?s proposed verifiable parental consent method application, which relied on existing verifiable consent methods but also utilized a third-party common consent administrator to allow for consent across multiple devices (see our discussion here)...

Preparing for HIPAA Compliance Audits

Posted on November 24, 2014
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), the office responsible for administering and enforcing the Health Insurance Portability and Accountability Act of 1996 (HIPAA), will continue to audit HIPAA covered entities and business associates in 2015...

Advisory Alert: California?s ?Online Eraser? Law for Minors to Take Effect Jan. 1, 2015

Posted on November 17, 2014
On Jan. 1, 2015, California?s ?Online Eraser? law will take effect, requiring websites and other online service operators to delete on demand any content posted by minors. The law also prohibits such operators from sharing minors? personal information with third parties for the purpose of marketing particular products or services to them...

Advisory Alert: Ebola or Not, Patient Privacy Must Be Protected

Posted on November 12, 2014
In the wake of the recent Ebola cases, the U.S. Department of Health and Human Services? (HHS) Office for Civil Rights (OCR) hasissued a new bulletin reminding HIPAA-covered entities and their business associates that the requirements of the HIPAA Privacy Rule still apply when sharing protected health information (PHI), even in emergency situations...

Federal Financial Institutions Examination Council Releases Cybersecurity Assessment Results: Boards of Directors and Senior Management Need to Engage

Posted on November 05, 2014
The Federal Financial Institutions Examination Council (FFIEC) released general observations yesterday from a cybersecurity assessment of over 500 community financial institutions. The cybersecurity assessment evaluated the institutions? preparedness to mitigate cyber risks...

FCC Reaffirms Fax Ads Sent With Recipients? Prior Permission Require Opt-Out Notice

Posted on October 31, 2014
But Grants Retroactive Waivers to Petitioners Who Sent Permission-Based Faxes Without Opt-Out Notices The Federal Communications Commission has issued an Order sustaining its rule that even ads faxed with the permission of the recipient must include a notice with instructions for how to opt out of future faxes...

California Attorney General Releases Breach Report with Key Findings and Recommendations for Retailers, Financial Institutions and Health Care Sectors

Posted on October 29, 2014
California Attorney General Kamala D. Harris has released a ?California Data Breach Report,? which presents a series of findings and recommendations based on a review of breaches reported to the Attorney General?s office in 2012 and 2013. It should come as no surprise that breaches are on the rise, but the Attorney General?s analysis of the reported breaches outlines the root causes of these breaches on an industry basis and recommends best practices to address the sources of those breaches...

Advisory Alert: CMS Reopens the Medicare Payment Adjustment Hardship Exception Application Submission Period for Certain Providers and Hospitals

Posted on October 29, 2014
Centers for Medicare & Medicaid Services (CMS) recentlyannouncedthe reopening of the submission period for hardship exception applications for eligible professionals and eligible hospitals that have been unable to fully implement 2014 Edition Certified Electronic Health Record Technology (CEHRT) due to availability delays...

Bloggers, promote your law blog by nominating your blog for inclusion in USLaw.com's Law Blog Directory and RSS Reader. Benefits described.
Related Law Bulletins

Related Law Articles

Related Law Questions
Related Searches

US Law
#1 Online Legal Resource

Your Blog Subscriptions
Subscribe to blogs

10,000+ Law Job Listings
Lawyer . Police . Paralegal . Etc
Earn a law-related degree
Are you the author of this blog? Adding USLaw.com to your Blogroll increases relevance. You qualify to display a USLaw Network badge.
Suggest changes to this blog's description or nominate another for inclusion. Register for updates.

Practice Area
Zip Code:

Contact a Lawyer Now!


1.3624 secs (new cache)