OR PHONE (866) 635-1838 for Bankruptcy Help, (866) 635-6190 for Divorce,
(866) 635-2689 for Personal Injury or (866) 635-9402 for Criminal Defense

Find a Local Lawyer

Bankruptcy (866) 635-1838
Divorce (866) 635-6190
Personal Injury (866) 635-2689
Criminal Defense (866) 635-9402

Legal Niches

The Privacy and Security Law Blog The Privacy and Security Law Blog

Daily analysis of data security and privacy issues.

Post Frequency: 1.8/day

Last Entry: April 20, 2015 at 12:04:30

Recent Entries: 375

Track this blog ()

Go to The Privacy and Security Law Blog, find other Legal Niches blogs, or browse all law blogs.

This Blog Only All Blogs


Are Regulatory Fears Impeding Industry Cyber Sharing?

Posted on April 20, 2015
Business leaders confess that concerns of adverse regulatory actions are impacting industry willingness to share cyberthreat information with authorities They say that no good deed goes unpunished. And when it comes to cyber sharing, industry leaders are concerned that their only ?reward? for helping the government identify and respond to cyberthreats may be a stiff rebuke from their regulators...

Legal Departments: New PCI DSS Requirements Mandatory in June

Posted on April 16, 2015
PCI Council publishes new PCI Data Security Standard Version 3.1 and provides very short time to implement new encryption standards. The PCI Council just published a new version of the PCI Data Security Standard (PCI DSS). The new Version 3.1 (agreement required) is available to use immediately and becomes mandatory on June 30, 2015...

Advisory Alert: The FCC Just Upped the Ante for Communications Providers and the FTC

Posted on April 15, 2015
The FCC has been warning communications companies for months that protecting consumer privacy and information security is a top priority, and the recent announcement of a $25 million settlement with AT&T over its alleged failures to adequately protect consumer information are a good indication of the agency?s intent to follow through on its threat with record-setting penalties...

Has Your Website?s EU Safe Harbor Expired?

Posted on April 14, 2015
FTC proposes twenty-year compliance program for two companies that have settled charges that they misrepresented that they are currently compliant with the US-EU Safe Harbor Framework. Does your company rely on the US-EU Safe Harbor Framework in order to transfer personal consumer data about EU residents outside of Europe? If so, you probably have a statement like the following in your website?s privacy policy: ?We comply with the US-EU Safe Harbor Framework and have certified our adherence to the Safe Harbor Privacy Principles...

To access this complete feed in the blog feed reader login or register for free.

Advisory Alert: Proposed HHS Rule Sets the Stage for Changes to the Meaningful Use Program

Posted on April 10, 2015
On March 30, the Department of Health and Human Services? (HHS) Centers for Medicare & Medicaid Services (CMS) published its proposed rulemaking for Stage 3 of the Medicare and Medicaid Electronic Health Records (EHR) Incentive Program in the Federal Register...

Disclosure of Germanwings Co-pilot?s Medical Information Raises Tricky Privacy Concerns

Posted on April 09, 2015
Recent reports surrounding Germanwings co-pilot Andreas Lubitz suggest that Lubitz told his doctors he was on sick leave (or was instructed by his doctors to be on sick leave), and concealed that he was still flying for the commercial airline. Although Lubitz? motives remain unknown, we now know a great deal of Lubitz? medical history, including medications he was taking at the time and past mental health history, largely as disclosed by German prosecutors...

New PCI Tokenization Guidelines

Posted on April 08, 2015
Last week, the Payment Card Industry Security Standards Council released new guidelines related to the security of tokenization products. The guidelines are a set of technical best practices for evaluating tokenization products that will be used to replace the primary account number (PAN), commonly known as the full credit card number, with a substitute valued called a ?token...

Canada Issues First Penalties Under Anti-Spam Law

Posted on April 01, 2015
CRTC imposes over US$900,000 in fines against two companies, reminding U.S.- and foreign-based businesses about possible liability under Canada?s Anti-Spam Law This month marks the issuance of the first two enforcement actions under Canada?s Anti-Spam Law (CASL) since provisions governing commercial electronic messages (CEMs), software downloads, and related conduct took effect July 1, 2014...

FTC Continues to Update COPPA FAQs ? This Time, Guidance for Schools

Posted on March 31, 2015
Update: On March 20, 2015, the Federal Trade Commission quietly announced further slight modifications to ?Part M? of its FAQs pertaining to COPPA guidance for schools. First, the FTC deleted the FAQ M.6 hypothetical on whether educators may register students for online social networks because, the FTC said, it wanted to better streamline the FAQs and the hypo is addressed in FAQs M...

FCC Announces Broadband Consumer Privacy Workshop ? April 28

Posted on March 30, 2015
Commission makes good on Chairman Wheeler?s promise following adoption of new Net Neutrality rules The Federal Communications Commission recently announced that will hold a public workshop on April 28, exploring the FCC?s role protecting consumer privacy in relation to broadband Internet services...

General Counsel, Is Your Website Vulnerable?

Posted on March 24, 2015
A report just released by security startup, Menlo Security, found that one-third of the top one million websites have already been compromised with malware or are running outdated or unpatched software that is vulnerable. The problem is two-fold: 1. Does your website contain vulnerabilities? As the report notes, these website vulnerabilities are easily detectable by hackers...

Advisory Alert: Premera Cyber-Attack Announced

Posted on March 19, 2015
Defining Your Obligations as an Employer On March 17, 2015, Premera announced a data breach involving the personal information of more than 11 million individuals resulting from what it characterized as a sophisticated, targeted cyber-attack. Employers and plan sponsors should take steps to verify how the Premera breach affects their plans and that notifications are being appropriately provided to consumers, attorneys general, and regulators, in compliance with HIPAA and state law...

Montana Tweaks Data Breach Statute

Posted on March 18, 2015
The Big Sky Country?s data breach statute is going to see some small changes come October. On Feb. 27, 2015 Montana Governor Steve Bullock signed H.B. 74 into law, amending the state?s data breach notification statute. Among its changes, H.B. 74 broadens the definition of personal information (?PI?) and requires entities giving notice to consumers under the statute to also provide a copy to the Montana Attorney General?s office...

FTC and State AGs: Political Survey Preface Does Not Allow Sales Robocalls to Avoid Do-Not-Call and Telemarketing Sales Rule Compliance

Posted on March 12, 2015
Cruise Line and Some of its Cohorts Settle Complaint for $500,000+ and Agree to Follow Do-Not-Call, Caller ID, Prerecorded Message, and Other Telemarketing Rules The Federal Trade Commission (FTC) and 10 state Attorneys General announced the filing of a complaint and proposed stipulations against Caribbean Cruise Line (CCL) and several other companies that, respectively, alleged and resolved claims that the companies? coordinated phone sales program violated the FTC?s Telemarketing Sales Rule (TSR) and state consumer protection laws...

Appellate Courts Being Drawn Into VPPA Fray

Posted on March 11, 2015
Cartoon Network Plaintiff?s Arguments May Signal Plaintiffs Bar?s Approach in Other Pending VPPA Cases and Appeals Last week the Third and Eleventh Circuit Courts of Appeals assigned case numbers to the appeals of In re Nickelodeon Privacy Litigation and Locklear v...

Advisory Alert: HIPAA Confusion Leading to Litigation

Posted on February 05, 2015
Recent changes to HIPAA have led to confusion, with a significant number of attorneys claiming that they are entitled to a lower ?HIPAA rate? for copies of medical records. While the issue may seem arcane, this confusion is becoming the subject of litigation against covered entities and their release-of-information vendors...

Farewell, Federal Cybersecurity Incentives?

Posted on February 04, 2015
AdministrationTakesPrivate Sector Incentives Off the Table,WhileObama Calls for $14 Billion in FY 2016 Budget to Strengthen Government?s Cybersecurity Efforts The White House?s Cybersecurity Coordinator Michael Danielannouncedon Mondaythatthe government will not offer incentives for private sector businesses to adoptthe National Institute of Standards and Technology?s (NIST)Cybersecurity Framework...

Advisory Alert: FTC Staff Report on Internet of Things

Posted on February 03, 2015
The Federal Trade Commission released its much anticipated staff report on January 27 regarding consumer privacy and data security concerns arising from the emerging market for connected devices known as the Internet of Things (?IoT?). Titled ?The Internet of Things: Privacy and Security in a Connected World,? the FTC?s report (the ?Report?) builds on the FTC?s November 2013 IoT Workshop and focuses on issues arising from the estimated 25 billion consumer-facing IoT devices expected to be connected by the end of this year...

When Try, Try Again Does Not Succeed: FTC Denies AgeCheq, Inc.?s Second Parental Consent Application Under COPPA

Posted on January 30, 2015
The Federal Trade Commission announced that is has denied AgeCheq, Inc.?s second proposed verifiable parental consent method under the FTC?s Children?s Online Privacy Protection Act (COPPA) Rule. After trying but failing last year to gain FTC approval for a third-party common consent administrator mechanism, AgeCheq offered a new proposal, which would have allowed parents to access and submit an online ?sign and send? form to a third party intermediary?s online verification portal...

Quoth the Maven: ?Without More!? Federal Judge Dismisses Dow Jones VPPA Class Action, While Hulu Parties Square off Over ?Knowingly?

Posted on January 30, 2015
A Growing Chorus of Federal Courts Finds User IDs, by themselves, Do Not Count as Personally Identifiable Information under the VPPA Recently, a federal district judge joined a number of his colleagues around the country who have told plaintiffs looking to bring a claim under the Video Privacy Protection Act (?VPPA?) that if the data plaintiffs allege was improperly shared cannot, ?without more,? personally identify particular persons, then the claim fails...

When Plaintiffs Try to Fit Square Pegs in Round Holes ? U.S. District Court Ends VPPA, State Law Class Action Against Viacom, Google

Posted on January 29, 2015
On Tuesday, Jan.20, New Jersey Federal District Judge Stanley R. Chesler dismissed with prejudice the last remaining allegations in a multidistrict class action against Viacom and Google, formally ending plaintiffs? suit accusing the Internet and multimedia companies of tracking children?s Internet usage and disclosing their video-viewing activities without consent and in violation of state and federal law...

Adam Greene Named One of the Top 10 Influencers in Health Information Security

Posted on January 29, 2015
Adam Greene was named one of the Top 10 Influencers in health information security by HealthCareInfo Security, a leading industry website whose editorial board ?made the selections of the Influencers based on the impression they’ve left over the last year, as well as the impact we expect them to have in 2015 and beyond...

Law360 Talks to Christopher Avery About New York?s Data Security Proposal

Posted on January 28, 2015
Last week we summarized the four must-know things regarding the New York Attorney General?s new data security proposal. Commentary still surrounds the proposal and has wide appeal. Christopher Avery offered the following insights to Law 360: “The 47 state breach notification laws are reactive?But the New York proposal, instead of being reactive, is focusing on what are the things that companies can be doing in advance to eliminate the breaches that result in those notifications...

New FTC Report on IoT Maintains Need for Baseline Privacy Legislation and Begins to Recognize Limitations of FIPPS in a Connected World

Posted on January 27, 2015
The Federal Trade Commission released its long awaited staff report on privacy and security issues presented by the emerging market for connected devices, also known as, the Internet of Things (?IoT?) (the ?Report?) this morning. The report follows up on the Workshop held in November 2013 and defines the IoT as ?devices or sensors ? other than computers, smartphones, or tablets ? that connect, store or transmit information with or between each other via the Internet...

FTC Director Rich: Greater Transparency Needed in Post-Mad Men Era of Online Advertising

Posted on January 23, 2015
The world of the popular television show Mad Men may be glamorous, but according to the Director of the Federal Trade Commission?s Bureau of Consumer Protection, Jessica Rich, it depicts more fiction than fact about modern advertising practices which has moved online and depends on vast amount of customer data...

World Economic Forum Releases Framework to Quantify Cyber Threats

Posted on January 22, 2015
In conjunction with its annual meeting this week, the World Economic Forum released a report on its current efforts to develop a common framework to model and quantify the impact and risk of cyber threats. The report highlights that ?even well-guarded [organizations] face the threat of a cyberattack...

4 Things You Must Know About the New York Attorney General?s New Data Security Proposal

Posted on January 16, 2015
Fast on the heels of President Obama?s proposal to create a national data breach notification standard, yesterday, New York Attorney General, Eric Schneiderman announced that he will propose legislation that would significantly strengthen New York?s existing data security laws and establish new consumer privacy protections...

President Obama Proposes National Data Breach Law, Unveils New Consumer and Student Privacy Initiatives

Posted on January 15, 2015
On January 12 President Obama visited the Federal Trade Commission (?FTC?) where he unveiled several new data security and privacy initiatives, including proposed legislation to create a national data breach notification law and strengthen student privacy...

The Future of FTC Data Security

Posted on January 13, 2015
Earlier this month, Peter Karanjia discussed the future of FTC Data Security surrounding the Wyndham ruling. ?What business really needs here is clear rules of the road, and unfortunately when there?s after-the-fact enforcement like this based on broad concepts like unfair practices, that doesn?t provide the clarity that business needs...

Latest PCI Standards Pushes Toward Risk Management

Posted on January 13, 2015
In today?s Compliance Week, Christopher Avery discussed the latest PCI Data Security Standard (PCI-DSS). ?There are a still a large number of organizations that look at PCI DSS as just a compliance obligation with point-in-time assessments,? says Christopher Avery, a data security expert with the law firm Davis Wright Tremaine...

Bloggers, promote your law blog by nominating your blog for inclusion in USLaw.com's Law Blog Directory and RSS Reader. Benefits described.
Related Law Bulletins

Related Law Articles

Related Law Questions
Related Searches

US Law
#1 Online Legal Resource

Your Blog Subscriptions
Subscribe to blogs

10,000+ Law Job Listings
Lawyer . Police . Paralegal . Etc
Earn a law-related degree
Are you the author of this blog? Adding USLaw.com to your Blogroll increases relevance. You qualify to display a USLaw Network badge.
Suggest changes to this blog's description or nominate another for inclusion. Register for updates.

Practice Area
Zip Code:

Contact a Lawyer Now!


1.2914 secs (new cache)