It’s back to school time - time to put away the flip flops and beach chairs and settle back into the routine. To help motivate you, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) has announced a new round of cybersecurity examinations! This comes on the heels of the… Continue Reading
Data Compliance & Security
Subscribe to Data Compliance & Security RSS FeedRecognizable Faces Disappear from Facial Recognition Meetings
Posted in Data Compliance & Security, Privacy RegulationFacing “industry stakeholders [that] were unable to agree on any concrete scenario” in which affirmative consent should be obtained from individuals before employing facial recognition technologies, nine consumer advocacy organizations made an about-face and withdrew from the multistakeholder process coordinated by the National Telecommunications and Information Administration (“NTIA”). These organizations, which include the… Continue Reading
New Hampshire Establishes Privacy Protections for Student Online Personal Information
Posted in Children, Data Compliance & Security, Privacy Regulation, SecurityCalifornia again has provided a model of privacy legislation for other states to follow. New Hampshire Governor Maggie Hassan recently signed into law House Bill 520 (the “Bill”), a bipartisan effort to establish guidelines for the protection of student online personal information. Who is covered by the Bill? Modeled after California’s Student Online Personal Information… Continue Reading
Data Breach Affects Millions of Current and Former Government Workers
Posted in Class Action Litigation, Data Breach, Data Compliance & Security, Employee Privacy, Identity Theft, Privacy Litigation, SecurityThe U.S. Office of Personnel Management (OPM) announced that hackers have stolen the personal information of approximately 4 million current and former federal employees, including names, birthdates and social security numbers. OPM serves as the human resources department -and holds employee records - for the entire federal government, ranging from security clearances to the identities… Continue Reading
The NAI Issues Privacy Guidelines For Interest-Based Advertising, Ad Delivery and Reporting
Posted in Data Compliance & Security, Online AdvertisingThe Network Advertising Initiative (NAI) has issued guidance for its members on the use of non-cookie technologies for Interest-Based Advertising (IBA) and Ad Delivery and Reporting (ADR) (Guidance). The NAI is a self-regulatory organization for third-party digital advertising companies. Consistent with the NAI Code of Conduct (NAI Code) which was designed based on the Fair… Continue Reading
Privacy Monday - May 18, 2015
Posted in Children, Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & Security, Events and Webinars, Mobile Privacy, Online Advertising, Privacy Monday, Security, UncategorizedIt’s Monday morning — do you know your privacy/security status? Here are a few bits and bytes to start your week. SEC to Registered Investment Advisers and Broker-Dealers: It’s Your Turn to Pay Attention to Cybersecurity The Division of Investment Management of the Securities & Exchange Commission (SEC) has weighed in on cybersecurity of registered investment companies… Continue Reading
Breaking Down the DOJ Cybersecurity Unit’s Guidance on Responding to Cyberattacks
Posted in Cybersecurity, Data Breach, Data Compliance & Security, Privacy Litigation, SecurityAnother federal agency has weighed in with “guidance” on cybersecurity preparation and breach response. The Department of Justice (DOJ) is the latest to issue guidance on how companies should respond to data breaches. The guidance is not perfect, and in some respects is simply a recitation of existing best practices, but it is still valuable because… Continue Reading
Video Interview: Discussing Cross-Device Tracking on LXBN TV
Posted in Data Compliance & Security, Federal Trade Commission, Mobile Privacy, Online AdvertisingFollowing up on my recent post on the matter, I had the opportunity to speak with Colin O’Keefe of LXBN on the subject of cross-device tracking. In the brief interview, I discuss the growing prevalence of cross-device tracking and what the FTC is doing in response.
Responding to Insider Data Theft
Posted in Cybersecurity, Data Compliance & Security, Events and Webinars, SecurityOur 2015 monthly Privacy Issues Wednesday webinar series continued this month with Jonathan Cain and Paul Pelletier’s Responding to Insider Data Theft & Disclosure presentation. Jonathan and Paul discussed how distinguishing the insider threat differs from the techniques used to identify and stop hackers, creating an environment that deters insiders from stealing data, and the… Continue Reading
Cross-Device Tracking: The New World
Posted in Data Compliance & Security, Federal Trade Commission, Mobile Privacy, Online Advertising, UncategorizedFacebook does it. Google does it. It’s everywhere in the mobile ad ecosystem. And your smartphone does it more often than you know, according to a study released on Monday by Carnegie Mellon. Now, Federal authorities have turned their attention to cross-device and cross-service tracking of consumers over the last several days and weeks. Speaking at… Continue Reading
State Data Breach Notification Law Updates
Posted in Cybersecurity, Data Breach Notification, Data Compliance & Security, Privacy RegulationState legislatures are not waiting for Congressional action on a national data breach notification standard. Montana — Montana has amended its 10-year old breach notification law (see Mintz Matrix) to expand the definition of “personal information” and require notice to the state attorney general’s consumer protection office. H.B. 74, signed into law by Governor Bullock,… Continue Reading
Privacy Monday - March 2, 2015: How is Your Cyber Resilience?
Posted in Cloud Computing, Cybersecurity, Data Compliance & Security, Privacy Monday, SecurityWelcome to March (and in the Northeast, the arrival of meteorological spring is welcome indeed……) We start this month with a question: Have you looked at your cyber resilience? The Federal Financial Institutions Examination Council (FFIEC) recently described “cyber resilience” as an organization’s ability to recover critical IT systems and resume normal business operations in… Continue Reading
Cybersecurity Executive Order: Not Much New
Posted in Cybersecurity, Cybersecurity, Data Compliance & Security, UncategorizedPresident Obama’s February 13 Executive Order, “Promoting Private Sector Cybersecurity Information Sharing” (the “EO”), turns out to be light on new measures to improve cybersecurity, but focused heavily on adjustments to prior Executive Orders implementing the rules for handling classified information. This focus introduces concerns about government agencies picking winners and losers in the cybersecurity… Continue Reading
It’s Data Privacy Day 2015
Posted in Cybersecurity, Data Compliance & Security, Federal Trade CommissionToday is Data Privacy Day, and as you might expect, we have a few bits and bytes for you. Use the Opportunity Data Privacy Day is another opportunity to push out a note to employees regarding their own privacy and security — and how that can help the company. Emails with articles and reminders… Continue Reading
Cybersecurity and Privacy in State of the Union Address
Posted in Children, Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & Security, Legislation, Privacy Regulation, SecurityAs expected in his State of the Union address last night, President Obama made it very clear that cybersecurity is on his agenda for 2015. After stating that: “No foreign nation, no hacker should be able to shut down our networks, steal our trade secrets or invade the privacy of American families, especially our kids,”… Continue Reading
Privacy Monday - January 12, 2015
Posted in Cybersecurity, Data Breach Notification, Data Compliance & Security, Employee Privacy, Federal Trade Commission, Legislation, Privacy Monday, Privacy Regulation, SecurityThree privacy/security stories that you should know as you start your week: President Obama to Offer Cybersecurity/Privacy Previews to State of the Union Proposals In a series of speeches this week, President Obama will preview important issues to appear in his January 20th State of the Union address. A White House official said… Continue Reading
Save the Date — HIPAA Audit Preparedness Webinar January 28, 2015
Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation, SecurityThe First Rule of How to Survive a HIPAA Audit: Be Prepared 2015 is bringing along with it the start of the HHS Office for Civil Rights random audit program to assess compliance with the HIPAA privacy, security and breach notification rules. It is anticipated that 300-400 business associates will be the subject of a… Continue Reading
Privacy Monday - January 5, 2015
Posted in Cybersecurity, Data Breach, Data Compliance & Security, Privacy MondayWelcome to the first Privacy Monday of 2015! We hope that you enjoyed our 12 Days of Privacy series (and if you missed it, they are all linked in the right column of the blog…). Three things that you should know for your Privacy Monday: 1. The FTC approved the Snapchat final order on New Year’s… Continue Reading
On the Twelfth Day of Privacy, My True Love Gave to Me …. 12 Different Types of Wearables!
Posted in 12 Days of Privacy, Cybersecurity, Data Breach, Data Compliance & Security, Privacy Regulation, SecurityAnd what will that new gadget be spilling about you?? Written by Julia Siripurapu, CIPP There is no doubt that wearable devices are among the hottest gifts of the season! From fitness bands and smart watches to wearable cameras and the Google Glass, there is definitely someone on your list (including you!) who may benefit… Continue Reading
On the Tenth Day of Privacy, OCR Gave to Me…..
Posted in 12 Days of Privacy, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation……………..a cumbersome C-A-P Written by Dianne Bourque The U.S Department of Health and Human Services Office for Civil Rights has received tremendous publicity in recent years for its upward-trending fines and aggressive enforcement of HIPAA violations. Seven-figure fines are becoming the norm for serious violations, for example, in May of this year, OCR fined a hospital and university a combined total of $4.8 million dollars for their separate HIPAA… Continue Reading
On the Sixth Day of Privacy, the hackers gave to Sony……
Posted in 12 Days of Privacy, 201 CMR 17.00, Cybersecurity, Data Breach, Data Compliance & Security, Securitymany more than six different hacks…….and headaches…… Written by Jonathan Ursprung With the holiday season in full swing, many of us are struggling with that age-old question: “what do you get for the person who has everything?” Well, if that person happens to be your supreme leader, the answer may very well be “a massive download… Continue Reading
On the Third Day of Privacy, the Shareholders Gave to Me……
Posted in 12 Days of Privacy, Cybersecurity, Data Breach, Data Compliance & Security, Privacy Regulation, Security…….Shareholder Proposals on Cybersecurity and Privacy: Another Country Heard From Written by Megan Gates As the holiday season slips into the rear view mirror, another season looms large for public companies —- proxy season. Adding to the ever-growing chorus of demands for increased transparency by public companies on cybersecurity and privacy matters, institutional shareholders have… Continue Reading
Privacy Monday: December 8, 2104 - The Twelve Days of Privacy 2014
Posted in 12 Days of Privacy, Cybersecurity, Data Compliance & Security, EU Data Protection Regulation, Insurance, Legislation, Mobile Privacy, Privacy Litigation, Privacy Monday, Privacy Regulation, UncategorizedOur series last year was a reader favorite, so we decided to put our prognosticator hats on again and present: Rather than look back at 2014, starting tomorrow, the Privacy & Security blog will count down The 12 Days of Privacy, looking ahead to what we might expect in 2015 and what we might… Continue Reading
Global Internet Threat Activity
Posted in Cybersecurity, Data Breach, Data Compliance & Security, Identity Theft, SecurityOften, privacy and security professionals are seen as “paranoid” or “Chicken Little” ….. statistics are pointing to something that more closely resembles the canary in the coal mine. A new Internet Security Threat Report provides an overview and analysis of the year’s global internet threat activity. The report is based on data from the Symantec™… Continue Reading
