It’s time for a compliance check on those website or mobile app privacy policies, before the California Attorney General comes knocking.
Attorney General Kamala D. Harris has announced the release of a new tool for...more
The term “cloud computing,” — a process by which remote computers are used to store, manage and process data — is no longer an unfamiliar term. According to at least one estimate, “approximately 90 percent of businesses...more
Letter from the Editors -
Dear Readers,
The world of raising capital for emerging companies has experienced a revolution. Prior to the enactment of the JOBS Act in 2012, raising capital for private companies was...more
9/29/2016
/ Capital Raising ,
Crowdfunding ,
Crowdsourcing ,
Data Breach ,
Data Security ,
Dwolla ,
E-2 ,
Entrepreneurs ,
FinTech ,
Good Faith ,
H-1B ,
Initial Public Offering (IPO) ,
Innovation ,
JOBS Act ,
Parole ,
Privacy Laws ,
Private Placements ,
Public Offerings ,
Rule 506 ,
Visas
The New York Department of Financial Services recently announced a new proposed rule, which would require financial institutions and insurers to implement strong policies for responding to cyberattacks and data breaches. ...more
As has become typical in the data security space, there was quite a bit of activity in state legislatures over the previous year concerning data breach notification statutes. Lawmakers are keenly aware of the high profile...more
Last week the clothing retailer Eddie Bauer LLC issued a press release to announce that its point of sale (“POS”) system at retail stores was compromised by malware for more than six months earlier this year. The...more
Two recent data breach incidents in the healthcare industry prove what readers of this blog have heard all too often: KNOW THY VENDORS....more
The certification forms for the new US-EU Privacy Shield Framework are now available online. What is not easily discernible in the workflow is the fee structure. One needs to refer back to the Federal Register’s...more
On Friday, the heads of the Federal Trade Commission overruled the decision of the Administrative Law Judge (“ALJ”) in In the Matter of LabMd., Inc. The FTC concluded that the ALJ had erred in dismissing the Commission’s case...more
8/1/2016
/ Actual Injuries ,
Administrative Law Judge (ALJ) ,
Corporate Counsel ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
LabMD ,
Risk Assessment ,
Section 5 ,
Unfair or Deceptive Trade Practices
I. Introduction: Privacy Shield to Go Live August 1 (at Last) -
The replacement for Safe Harbor is finally in effect, over nine months after Safe Harbor was struck down by the Court of Justice of the EU in the Schrems...more
7/25/2016
/ Consent ,
Data Protection Authority ,
Data Security ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Notice Requirements ,
Personal Data ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
Did you know that the world is now inhabited by creatures called Pokémon? (Or maybe they’ve always been there?) Some run across the plains; others fly through the skies; and some live in the mountains….and some, yes, some,...more
According to the FBI, “there are only two types of companies: those that have been hacked and those that will be.” It does not take an actual data breach, however, for a company to be liable for its data security practices. ...more
7/20/2016
/ Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Security ,
Dwolla ,
FinTech ,
FTC v Wyndham ,
Hackers ,
Personal Data ,
Privacy Laws
The U.S. Court of Appeals for the Ninth Circuit recently issued a decision that could have far reaching implications for the relationships between companies that provide online services, their customers or users, and third...more
7/20/2016
/ Appeals ,
Business Model ,
CAN-SPAM Act ,
Cease and Desist ,
Computer Fraud and Abuse Act (CFAA) ,
Content Aggregators ,
Corporate Executives ,
Facebook ,
Personal Liability ,
Social Networks ,
Startups ,
Terms of Use
Not all the news coming out of Europe these days is about Brexit. In fact, the forces of unity and harmonization remain a top priority for European regulators hoping to combat digital security threats and create a safer and...more
7/11/2016
/ Amazon ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Digital Service Providers ,
Digital Single Market ,
eBay ,
EU ,
European Commission ,
Google ,
International Harmonization ,
Member State ,
Multinationals ,
Network and Information Security Directive ,
Operators of Essential Services
Colorado is the latest state to revisit, and expand upon, its laws pertaining to the use and protection of student data. Colorado Governor John Hickenlooper recently signed into law House Bill 16-1423 (the “Bill”) designed to...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently issued a warning regarding vulnerabilities in third-party applications used by entities covered by HIPAA. The OCR warning applies...more
The Department of Homeland Security (DHS) and the Department of Justice (DOJ) have issued the long-awaited final procedures for both Federal and Non-Federal Entities under the Cybersecurity Information Sharing Act (CISA)...more
Last week, the Federal Trade Commission (FTC) announced (press release) that Practice Fusion, the largest cloud-based electronic health company in the United States, has agreed to settle FTC charges over deceptive practices...more
Sophisticated phishing scams and muscular hacking efforts continue to compromise personal and sensitive information held by insurers, hospital systems, and businesses large and small. In response, many states have...more
6/15/2016
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Encryption ,
Exemptions ,
Gramm-Leach-Blilely Act ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Personal Data ,
Personal Information Protection Act ,
Personally Identifiable Information ,
Phishing Scams ,
PIPA ,
Safe Harbors ,
State Data Breach Notification Statutes
In a decision favorable to the airline industry—but not helpful to other companies—the California Court of Appeal said that a privacy enforcement action against Delta is not going to fly. On May 25, 2016, the Court of Appeal...more
6/2/2016
/ Airlines ,
Appeals ,
Attorney General ,
CalOPPA ,
Delta Airlines ,
Dismissal With Prejudice ,
Enforcement Actions ,
Kamala Harris ,
Mobile Apps ,
Penalties ,
Privacy Policy
Dear Ned,
I understand that one of your employees will be engaging a six-month temporary assignment around Europe to scope market opportunities, and you’d like to have a better understanding of what to be thinking about...more
The Payment Card Industry Security Standards Council (PCI SSC) has released a new version of its data security standard for the protection of cardholder data, the Payment Card Industry Data Security Standard (PCI DSS). PCI...more
If you have had to provide data breach notices across any number of states (and who hasn’t….), you would know that they vary widely in how those notices must be provided to state regulators. In some states (for example,...more
As we reported last month, the FCC was preparing a proposed rulemaking (NPRM) to establish privacy and data security requirements for broadband internet access service (BIAS) providers. The FCC has now released that proposal...more
Everyone loves a good courtroom drama. So just imagine this pitch: henchmen of an evil dictator hack their way into a movie studio computer system. Once inside, they steal the most sensitive personal information of the...more