Data Privacy Monitor

Data Privacy Monitor

Commentary on Data Privacy & Information Security Subjects

Craig Hoffman

Subscribe to all posts by Craig Hoffman

ICYMI – Recording of Managing Cardholder Data Security Risks in an Evolving Payments Landscape Webinar

Posted in Payment Card Industry
BakerHostetler recently hosted a webinar that provided a look back on significant payment card security events that occurred in 2013 and the security, risk mitigation, and customer relations lessons that can be learned from them.  The panelists also discussed what the continuing and emerging threats may be in 2014 and how to integrate security into … Continue Reading

January 15 webinar: Managing Cardholder Data Security Risks in an Evolving Payments Landscape

Posted in Payment Card Industry
Please join us from 2-3:30 pm ET on January 15 for a webinar that will provide a look back on significant payment card security events that occurred in 2013 and the security, risk mitigation, and customer relations lessons that can be learned from them. We will also discuss what the continuing and emerging threats may … Continue Reading

Visa Loses Motion to Dismiss in Genesco Case – Are the Days for PCI Assessments Numbered?

Posted in Financial Privacy
Co-Authored by: Judy Selby In a highly anticipated decision, a federal court in Tennessee let stand a retailer’s claims against Visa for violation of California’s Unfair Competition Law (UCL) and for common law claims for unjust enrichment and restitution arising out of fines and assessments levied by Visa in the wake of a massive data … Continue Reading

Mobile Apps and Websites Face New COPPA Requirements Starting July 1

Posted in COPPA, Online Privacy
Authored by Benjamin D. Pergament In one month, on July 1, 2013, the Federal Trade Commission’s most recent amendments to its Children’s Online Privacy Protection Act Rule (“COPPA Rule”) will go into effect. These changes include a variety of requirements intended to keep up with advances in technology and how children interact with mobile apps … Continue Reading

Highest Bidder Loses Spoliation Fight in Auction House Data Breach

Posted in Data Breaches
This blog post is a joint submission with BakerHostetler’s Discovery Advocate blog. Authored by: Karin Scholz Jenson and  Ganesh Krishna A recent case out of the Northern District of Ohio is an unsung victory for proportionality in that the Court twice declined to sanction a plaintiff’s “failure” to forensically image computers where computer logs showing the … Continue Reading

New gTLDs Raise Data Security Concerns

Posted in Online Privacy
Authored by: David A. Einhorn and Alan Pate ICANN is well on its way to the launch of new generic top-level domains (gTLDs) with the first ones being approved as early as April 23rd.  The handful of TLDs currently in use, such as “.com”, “.org”, and “.edu”, may soon be joined by over 1000 gTLDs … Continue Reading

International Compendium of Data Privacy Laws

Posted in Miscellaneous, Online Privacy
Privacy and data protection issues confront all organizations—whether you handle employee information, credit card data, sensitive financial information or trade secrets. Securing data is a daunting task that is further complicated by cross-border transfer issues and the differences in privacy laws around the world. These laws are complex and can pose myriad and sometimes conflicting … Continue Reading

APT Threat Report Shows Cybersecurity Risks Not Limited to Identity Theft

Posted in Cybersecurity
We often talk to companies who believe they are an unlikely target for hackers because they do not have financial account information, Social Security numbers, or medical information.  However, personal information is not the only item hackers are after.  Indeed, the chief of the United States Cyber Command and director of the National Security Agency … Continue Reading

Magistrate Recommends Dismissal with Prejudice of Claims Against Global Payments

Posted in Payment Card Industry, Privacy Class Actions
Global Payments, which processes credit card transactions, announced on March 30, 2012 that an unauthorized person gained access to a portion of its processing system.  Global Payments later disclosed that Track 2 data (card number, expiration date, verification code but not cardholder name or address) of 1.5 million cardholders were taken.  Three individuals brought a … Continue Reading

Recorded Webinar: New Cybersecurity Executive Order

Posted in Cybersecurity
     Recorded Webinar:New Cybersecurity Executive Order President Obama has declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America’s economic prosperity in the 21st century will depend on cybersecurity.” In an increasingly interconnected and interdependent world, the threats posed by … Continue Reading

Do Merchants That Outsource Payment Processing Still Have Risk From a Breach?

Posted in Data Breaches, Payment Card Industry
Last week a small New England bakery announced that its point-of-sale (POS) devices were infected with malware that may have put card data at risk.  The bakery’s letter to its customers stressed that it did not store card data on its computer systems, but the malware allowed an unauthorized person to gather card data as … Continue Reading

Proposed FFIEC Guidance on Financial Institution Social Media Use

Posted in Financial Privacy, Social Media
The Federal Financial Institutions Examination Council (FFIEC) released for comment on January 17 its proposed Social Media: Consumer Compliance Risk Management Guidance.  There is a 60-day comment period.  The purpose of the guidance is to help banks, savings associations, credit unions, and non-bank entities supervised by the Consumer Financial Protection Bureau (CFPB) understand and address … Continue Reading

2012 Payments Systems Year-in-Review

Posted in Payment Card Industry
The interchange fee and the potential of mobile payments were the dominant payment system issues in 2012.  From a landmark antitrust settlement to seemingly daily announcements of a new prepaid or mobile payment product, there was plenty of activity in 2012.  However, following opt-outs and objections to the settlement, the rise-and-fall of new products, and … Continue Reading

Recent Trends in Class Actions for Telephone and Fax Solicitation and Advertising

Posted in Privacy, Privacy Class Actions
Authorship Credit: Justin T. Winquist Editor’s Note: This post is a joint submission to BakerHostetler’s Class Action Lawsuit Defense blog. Class actions under the Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227, continue to be an active trend in consumer and privacy class action litigation. The TCPA, which was historically called the “fax blast” statute, … Continue Reading

Bank Agrees to Reimburse Company for Funds Taken Through Online Bank Account Theft

Posted in Financial Privacy
We reported in July on a First Circuit Court of Appeals decision finding that a bank failed to implement commercially reasonable security methods to prevent unauthorized transfers by a criminal that gained the online banking credentials of a construction company.  The criminal was able to steal $345,000 from the construction company’s account.  It was then reported on … Continue Reading

The NLRB Finds No Protected Activity Involved Where Employee is Fired for a Facebook Posting

Posted in Social Media
Authorship credit: Jay Seegers  Like many people, Robert Becker, a salesperson at Karl Knauz Motors’ BMW dealership in Chicago, had his own Facebook page. When the BMW dealership served hot dogs, chips, and bottled water at an event to introduce a new BMW vehicle, Mr. Becker posted sarcastic comments questioning whether the dealership’s choice of … Continue Reading

NLRB Decision Finds Social Media Provisions Unlawful

Posted in Social Media
Editor’s Note: This post is a joint submission to BakerHostetler’s Media Law Bytes & Pieces blog. Since June 2011, the Acting General Counsel (GC) of the National Labor Relations Board has issued three reports outlining the position of his office on the applicability of the National Labor Relations Act (NLRA) to employee policies that set rules for permissible … Continue Reading

Internet Banking Authentication Security Procedures Found Commercially Unreasonable

Posted in Financial Privacy, Identity Theft, Online Privacy
It is a common scenario—a company’s computer system becomes infected with some variant of the Zeus Trojan with a key logger that sends key strokes out to a command and control server operated by a criminal. The criminal searches the key strokes to find login credentials to that company’s Internet bank account, which are used … Continue Reading

The NLRA and Employee Surveillance: Avoiding the Temptations and Pitfalls of Social Media

Posted in Online Privacy, Social Media
Authorship Credit: Ellen J. Shadur The advent of social media and the prevalence of mobile communications devices challenge employers seeking to prevent unlawful conduct in the workplace.  Employees are no longer constrained by the need for physical proximity, or lack of access to a bulletin board, a telephone landline, or a fax machine.  Bullying and … Continue Reading

FBI Issues New Warning on Social Networking Risks

Posted in Online Privacy, Social Media
Businesses Vulnerable to Employees’ Social Networking Activity Authorship Credit: Greg Saikin The FBI has issued a fresh warning to all users of internet-based social networking, informing them that hackers—ranging from con artists to foreign government spies—are looking for every opportunity to exploit the users’ identifying and related personal information.  The FBI reports that these tactics … Continue Reading

Article: “What Can Management Do to Protect the Organization from Inappropriate Use of Social Media?”

Posted in Social Media
Baker Hostetler Partner Dan Guttman published “What Can Management Do to Protect the Organization from Inappropriate Use of Social Media?” in the winter 2012 issue of OHPELRA Update, the labor and employee relations trade publication covering all Ohio’s public employers. In the article, Mr. Guttman notes that although social media outlets, including Facebook and LinkedIn, provide … Continue Reading