Data Privacy Monitor

Data Privacy Monitor

Commentary on Data Privacy & Information Security Subjects

Category Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

What’s on the Horizon in the Golden State?

Posted in Breach Notification, Cybersecurity, Data Breach Notification Laws, Marketing, Online Privacy
As we near the turn of the year into 2015, organizations should keep an eye on laws taking effect on the West Coast. This year, the crop of new privacy statutes includes a few without precedent anywhere in the country. The focus? Kids and security. Following are a few examples of new California laws taking … Continue Reading

Managing Your Health Information Risks Should Not Begin After a Breach Is Reported

Posted in Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. Our attorneys have written about specific examples of those services. Healthcare is plagued by a high frequency of reported breaches. Although they are often caused by employees making mistakes, such as misdirecting a fax or losing a thumb drive, we are seeing more and … Continue Reading

Cross-Border Data Transfers: Cutting Through the Complexity

Posted in Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. With the rise of the global economy and the reach of the Internet, many businesses now have customers and data from around the world, if not offices and employees in … Continue Reading

CFTC Chairman Provides Guidance on Cybersecurity

Posted in Cybersecurity
On November 5, 2014, the Chairman of the Commodity Futures Trading Commission, Timothy G. Massad, gave keynote remarks at the Futures Industry Association Expo 2014. Part of Chairman Massad’s remarks focused on the importance and oversight of cybersecurity and business continuity disaster recovery for the financial institutions, exchanges, and markets that the Commission regulates. Specifically, … Continue Reading

HHS Provides Guidance on HIPAA Privacy in Emergency Situations Such as Ebola

Posted in Cybersecurity, HIPAA/HITECH
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. In the wake of the recent Ebola outbreak, the U.S. Department of Health and Human Services (“HHS”) has issued a guidance on how the Health Insurance Portability and Accountability Act … Continue Reading

To Avoid Claims, Assess Privacy Impacts of Marketing and CRM

Posted in Big Data, Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. Big data and the interactivity of digital marketing are powerful tools for marketers, but consumer data protection laws have evolved in recent years, resulting in new and heightened compliance and … Continue Reading

Big Data Changes the Deal: Information Governance Should Now Be Incorporated Into Due Diligence for Corporate Transactions

Posted in Big Data, Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. The past few years have witnessed the unprecedented rise of Big Data. Fully 90 percent of today’s data was created over just the past two years. Businesses now double the … Continue Reading

Data Security Risk Assessments

Posted in Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. BakerHostetler lawyers have helped hundreds of businesses and other organizations respond to security incidents each year, many of which lead to regulatory investigations, class action lawsuits, or both. We see … Continue Reading

Vendor Contract Review and Cyber Risk Mitigation: How to Keep it Drama Free

Posted in Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. Vendor contract review—what does that mean to you? Does it bring back bad memories? A last minute scramble to close a deal? Capitulating to oppressive limits on liability to meet … Continue Reading

Building Relationships with Your Regulators

Posted in Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. One of the last recommendations clients like to hear from their lawyer is, “Let’s call the regulators.” Building relationships with regulators when it comes to privacy and security issues … Continue Reading

Cyber Risk Mitigation is a Year-Round Job

Posted in Cybersecurity
We enjoy the focus on cybersecurity in October as part of National Cybersecurity Awareness Month, but the risks and threats are continuous. Our Privacy and Data Protection team is excited to debut a new graphic that illustrates the proactive cyber risk mitigation and compliance services we provide to help organizations maintain year-round focus and diligence. … Continue Reading

FCC Plans $10 Million Cybersecurity Fine Against Two Telecoms

Posted in Cybersecurity
On October 24, 2014, the Federal Communication Commission (“FCC”) took a big step into the cybersecurity regulatory space when it announced its intent to assess a $10 million fine against two telecoms, TerraCom and YourTel America (“Companies”), for failing to protect the privacy of personal information the Companies collected from consumers. According to the FCC, … Continue Reading

How to Respond to SEC Inquiries Concerning Data Breach and Data Security Policies

Posted in Cybersecurity, Data Breaches, Enforcement
Every company, whether public or private, has exposure to potential data breach or theft of confidential information. When this occurs, various state and federal regulatory organizations have jurisdiction over ensuring that there is prompt, corrective, and remedial action taken by the company whose systems have been compromised. Much of the focus of articles and commentary … Continue Reading

California Continues to Regulate Privacy and Advertising to Minors in New Law Regulating School-related Online Services

Posted in Cybersecurity, Education, Enforcement
On September 29, 2014, California Governor Jerry Brown signed SB 1177 into law, effective Jan 1, 2015.  See Governor Brown Issues Legislative Update.  The new privacy and advertising regulation goes beyond FERPA, the federal student privacy law, and existing state student privacy laws that govern schools and requires them to obtain privacy protections for student … Continue Reading

New Guidance for Merchants on Ensuring that Service Providers Share Security Responsibility

Posted in Credit Card, Cybersecurity, Information Security
For merchants, long gone are the days of using a card reader with a dial-up connection to their payment processor. Today’s omni-channel retailers rely on multiple third party service providers to complete payment card transactions. These third parties—call center operators, payment gateways, loyalty solution providers, managed security services, data-center hosts, mobile app developers, and fraud … Continue Reading

Major Transformation in Cyber-Liability Insurance is Underway

Posted in Cybersecurity, Hacking, Insurance
Editor’s Note: the following blog post was authored by Ben Beeson from Lockton Companies LLC In the beginning The emergence of the Internet as a business platform at the end of the nineties also announced the arrival of new risks to organizations. In those early days, there was a widely held belief that the primary concern was operational, … Continue Reading

Broker-Dealers and Investment Advisers Now Targeted by Both Cyber Intruders and SEC Cybersecurity Examiners

Posted in Cybersecurity, Data Brokers
The following BakerHostetler Executive Alert was authored by: Andrew W. Reich and Jonathan A. Forman Cybersecurity has increasingly become a critical issue for all types of businesses, few more so than broker-dealers, investment advisers and others in the financial sector. The cyber threat is much broader than customer data privacy as addressed by the Securities … Continue Reading

Privacy Law in a Nutshell

Posted in Cybersecurity, Federal Legislation, Information Security, International Privacy Law, Marketing, Privacy
BakerHostetler Privacy and Data Protection Partner Erica Gann Kitaev is a co-author of the recently published Privacy Law in a Nutshell, Second Edition, through West Academic Publishing. Legal issues related to privacy are exploding in the U.S., and virtually all businesses face privacy considerations, particularly as technology and the law evolves.  The Privacy Nutshell is … Continue Reading

Governing Big Data

Posted in Cybersecurity, HIPAA/HITECH, Information Governance, Information Security, Privacy, Uncategorized
Sources and volumes of data are growing exponentially.  Website clicks, social media, sensors, and card swipers are generating massive amounts of data every second.  More and more enterprises are beginning to collect and utilize this Big Data for all kinds of purposes, including improved business intelligence, targeted marketing and fraud detection.  With so much attention … Continue Reading

Webinar Recording – Implementation of the Cybersecurity Executive Order

Posted in Cybersecurity
In issuing the Cybersecurity Executive Order last February, President Obama declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America’s economic prosperity in the 21st century will depend on cybersecurity.” Now, important benchmarks in implementing this Executive Order have been reached. … Continue Reading

New DoD Rule Promotes Voluntary Sharing of Cyber-Security Threat Information Between DoD and Defense Contractors

Posted in Cybersecurity
Co-authored by: Alan Pate On October 22, 2013, the Department of Defense (DoD) published its Final Rule establishing a program for promoting voluntary sharing of cyber threat information between the DoD and government contractors. The DoD intends this information sharing program to “enhance and supplement” participating defense contractors’ capabilities to safeguard DoD information.  Unlike failed … Continue Reading