Data Privacy Monitor

Data Privacy Monitor

Commentary on Data Privacy & Information Security Subjects

Category Archives: Information Security

Subscribe to Information Security RSS Feed

Iowa Breach Notification Law Now Requires AG Notification, Applies to Paper Records

Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Identity Theft, Information Security
Iowa recently joined an increasing number of states that require notification of state regulatory authorities following a breach, as well as a handful of states in which paper records can trigger notification obligations.  On April 3, 2014, Iowa Governor Terry Branstad signed S.F. 2259 into law, amending Iowa’s Personal Information Security Breach Protection statute (Iowa … Continue Reading

Kentucky Enacts Data Breach Notification Statute

Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Education, Information Security, Privacy
On April 10, 2014, Kentucky Governor Steve Beshear signed H.B. 232 into law, making Kentucky the 47th state to enact data breach notification legislation.  Prior to H.B. 232, Kentucky was one of only four states—including Alabama, New Mexico, and South Dakota—that had not adopted data breach notification legislation.  H.B. 232 also includes a separate section … Continue Reading

Privacy Law in a Nutshell

Posted in Cybersecurity, Federal Legislation, Information Security, International Privacy Law, Marketing, Privacy
BakerHostetler Privacy and Data Protection Partner Erica Gann Kitaev is a co-author of the recently published Privacy Law in a Nutshell, Second Edition, through West Academic Publishing. Legal issues related to privacy are exploding in the U.S., and virtually all businesses face privacy considerations, particularly as technology and the law evolves.  The Privacy Nutshell is … Continue Reading

BakerHostetler adds Privacy and Security Pro Randy Gainer to Privacy and Data Protection Team

Posted in Information Security
BakerHostetler is proud to announce that Randy Gainer has joined the firm as partner, resident in the Seattle office and practicing in the Intellectual Property Group, and as a key member of the Privacy and Data Protection team. Gainer’s practice focuses on data breach response, compliance counsel and risk assessment, and computer-related litigation involving intellectual … Continue Reading

Moving Towards a Global Harmonized Approach to Cross-Border Data Transfers?

Posted in Information Governance, Information Security, International Privacy Law, Online Data Tracking, Online Privacy, Privacy
Today, data can be transferred around the world instantaneously, making the global marketplace seem almost borderless.  As any multinational company knows, however, compliance with each country’s data transfer and privacy laws can be onerous.  As the U.S. contemplates data protection legislation, the FTC last week announced a joint initiative with agency officials from the European … Continue Reading

Governing Big Data

Posted in Cybersecurity, HIPAA/HITECH, Information Governance, Information Security, Privacy, Uncategorized
Sources and volumes of data are growing exponentially.  Website clicks, social media, sensors, and card swipers are generating massive amounts of data every second.  More and more enterprises are beginning to collect and utilize this Big Data for all kinds of purposes, including improved business intelligence, targeted marketing and fraud detection.  With so much attention … Continue Reading

Information Governance – The importance of putting your data house in order

Posted in Information Security
This blog post is a joint submission with BakerHostetler’s Discovery Advocate blog. Information is the lifeblood of businesses today. As the volume of data continues to grow exponentially, intelligent governance of information is essential for enterprises to survive and thrive. Data security concerns, privacy, compliance requirements and the costs of ediscovery all militate toward implementation … Continue Reading

HHS Office of Civil Rights Hosts Webinar on Final Rule

Posted in HIPAA/HITECH, Information Security, Medical Privacy, Mobile Privacy, Online Privacy
Today, the Department of Health and Human Services, Office of Civil Rights (OCR), joined with the Workgroup for Electronic Data Interchange and hosted an online seminar discussing HITECH requirements in the new Final Rule. The presentations covered many points about the Final Rule previously outlined on this blog (see here, here, and here). Rachel Seeger, … Continue Reading

FTC Databook Highlights Consumer Fraud

Posted in Cybersecurity, Identity Theft, Information Security, Online Privacy
The FTC last week announced the release of the Consumer Sentinel Network Databook for January – December 2012.  The “Consumer Sentinel Network” is the FTC’s platform for law enforcement collaboration on issues affecting consumers. The program collects data from a wide range of sources, providing a comprehensive, nationwide picture of consumer complaints. Given the possible existence … Continue Reading

Reading This Might Just Preserve Your Identity and Reputation

Posted in Identity Theft, Information Security, Online Privacy
Authorship Credit: Dave Taylor, Director, Information Technology, Baker & Hostetler LLP We are seeing a dramatic increase in spam and email phishing schemes once again.  These schemes have become very sophisticated in their ability to mimic the multitudes of legitimate on-line transactions that occur every day.  Please consider the following when reading and reacting to … Continue Reading

Republican Alternative Cybersecurity Bill Introduced In Senate

Posted in Federal Legislation, Information Security
Today eight Republican Senators – all Ranking Members of various committees – introduced the SECURE IT Act, S. 2151, their alternative cybersecurity bill to the bipartisan Cybersecurity Act, S. 2105, introduced two weeks ago.  In remarks on the Senate floor this afternoon, Sen. Kay Bailey Hutchison, Ranking Member of the Senate Committee on Commerce, Science, and Transportation, … Continue Reading

Bipartisan Senate Cybersecurity Bill Introduced Amid Partisan Opposition

Posted in Federal Legislation, Information Security
The Cybersecurity Act of 2012, S. 2105, was introduced yesterday by Senators Joe Lieberman (I-VT), Susan Collins (R-ME), Diane Feinstein (D-CA), and John Rockefeller (D-WV). Here are links to the: Bill Summary of the Cybersecurity Act of 2012 Section-by-Section Description of the Cybersecurity Act of 2012 It immediately drew opposition from seven Republican Ranking Members, who … Continue Reading

Third Circuit Sustains “Data Collection Provision” of NJ’s Unclaimed Property Law

Posted in Information Security, Miscellaneous, Payment Card Industry
The Third Circuit recently affirmed a district court’s decision refusing to enjoin an amendment to the New Jersey Unclaimed Property Act (the “Act”) which requires issuers of stored value cards (“SVCs”) to obtain the name and address of purchasers of SVCs and to maintain a record of the zip code of each purchases.  New Jersey Retail … Continue Reading

Senate Cyber Security Bill Due Out This Week; Floor Action Not Likely Until March

Posted in Cybersecurity, Federal Legislation, Information Security
Odds are good that legislation to address online threats to the nation’s critical infrastructure assets will finally be released this week, but real action on it won’t take place until March: The Homeland Security and Government Affairs Committee, chaired by Joe Lieberman (I-CT), has scheduled a hearing on the ‘Cybersecurity Act of 2012’ for Thursday … Continue Reading

Will Facebook’s IPO Cybersecurity Disclosures Set the Tone Under SEC’s New Guidance?

Posted in Cybersecurity, Data Breach Notification Laws, Information Security
Facebook filed its long-awaited Form S-1 with the SEC on February 1.  Given the nature of its business, concerns regarding data privacy were peppered throughout the filing.  While other business risk factors may be paramount (e.g., reliance on Zynga, slowing growth, etc.), data privacy has been and will continue to be an important issue for … Continue Reading

All Contracts with Vendors Who Handle Personal Information of Massachusetts Residents Must Have Appropriate Safeguards in Place by March 1, 2012

Posted in Enforcement, Information Security
Regulators are focusing more and more on how responsible organizations are when engaging third-party vendors.  HIPAA has in place requirements for engaging business associates.  The Connecticut Department of Insurance has requirements for reporting breaches caused by vendors.  And, the Massachusetts Attorney General, through the Data Security Regulations, requires oversight of third-party service providers.  This is … Continue Reading

Privacy and Data Breach Regulatory Activity–A Year in Review

Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Enforcement, HIPAA/HITECH, Identity Theft, Information Security, Medical Privacy, Online Privacy, Payment Card Industry, Privacy
While plaintiffs continue to face an uphill battle proving damages in privacy litigation – regulatory actions and investigations seem to be increasing.  During 2011, we saw activity from many government agencies—both state and federal—including the Federal Trade Commission (FTC), Department of Education (DOE), Department of Health and Human Services (HHS) Office for Civil Rights (OCR), … Continue Reading

MMA Releases Mobile Application Privacy Policy

Posted in Behavioral Advertising, Information Security, Privacy
On October 17, in furtherance of their continued support for self-regulation of online behavioral advertising, the Mobile Marketing Association released the MMA Mobile Application Privacy Policy for public comment.  The policy is intended to spark self-regulation of privacy and data processing of mobile applications.  The policy was created with the input of a committee of market … Continue Reading

SEC Provides Guidance on Cybersecurity Disclosure Obligations

Posted in Cybersecurity, Data Breaches, Information Security
The SEC released a guidance document on October 13, 2011, which set forth the views of the Division of Corporation Finance regarding disclosure obligations relating to cybersecurity risks and incidents.  Even though there is no disclosure requirement specific to cybersecurity risks and incidents, information about such incidents and their effects may need to be disclosed … Continue Reading

Can Big Data Analytics Help Prevent the Next Operation Shady RAT?

Posted in Cloud Computing, Information Security
On July 28, 2011, McAfee released a white paper (reg. req’d.) detailing its investigation of a targeted intrusion into more than 70 companies and government organizations over the past five years by an APT—an attack McAfee called Operation Shady RAT.  By gaining access to a command and control server that was used in the attacks, … Continue Reading

Hackers Are Using Compromised Personal Information to Further Hacking Schemes

Posted in Identity Theft, Information Security
In talking to friends and clients, we are seeing a recent upsurge in attacks by hackers who appear to have access to compromised personal information and are using that information to further hacking schemes.  We are sharing the facts of two recent attacks so that you can be on the lookout for these hacking techniques. 1.  An individual reported receiving an authentic looking email … Continue Reading