Data Points: Privacy & Data Security Blog

Recently the state of New Mexico enacted the Data Breach Notification Act, making it the 48th state in the United States to enact a statute requiring notice to individuals impacted by a data breach. In doing so, New Mexico follows some trends we've been predicting at the state level.  These trends include covering encrypted data in the definition of personal information if the encryption key is accessed as well, and – importantly – requiring that companies engage in reasonable security measures to protect personal information in their possession. New Mexico also joins a handful of ...

By Bill Butler

In August 2016, the Federal Trade Commission (“FTC”) addressed the effect of the Cybersecurity Framework (“NIST Framework”) issued by the National Institute of Standards and Technology on FTC enforcement actions under Section 5 of the FTC Act.  While there have been few enforcement actions to gauge the actual impact of the NIST Framework, the FTC’s recent public comment on the National Telecommunications and Information Administration’s (“NTIA”) proposed “coordinated vulnerability disclosure” template (“Template”) further ...

We don’t see a lot of data breach litigation here in the Fourth Circuit, so it is notable that the Fourth Circuit Court of Appeals issued an opinion recently that weighs in on the standing debate (For more on the debate: Constitutional Standing Provides Fertile Battleground In Data Breach Litigation). In Beck v. McDonald, the plaintiffs in two consolidated cases sought to establish Article III standing based on the harm from embarrassment, mental distress, inconvenience, the increased risk of future identity theft and the cost of measures to protect against it after (i) a ...

By Tandy Mathis, Elena Mitchell, and Mindy Vervais

Did you know that if you’ve taken a New York City taxi since 2009, your pick-up and drop-off locations were recorded and published (through June of 2016) on the internet for anyone to find? Now, New York City officials want ride-sharing companies like Uber and Lyft to start providing drop-off and pick-up location data, too.

The New York City Taxi and Limousine Commission, or TLC, currently collects all kinds of trip data from New York City taxis—including pick-up and drop-off dates and times, coordinates of the start and end ...

Saturday January 28, 2017 is Data Privacy Day.  The Moore & Van Allen Privacy and Data Security group took a break from the pre-holiday revelries to put together some thoughts and tips for DataPoints.  So hoist a glass and enjoy this read, and try not to ponder too long the irony that Data Privacy Day falls on the same day as China’s New Year’s celebration.  Cheers!

• Update vendor contracts. Make sure that contracts include required data security and privacy requirements. Some older laws and regulations already impose specific data security and privacy standards for certain industries ...

By Leslie Pedernales

A professional football team clinches their playoff spot in an upset game, then hits the locker room for a celebration and an inspirational pep talk from their winning coach.  The perfect application for livestreaming, one might think.  Opening a window into this mysterious world for all the rest of us to see and experience.  Not so fast.

After the Pittsburgh Steelers upset the Kansas City Chiefs in the AFC playoff game on January 15, Steelers wide receiver Antonio Brown invited the world into the Steelers’ locker room to join in the celebration through Facebook ...

A common and understandable concern of companies that suffer a data breach is whether the victims can sue the company.  It is tempting to assume that the victims won’t sue if they do not suffer identity theft or monetary loss through misuse of the data.  Not all victims, or courts, agree.  As a result, standing, a constitutional prerequisite to bringing a lawsuit in federal court that is most often conceded rather than litigated, has become a focal point in data breach litigation where “risk of future harm,” rather than actual misuse of data, forms the basis of the victims’ claims.

To ...

On November 10^th, the Eleventh Circuit Court of Appeals handed an embarrassing defeat to the Federal Trade Commission and an early Christmas present to LabMD, Inc. in the ongoing David and Goliath battle between the government agency and the new-defunct clinical lab.

What Happened?

It’s not easy to explain in a blog entry the complex backstory leading up to LabMD’s recent win, but here goes:

Over a thirteen year period (until it ceased business in 2014), LabMD operated a clinical laboratory that performed tests on patient specimen samples.  As part of its operations, LabMD had ...

By Leslie Pedernales

The upcoming presidential election between two larger-than-life characters, each capable of stirring intense emotional reactions from both sides, is sure to produce some spirited debate around the water cooler this fall.  Many employees mistakenly assume that their expression of political speech (including nonverbal expression such as buttons or signs) is protected by the First Amendment of the U.S. Constitution.  However, it might surprise you to learn that employers generally have the right to regulate employee political speech – the level of that ...