PRIVACY AND DATA SECURITY IN THE TRUMP ERA: HOW TO TALK TO THE FBI AND YOUR IT DEPARTMENT IN A DATA BREACH (MAY 24, 2017): Effectively responding to a data breach requires clear communication with a web of internal and external groups. Two important groups are law enforcement and a company’s internal IT department. With the help of an FBI agent and an IT professional, this seminar will explore how to effectively work with these two groups to address a breach. Wednesday, May 24, 2017 11:30 AM - 1:00 PM. Register here.
Recently the state of New Mexico enacted the Data Breach Notification Act, making it the 48th state in the United States to enact a statute requiring notice to individuals impacted by a data breach. In doing so, New Mexico follows some trends we've been predicting at the state level. These trends include covering encrypted data in the definition of personal information if the encryption key is accessed as well, and – importantly – requiring that companies engage in reasonable security measures to protect personal information in their possession. New Mexico also joins a handful of ...
By Bill Butler
In August 2016, the Federal Trade Commission (“FTC”) addressed the effect of the Cybersecurity Framework (“NIST Framework”) issued by the National Institute of Standards and Technology on FTC enforcement actions under Section 5 of the FTC Act. While there have been few enforcement actions to gauge the actual impact of the NIST Framework, the FTC’s recent public comment on the National Telecommunications and Information Administration’s (“NTIA”) proposed “coordinated vulnerability disclosure” template (“Template”) further ...
We don’t see a lot of data breach litigation here in the Fourth Circuit, so it is notable that the Fourth Circuit Court of Appeals issued an opinion recently that weighs in on the standing debate (For more on the debate: Constitutional Standing Provides Fertile Battleground In Data Breach Litigation). In Beck v. McDonald, the plaintiffs in two consolidated cases sought to establish Article III standing based on the harm from embarrassment, mental distress, inconvenience, the increased risk of future identity theft and the cost of measures to protect against it after (i) a ...
By Tandy Mathis, Elena Mitchell, and Mindy Vervais
Did you know that if you’ve taken a New York City taxi since 2009, your pick-up and drop-off locations were recorded and published (through June of 2016) on the internet for anyone to find? Now, New York City officials want ride-sharing companies like Uber and Lyft to start providing drop-off and pick-up location data, too.
The New York City Taxi and Limousine Commission, or TLC, currently collects all kinds of trip data from New York City taxis—including pick-up and drop-off dates and times, coordinates of the start and end ...
Saturday January 28, 2017 is Data Privacy Day. The Moore & Van Allen Privacy and Data Security group took a break from the pre-holiday revelries to put together some thoughts and tips for DataPoints. So hoist a glass and enjoy this read, and try not to ponder too long the irony that Data Privacy Day falls on the same day as China’s New Year’s celebration. Cheers!
- Update vendor contracts. Make sure that contracts include required data security and privacy requirements. Some older laws and regulations already impose specific data security and privacy standards for certain industries ...
A professional football team clinches their playoff spot in an upset game, then hits the locker room for a celebration and an inspirational pep talk from their winning coach. The perfect application for livestreaming, one might think. Opening a window into this mysterious world for all the rest of us to see and experience. Not so fast.
After the Pittsburgh Steelers upset the Kansas City Chiefs in the AFC playoff game on January 15, Steelers wide receiver Antonio Brown invited the world into the Steelers’ locker room to join in the celebration through Facebook ...
A common and understandable concern of companies that suffer a data breach is whether the victims can sue the company. It is tempting to assume that the victims won’t sue if they do not suffer identity theft or monetary loss through misuse of the data. Not all victims, or courts, agree. As a result, standing, a constitutional prerequisite to bringing a lawsuit in federal court that is most often conceded rather than litigated, has become a focal point in data breach litigation where “risk of future harm,” rather than actual misuse of data, forms the basis of the victims’ claims.
To ...
On November 10th, the Eleventh Circuit Court of Appeals handed an embarrassing defeat to the Federal Trade Commission and an early Christmas present to LabMD, Inc. in the ongoing David and Goliath battle between the government agency and the new-defunct clinical lab.
What Happened?
It’s not easy to explain in a blog entry the complex backstory leading up to LabMD’s recent win, but here goes:
Over a thirteen year period (until it ceased business in 2014), LabMD operated a clinical laboratory that performed tests on patient specimen samples. As part of its operations, LabMD had ...
By Leslie Pedernales
The upcoming presidential election between two larger-than-life characters, each capable of stirring intense emotional reactions from both sides, is sure to produce some spirited debate around the water cooler this fall. Many employees mistakenly assume that their expression of political speech (including nonverbal expression such as buttons or signs) is protected by the First Amendment of the U.S. Constitution. However, it might surprise you to learn that employers generally have the right to regulate employee political speech – the level of that ...
About Data Points: Privacy & Data Security Blog
The technology and regulatory landscape is rapidly changing, thus impacting the manner in which companies across all industries operate, specifically in the ways they collect, use and secure confidential data. We provide transparent and cutting-edge insight on critical issues and dynamics. Our team informs business decision-makers about the information they must protect, and what to do if/when security is breached.