NY SHIELD, NIST, data security
NY SHIELD Act and the Bevy of State Privacy Legislation to Come: Are You Prepared?
By Mark Paulding & Tatyana Ruderman on November 16, 2020
data security, digital media, privacy
InfoLawGroup is hiring!
By InfoLawGroup LLP on May 14, 2015
app developers, app store, Apps, COPPA, data security, FTC, information security, mobile apps, privacy
Recent International Study Reports Delinquencies in App Privacy Disclosures
By InfoLawGroup LLP on September 15, 2014
app developers, app store, Apps, data security, Federal Trade Commission, FTC, mobile apps, mobile payments, privacy
Mobile Apps: FTC Says Vague Privacy Policies and Lack of Terms a Problem
By Jamie Rubin on August 04, 2014
Breach, breach notification, California, data protection, data security, heartbleed, HIPAA, hipaa hitech, OpenSSL, passwords, Security, vulnerability
FAQs Concerning the Legal Implications of the Heartbleed Vulnerability
By InfoLawGroup LLP on April 14, 2014
cybersecurity, cybersecurity framework, data protection, data security, hacking, InfoLawGroup, information security, information security program, Paulding, Red Flags Rule, Segalis, smart grid, white house order
Cybersecurity Effort Moves Forward – NIST Issues Final Critical Infrastructure Cybersecurity Framework
By InfoLawGroup LLP on February 18, 2014
11th Circuit, causation, cognizable harm, damages, data breach, data security, Hannaford data breach payment card PCI DSS, identity the, motion to dismiss, motion to dismiss negligence security breach litigation standing injury-in-fact, negligence
Eleventh Circuit Rules "Damages" Properly Alleged in Data Breach-Identity Theft Lawsuit
By InfoLawGroup LLP on September 17, 2012
Boris Segalis, Breach, data security, FTC, information security program, Nihar Shah, NYSEG, privacy enforcement, PUC, SmartGrid, Utilities, vendor management
Data Breach at New York Utility Prompts Enforcement Action and Industry-Wide Data Security Review
By InfoLawGroup LLP on August 24, 2012
Blumethal, Breach, data security, InfoLawGroup, information law group, information security, Personal Data Protection and Breach Accountability Act, privacy, privacy legislation, Segalis
We Discuss Benefits of Federal Information Security Legislation on Fox
By InfoLawGroup LLP on September 14, 2011
Earlier this week we blogged about Senator Blumenthal's (D-CT) proposed Personal Data Protection and Breach Accountability Act of 2011. Today, InfoLawGroup partner Boris Segalis spoke on Fox Live about the advantages of federal information security legislation.
Boris Segalis, data protection, data security, FIPPs, InfoLawGroup, information law group, Korea, personal information, Personal Information Protection Act, PIPA, privacy, privacy legislation
Personal Data Protections Expand in Korea
By InfoLawGroup LLP on May 18, 2011
Mr. Kwang Hyun Ryoo, a partner at the Korean law firm of Bae, Kim & Lee LLC, is reporting in the firm's newsletter that on March 29, 2011, Korea enacted a comprehensive personal data protection law, entitled Personal Information Protection Act (PIPA). Most of the act's provisions will come into force on September 30, 2011.
Boris Segalis, Buzz, Consent Order, Consumer Protection, data protection, data security, Federal Trade Commission, FTC, FTC Act, Google, Google settlement, InfoLawGroup, information law group, information security, personal information, privacy, privacy assessment, privacy by design, privacy enforcement, risk assessment, Safe Harbor, social media, social network
FTC Takes a Big Step in Privacy Enforcement with Google Buzz Settlement
By InfoLawGroup LLP on April 06, 2011
The Google Buzz settlement that the Federal Trade Commission announced on March 30, 2011 is the latest in the line of the Commission's numerous Section 5 actions related to privacy and data security violations. The Google Buzz settlement, however, is unique in several important ways. The settlement represents (i) the first FTC settlement order has requires a company to implement a comprehensive privacy program to protect the privacy of consumers' information, and (ii) the Commission's first substantive U.S.-EU Safe Harbor framework enforcement action. Let's dive in (make sure to read the "Action Item" at the conclusion of the post!).
cyber security, data security, Department of the Energy, InfoLawGroup, information law group, information security, personal information, privacy, smart grid
U.S. Department of Energy Takes on Smart Grid Security
By InfoLawGroup LLP on February 03, 2011
On February 1, 2011, the Department of Energy announced the launch of the Cyber Security Initiative to develop cyber security risk management process guidelines for the electric grid. The Department's Office of Electricity Delivery and Energy Reliability will lead the effort in collaboration with the National Institute of Standards and Technology and the North American Electric Reliability Corporation.
cloud computing, compliance, data security, hot topics, KUCI, Legislation, Mari Frank, privacy, Privacy Piracy
Please Tune In Monday, January 31, 2011
By InfoLawGroup LLP on January 12, 2011
I hope you will tune in Monday, January 31, 2011, 8-9 am Pacific (11-12 Eastern), to Privacy Piracy, audio streaming on www.kuci.org (or locally in Southern California on KUCI 88.9 FM in Irvine, CA). Mari Frank will interview me on hot topics in information law and compliance.
data destruction, data security, e-waste, New York
New York's Electronic Equipment Recycling and Reuse Act
By InfoLawGroup LLP on September 01, 2010
Manufacturers that fail to comply with the data security notification requirements may receive a civil penalty of up to $1,000 for a first violation; up to $2,500 for a second violation; and up to $5,000 for the third and any following violations within a 12-month period.
accuracy, bill, consent, data, data accuracy, data integrity, data security, integrity, measures, notice, privacy, privacy notice, Regulations, Security, security measures
FAQ on the "BEST PRACTICES Act" - Part Two
By InfoLawGroup LLP on August 04, 2010
We recently published the first part of our FAQ series on Congressman Bobby Rush's new data privacy bill known as "Building Effective Strategies to Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act (a.k.a. "BEST PRACTICES Act" or "Act"). In Part One we looked at some of the key definitions and requirements concerning transparency, notice and individual choice, mandates around accuracy, access and dispute resolution, and finally data security and data minimization requirements under the Act. Part Two will focus on the "Safe Harbor" outlined in the Act, various exemptions for de-identified information and application and enforcement.
bill, consent, data accuracy, data integrity, data security, notice, privacy, privacy notice, Regulation, Security, security measures
FAQ on the "BEST PRACTICES Act" - Part One
By InfoLawGroup LLP on July 22, 2010
Congressman Bobby Rush has introduced a new data privacy bill to Congress known as the "Building Effective Strategies to Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards" Act (a.k.a. "BEST PRACTICES Act" or "Act").We have put together a summary of the Act in "FAQ" format. In Part One we look at some of the key definitions, requirements concerning transparency, notice and individual choice, mandates around accuracy, access and dispute resolution, and finally data security and data minimization requirements under the Act. Part Two will focus on the "Safe Harbor" outlined in the Act, various exemptions for deidentified information, and provisions concerning the application and enforcement of the Act.
Breach, call center, credit monitoring, cyber insurance, data security, insurance, notification
Insurers Deny Coverage for Breach Notice Costs (and why companies should consider cyber insurance coverage and why brokers should offer it)
By InfoLawGroup LLP on June 10, 2010
It was recently reported that an insurance carrier (Colorado Casualty Insurance Co.) denied coverage (and filed a lawsuit) for the $3.3 million in costs the University of Utah incurred to provide notice of a security breach involving the records of 1.7 million patients from the University's hospitals. You can find a copy of Colorado Casualty's declaratory judgment action complaint here. The University also filed its own counter claim, cross-claim and third party claim. As discussed further below, the University's cross-claim is against Perpetual Storage (the service provider that allegedly lost the data) and its third party claim is against Perpetual Storage's insurance broker (the broker that placed the insurance coverage with Colorado Casualty).
compliance, contract management, data protection, data security, information governance, information security, management, pia, privacy, privacy audit, privacy governance, privacy impact assessment, procurement, risk management, security governance, standards
Information Governance
By W. Scott Blackmer on May 06, 2010
Security governance is often well established in large organizations, but privacy governance typically lags. It is time for a broader approach to "information governance" that focusses on the kinds of sensitive data handled by the enterprise and establishes policies to assure compliance and effective risk management, as well as better customer, employee, government, and business relations.
Breach, data security, HB 1149, notification, PCI DSS, plastic card security act, Regulation
FAQ on Washington State's PCI Law
By InfoLawGroup LLP on March 24, 2010
Accountability, Act, and, Breach, breach notification, brokers, Congress, data, Data Accountability and Trust Act, Data Privacy Law or Regulation, data security, H-R-2221, information, information brokers, Law, notification, or, privacy, Regulation, Security, Trust
The Breach Notification Obligations in the Data Accountability and Trust Act
By InfoLawGroup LLP on February 22, 2010
