Cybersecurity News & Notes – August 8, 2016

In Case You Missed It:  In a sign of the growing importance of cyber operations in warfare, the Obama administration plans to elevate the status of the Pentagon’s Cyber Command.  The U.S. Cyber Command, or USCYBERCOM, was created on June 23, 2009.  Its stated mission is to, among other things, “conduct full spectrum military cyberspace operations” to “ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.”  Currently, it is a “sub-unified combatant command.”  The plan by the Obama administration is, according to reports, to make it a “’unified command,’ equal to combat branches… More

Cybersecurity News and Notes – August 1

In Case You Missed It:  The Federal Trade Commission issued an opinion in the LabMD case, overturning an ALJ’s November 2015 decision holding that the FTC failed to meet its burden to prove that LabMD’s data security practices caused or were likely to cause substantial consumer injury.  (See this blog’s previous coverage of that decision here.)  The FTC’s complaint against the company concerned two different data privacy incidents that allegedly affected over 10,000 consumers.  Notably, in overturning the ALJ’s decision, the Commissioners were clear in their view that the FTC’s power to enforce its Section 5 authority (over… More

Article 29 Working Party on the EU-US Privacy Shield: A Number of Concerns Remain But Let’s See How It Works

Article 29 Working Party on the EU-US Privacy Shield:

The EU’s Article 29 Working Party analyzed the final version of the Privacy Shield and issued a statement on July 26, 2016.  What does this mean?

Recap: Where are we and how did we get here?

On February 29, 2016, the European Commission issued a draft adequacy decision reflecting the outcome of its negotiations with US authorities in relation to the Privacy Shield, which is designed to replace the invalidated Safe Harbor for personal data transferred from the EU to the US. The draft Shield was submitted to various… More

Guest Podcast: Europe’s New General Data Protection Regulation–What Is It and Are You Ready for It?

Are you looking for an introduction to the European Union’s General Data Protection Regulation (GDPR)?  To find out when and how it’s going to impact you and your organization, listen to this quick 10 minute podcast with, Deborah Hurley. Deborah is an adjunct professor of the practice of computer science at Brown University, fellow at the Institute for Quantitative Social Science at Harvard University, and principal at Hurley Consulting.

Cybersecurity News and Notes – July 25, 2016

In Case You Missed It: U.S. Major party platforms address cybersecurity.  The two major parties have released their 2016 election platforms, both of which include cybersecurity planks.  The Republican platform’s perspective of cybersecurity is an element of national security and international relations. The platform called for harsh responses to cyber-attacks against American businesses, institutions, and government, applauded the Cybersecurity Information Sharing Act of 2015, and pledged to “explore the possibility of a free market for Cyber-Insurance.” The Democratic platform is largely as a continuation of President Obama’s cybersecurity policies. It promises to “build on the Obama… More

HHS OCR Guidance on Ransomware Attacks: They Constitute a “Security Incident” and Are Likely a Data Breach

On July 11, 2016, the HHS Office of Civil Rights (OCR) released guidance on HIPAA covered entities’ responsibilities in a ransomware attack, a type of cyber-attack that has targeted the health care sector extensively in recent months. This guidance comes in the wake of a June 20, 2016 “Dear Colleague” letter from HHS Secretary Sylvia Burwell highlighting ransomware issues. The most notable of OCR’s statements is that ransomware attacks often constitute breaches subject to the HIPAA Breach Notification Rule.

Ransomware as Security Incident

OCR’s guidance states that the presence of ransomware on a covered entity’s or business… More

Cybersecurity News & Notes – July 19, 2016

In Case You Missed It: Court certifies class in suit against Apple. On July 15, 2016, U.S. District Judge Jon S. Tigar certified a class of users of the mobile app Path, who allege that Apple facilitated the app’s access their contacts without their knowledge.  In the same decision, Judge Tigar denied certification to a proposed class of consumers who downloaded the app, but never had their contacts uploaded.  Apple and Path are just two defendants named in a consolidated suit relating to questions concerning whether Apple’s mobile operating system, iOS, unlawfully uploads and disseminates users’ personal information (e.g.,… More

Law360: Pokemon Go Developer Wades Into Privacy Minefield

This post originally appeared in Law360. Written by Allison Grande. Edited by Philip Shea and Brian Baresch

The rapid rise of the hit smartphone game “Pokemon Go” has opened the developer of the app up to heavy scrutiny from regulators and users, who may end up wielding a variety of privacy and consumer protection laws to address concerns over the type and quantity of data being collected.

Although it is barely a week old, the augmented-reality app has taken the smartphone world by storm, having been downloaded nearly 10 million times in the U.S., sending the stock of collaborator… More

At Long Last, US-EU Privacy Shield Adopted By EU Member States

Key takeaways:

The Privacy Shield will now go into effect. The preliminary start date for companies to be certified under the Privacy Shield is August 1, 2016. Expect more challenges to the Privacy Shield before all is said and done.

The Details:

Following the invalidation of the US-EU Safe Harbor by the European Court of Justice in the Schrems case, the European Commission negotiated with the US a new scheme called the Privacy Shield. The first draft was issued in February and submitted to the Article 29 Working Party, which gave its opinion on April 13, 2016. The EU… More

Pokémon Go Catches More Than It Bargained For

Pikachu figure characterThe recently-released Pokémon Go has quickly emerged as a cultural phenomenon, with legions of players using their phones to “catch” Pokémon that emerge all around them, visible (thankfully) only to players.  While catching Pokémon by phone is far less cumbersome than collecting boxes upon boxes of Pokémon cards, as some of us did in the early aughts, it does come with its own set of pitfalls.  Specifically, users have learned that Niantic, the… More