Partner Colin Zick Discusses the Obamacare Enrollment Data Breach with Bloomberg Law

Article by James Swann

A recent hack of Obamacare enrollment records might result in a full-blown privacy investigation of the government agency that is responsible for the federal health-care exchange and serve as a wake-up call to the government.

The aftermath of the breach may be even more troubling than the breach itself, Colin Zick, with Foley Hoag in Boston, told Bloomberg Law.… More

Happy 10th Anniversary, Security, Privacy and the Law!

Ten years ago today, on October 23, 2008, we posted our first blog entry on Security, Privacy and the Law.  Since then, we have over 650 posts, on subjects ranging from FTC Red Flags to blockchain.  We want to thank our many authors, and our many readers, and we look forward to another 10 years — I’m sure there will be plenty to write about! More

Tech Industry & Consumer Advocates Share Support for Federal Data-Privacy Legislation, Differ on the Details

In late September and early October, the Senate Commerce Committee held a pair of hearings with tech companies and consumer advocates to explore the possibility of federal data-privacy legislation.  The Committee invited representatives from tech giants such as Google, Amazon, and Twitter to testify in September, then in October invited Dr. Andrea Jelinek, Chair of the European Data Protection Board;… More

SEC Brings First Enforcement Action for Identity Theft Red Flags Rule Violations

On September 26, in the Securities and Exchange Commission’s (“SEC”) first enforcement action for violations of Regulation S-ID (the “Identity Theft Red Flags Rule”), Voya Financial Advisors Inc. (“VFA”), an SEC-registered investment adviser and broker-dealer, has agreed to settle charges relating to failures in its cybersecurity policies and procedures concerning a cyber-intrusion that compromised thousands of customers’ personal information. VFA agreed to pay a $1 million penalty as well as retain an independent consultant to evaluate its policies and procedures for compliance with the Safeguards Rule and Identity Theft Red Flags Rule.… More

GDPR Creates Rugby Scrum

In a recent trip to Ireland, I was surprised to see two subjects that Ireland is known for — GDPR and rugby — coming into conflict.   As reported in the Sunday Business Post, World Rugby was lobbying the Irish government to create new data protection laws to address the interaction of anti-doping testing and the laws regarding transfer of data among and between different countries.  … More

China Expands Its Cybersecurity Regulations

As noted recently in the Wall Street Journal, “New cybersecurity rules will give Chinese authorities sweeping powers to inspect companies’ information technology and access proprietary information—steps that are likely to deepen concerns among foreign businesses about their China operations.”  These regulations were issued pursuant to the Cybersecurity Law of the People’s Republic of China, which came into force on June 1, 2017.… More

Senator Warner’s White Paper Gives Congress Options for Regulating Social Media and Technology Companies

Senator Mark Warner of Virginia has released a white paper outlining policy proposals for regulating social media and technology companies. The paper has gained significance in recent weeks as pressure builds on Congress to pass federal data privacy legislation. In the wake of Europe’s GDPR and California’s Consumer Privacy Act, industry groups, tech companies, and privacy activists alike have urged Congress to act.… More

California Amends its Consumer Privacy Act

On September 23, 2018, California Governor Jerry Brown signed into law SB-1121, a bill that makes several amendments to the Golden State’s landmark Consumer Privacy Act (“CCPA”). California enacted the CCPA in June after legislators reached a last-minute compromise with a group of privacy activists who would have put a more stringent data protection measure on the November ballot. Given the hasty enactment of the law,… More

New Law Provides Free Credit Freezes and Year-Long Fraud Alerts

As summarized nicely in the FTC FAQs below, there is a new law, the Economic Growth, Regulatory Relief, and Consumer Protection Act, that makes credit freezes free and extends fraud alerts to last a full year.  Here are some of the most common questions raised about this new law, and the FTC’s answers:

Q: I already had a credit freeze in place when the new law took effect on September 21,… More