Many companies share personal information they gather directly from individuals with “business partners” who use the information for their own direct marketing purposes. It is the case, for example, of companies that provide services on the internet free of charge but gather and sell the data related to their users to business partners. As the Washington Post recently learned, companies with this business model may find it challenging to comply with the European requirements,… More
Tag Archives: Information
The Interplay of HIPAA, Privacy and Data Security Principles, and Health Information Interoperability
It was my pleasure yesterday to speak at MedInnovation Boston 2018, and deliver a presentation on “The Interplay of HIPAA, Privacy and Data Security Principles, and Health Information Interoperability“. With constantly evolving technology and the new GDPR legal framework. achieving interoperability seems harder than ever. More
It’s probably not going to change anything, but the Democratic National Committee has sued Russia (and members of the Russian establishment), members of the Trump campaign, and Wikileaks regard the 2016 election security breaches. The DNC’s complaint includes almost every claim imaginable in response to a hacking incident. If nothing else, it’s a good model for lawyers to crib from. More
Those of our readers who frequent social media may have noticed a newly-popular juxtaposition between selfies and art (or perhaps one should say between selfies and other forms of art)—a feature in the Google Arts & Culture app that matches a user’s selfie to a portrait in Google’s database.
But not every aspiring selfie artist can compare their work with that of the great painters of yesteryear. … More
In the 9th Circuit’s August 15, 2017 decision in Robins v. Spokeo, the latest in the long-running legal debate about when a consumer cause of action exists for a data breach, the 9th Circuit has declared that inaccuracies in a published credit report may sometimes constitute a “concrete injury” sufficient to confer Article III standing. This is a significant win for consumer protection advocates,… More
Tax season ‘tis the season to be phishing, according to the IRS. The IRS has issued a warning to payroll and human resources professionals about a “surge” in phishing emails seen this year. One of the preferred tactics of identity thieves this year appears to be impersonating CEOs and sending emails to company payroll and human resources departments asking for employee W-2s. … More
European Union Agrees On a New Data Protection Framework To Replace the 95/46/CE Directive: Meet the “General Data Protection Regulation”
On 15 December 2015, the three main European institutions, the Commission, the Parliament and the Council, agreed on the final text of the General Data Protection Regulation (GDPR) which has been on the table since January 2012. This is a major achievement, given the number of obstacles that still needed to be overcome a few weeks ago in order to meet the end of 2015 deadline for finalizing the GDPR. … More
CFTC Approves NFA Interpretive Notice on Information Systems Security Programs, Including Cybersecurity Guidance
The CFTC recently approved the National Futures Association’s interpretive notice (the “Cybersecurity Notice”) on the general requirements that members should implement for their information systems security programs (“ISSPs”), which includes cybersecurity guidance and ongoing testing and training obligations.
The Cybersecurity Notice will be effective March 1, 2016 and applies to futures commissions merchants, commodity trading advisors,… More
The Cybersecurity and Information Sharing Act (S.754), or CISA, cleared an important hurdle on Thursday when the Senate voted 83-14 to end debate on several amendments to the bill. CISA creates a cyberthreat information sharing system to, in the words of the bill, “improve cybersecurity in the United States.” Specifically, as currently drafted, the bill requires various government actors and agencies (such as the Attorney General and the Department of Homeland Security) to create specific policies and regulations relating to the sharing of cyberthreat data from private entities and within government entities. … More
Update on President Obama’s “Summit on Cybersecurity and Consumer Protection,” Part III: Five Key Lessons for Business
Concluding our three-part analysis of the White House’s first Summit on Cybersecurity and Consumer Protection, we turn to some practical advice coming out of the Summit’s afternoon session, including an address by Maria Contreras-Sweet, the administrator of the Small Business Administration (“SBA”), and a panel discussion among financial sector leaders moderated by Deputy Treasury Secretary Sarah Bloom Raskin.
Here are five takeaways for companies large and small:
- Companies are only as secure as their most vulnerable employee.…