On June 4, 2009, the Electronic Frontier Foundation (EFF) launched TOSBack – a site that tracks changes in the terms of service for major websites such as Facebook, Google, Apple, and eBay. If you’re wondering why anyone would be interested in such a thing, you may want to revisit the controversy that accompanied the revisions to the Facebook terms of service.
Monthly Archives: June 2009
Conficker Worm Still Lurking, Threat Remains
While the media frenzy surrounding the Conficker worm may have died down over the past several months, recent reports suggest that the computer worm is alive and well, and continues to expose PC users worldwide to the risk of identity theft and other mischief.
ABA Urges Congress and FTC to Exempt Lawyers from Red Flags Rules
Earlier this week, on Monday, June 22, 2009, the American Bar Association (ABA) President H. Thomas Wells, Jr. issued a public statement urging Congress and the FTC to exempt lawyers from the requirements of the federal Red Flags Rules, stating:
The Rule, adopted under the Fair and Accurate Credit Transactions Act, or FACT Act, is noble in its intent. However, the Commission’s application of the Rule to lawyers is unnecessary and not supported by law. … More
European Service Providers To Begin (or Continue) Recording Data on All Electronic Communications
On March 15, 2006, the European Parliament issued Directive 2006/24/EC (.pdf), outlining a new program that woud require internet service providers (ISPs) and telecommunications carriers to begin retaining comprehensive records of customer communications. Specifically, the Directive required member states to ensure that a range of communications data be retained by service providers, including:
- The names, addresses, telephone numbers, Internet Protocol (IP) addresses and user IDs involved in Internet access,…
AMA Adopts Principles on EMR Breach
In what it describes as an effort "[t]o protect the privacy and security of patients," the American Medical Association (AMA) last week adopted a lengthy report and related principles for physicians to follow in the event a patient’s electronic medical record were to be breached. The new AMA guidelines ask physicians to:
- ensure patients are properly informed of the breach and the potential for harm;…
Bill Seeks Changes Massachusetts Data Security Law
With the deadline for complying with the Massachusetts identity theft law just six months away, at least one state senator is still seeking changes to that law. In Senate Bill S173, which until now has received little public notice, State Senator Michael Morrissey proposes to make it easier for small businesses to comply, by requiring the state’s regulations to take account of a business’s resources as it requires compliance: … More
Privacy Panel Recommends Updates to Privacy Act, Privacy Officers for Federal Agencies
On May 27, 2009, Information Security and Privacy Advisory Board (ISPAB) issued a report entitled “Toward A 21st Century Framework for Federal Government Privacy Policy” (.pdf) that calls on Congress to amend the Privacy Act of 1974, establish the position of Chief Privacy Officer in numerous executive agencies and develop a Chief Privacy Officers’ Council. ISPAB is a group that advises the National Institute of Standards and Technology (NIST),… More
FTC and Other Agencies Issue Frequently Asked Questions (With Answers) on Red Flags Rules
On June 11, 2009, six federal agencies issued answers to a set of frequently asked questions (FAQ) (.pdf) to “assist financial institutions, creditors, users of consumer reports and card issuers in complying with the final rulemaking” on identity theft. The agencies behind the FAQ are those that originally promulgated the Red Flags Rules (and issued Guidelines to assist covered entities in designing compliance programs): the Federal Trade Commission (FTC),… More
ABA to Consider Asking FTC and Congress to Exempt Lawyers from Red Flags Rules
A contact at the American Bar Association (ABA) confirmed by telephone today that the ABA Board of Governors is meeting this Saturday, June 13, 2009 to determine what position the ABA will take on whether lawyers and law firms are (or should be) considered "creditors" subject to federal Red Flags Rules. Many among the legal community are hoping that the ABA urges the FTC and Congress to exempt lawyers from compliance with federal Red Flags Rules or takes some other action to limit the scope of the FTC’s enforcement. … More
Massachusetts Regulators Present on New Information Security Rules – June 5, 2009, Suffolk University Law School
On Friday, June 5, 2009, Suffolk University Law School’s Center for Advanced Legal Studies organized a thorough presentation on the Massachusetts information security rules. These presentations were led by a pair of notable Massachusetts regulators: Scott D. Schafer, the head of privacy enforcement for the Massachusetts Attorney General and David A. Murray, the chief architect of the Massachusetts identity theft regulations for the Officer of Consumer Affairs and Business Regulation (OCABR).… More
Update on Hackers Ransom Demand for Virginia Prescription Database
Last month, an unusual ransom demand was made on the Commonwealth of Virginia. See Encryption Used By Hackers to Demand Ransom for Virginia Prescription Database, May 5, 2009. In a posting late last week, the Virgina Department of Health Professions announced that it had sent a letter to affected individuals ("persons whose PMP records contained a nine-digit number that could be a social security number"). … More