Monthly Archives: May 2014

European Court Establishes “Right to be Forgotten” Online

(This was originally posted May 13, 2014 on CRS and the Law.)

Today’s decision by the European Court of Justice (ECJ) that individuals enjoy the right to have truthful yet unflattering information about them “forgotten” from online search results is generating a great deal of controversy in Europe and beyond. In a case brought by Spanish national Mario Costeja Gonzalez against Google demanding that the search giant remove results referring to a years-old newspaper notice of a tax auction of his property,… More

Initial Thoughts on The FTC Report, “Data Brokers: A Call for Transparency and Accountability”

In a 110 page report issued yesterday, the Federal Trade Commission suggested that data brokers operate without transparency and asked Congress to consider enacting legislation to make data broker practices more visible to consumers and to give consumers greater control over personal information that is collected and shared by data brokers.

The report, “Data Brokers: A Call for Transparency and Accountability” is the result of a study of nine data brokers undertaken by the FTC to shed light on the data broker industry. … More

What eBay buyers and sellers need to know

With help from the FTC, here are five steps that you can take to protect yourself from fraud if you or your business use eBay:

Change your eBay password. When you create your new password, mix letters, numbers, and special characters.
If you used your eBay ID or password for other accounts, change them, too.
Don’t confirm or provide personal information in response to an email or text,…

“In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response”

Last week, I co-presented with Gant Redmon of Co3 Systems to the Association of Corporation Counsel on breach response. Here are the slides from our presentation: “In_the_Belly_of_the_Breach_: What Every In-House Counsel Needs to Know about Data Breach Response.” More

The SEC’s Power to Take Enforcement Action Against Cybersecurity Violators

To buttress the SEC’s initiative to assess cybersecurity preparedness in its risk alert discussed here previously , the SEC also has the power to bring enforcement actions against registered entities that fail to meet cybersecurity requisites. Specifically, the SEC may bring an enforcement action against registered entities that violate the safeguards rule of Regulation S-P (17 CFR § 248.30(a)) (commonly referred to as the “Safeguards Rule”).… More