Article by James Swann
A recent hack of Obamacare enrollment records might result in a full-blown privacy investigation of the government agency that is responsible for the federal health-care exchange and serve as a wake-up call to the government.
The aftermath of the breach may be even more troubling than the breach itself, Colin Zick, with Foley Hoag in Boston, told Bloomberg Law.… More
Ten years ago today, on October 23, 2008, we posted our first blog entry on Security, Privacy and the Law. Since then, we have over 650 posts, on subjects ranging from FTC Red Flags to blockchain. We want to thank our many authors, and our many readers, and we look forward to another 10 years — I’m sure there will be plenty to write about! More
In late September and early October, the Senate Commerce Committee held a pair of hearings with tech companies and consumer advocates to explore the possibility of federal data-privacy legislation. The Committee invited representatives from tech giants such as Google, Amazon, and Twitter to testify in September, then in October invited Dr. Andrea Jelinek, Chair of the European Data Protection Board;… More
On September 26, in the Securities and Exchange Commission’s (“SEC”) first enforcement action for violations of Regulation S-ID (the “Identity Theft Red Flags Rule”), Voya Financial Advisors Inc. (“VFA”), an SEC-registered investment adviser and broker-dealer, has agreed to settle charges relating to failures in its cybersecurity policies and procedures concerning a cyber-intrusion that compromised thousands of customers’ personal information. VFA agreed to pay a $1 million penalty as well as retain an independent consultant to evaluate its policies and procedures for compliance with the Safeguards Rule and Identity Theft Red Flags Rule.… More
In a recent trip to Ireland, I was surprised to see two subjects that Ireland is known for — GDPR and rugby — coming into conflict. As reported in the Sunday Business Post, World Rugby was lobbying the Irish government to create new data protection laws to address the interaction of anti-doping testing and the laws regarding transfer of data among and between different countries. … More
As noted recently in the Wall Street Journal, “New cybersecurity rules will give Chinese authorities sweeping powers to inspect companies’ information technology and access proprietary information—steps that are likely to deepen concerns among foreign businesses about their China operations.” These regulations were issued pursuant to the Cybersecurity Law of the People’s Republic of China, which came into force on June 1, 2017.… More
Senator Mark Warner of Virginia has released a white paper outlining policy proposals for regulating social media and technology companies. The paper has gained significance in recent weeks as pressure builds on Congress to pass federal data privacy legislation. In the wake of Europe’s GDPR and California’s Consumer Privacy Act, industry groups, tech companies, and privacy activists alike have urged Congress to act.… More
On September 23, 2018, California Governor Jerry Brown signed into law SB-1121, a bill that makes several amendments to the Golden State’s landmark Consumer Privacy Act (“CCPA”). California enacted the CCPA in June after legislators reached a last-minute compromise with a group of privacy activists who would have put a more stringent data protection measure on the November ballot. Given the hasty enactment of the law,… More
As summarized nicely in the FTC FAQs below, there is a new law, the Economic Growth, Regulatory Relief, and Consumer Protection Act, that makes credit freezes free and extends fraud alerts to last a full year. Here are some of the most common questions raised about this new law, and the FTC’s answers:
Q: I already had a credit freeze in place when the new law took effect on September 21,… More
Four months after the GDPR came into effect, the French Data Protection Authority (“CNIL“) published a first assessment with some impressive figures: