Privacy & Security Law Blog

Privacy & Security Law Blog

Legal Commentary and Resources for the Payment Industry

Insight & Commentary on Information Management and Protection

Developments & Commentary

GAOFeb19General Counsel, Is Your Website Vulnerable?

A report just released by security startup, Menlo Security, found that one-third of the top one million websites have already been compromised with malware or are running outdated or unpatched software that is vulnerable. The problem is two-fold: 1. Does your website contain vulnerabilities? As the report notes, these website vulnerabilities are easily ...

hackerAdvisory Alert: Premera Cyber-Attack Announced

Defining Your Obligations as an Employer On March 17, 2015, Premera announced a data breach involving the personal information of more than 11 million individuals resulting from what it characterized as a sophisticated, targeted cyber-attack. Employers and plan sponsors should take steps to verify how the Premera breach affects their plans ...

montanaMontana Tweaks Data Breach Statute

Bill Expands PII Definition, and Adds Government Notice Requirement.
The Big Sky Country’s data breach statute is going to see some small changes come October. On Feb. 27, 2015 Montana Governor Steve Bullock signed H.B. 74 into law, amending the state’s data breach notification statute.  Among its changes, H.B. 74 broadens the definition of personal information (“PI”) and requires entities ...

cruise shipFTC and State AGs: Political Survey Preface Does Not Allow Sales Robocalls to Avoid Do-Not-Call and Telemarketing Sales Rule Compliance

Cruise Line and Some of its Cohorts Settle Complaint for $500,000+ and Agree to Follow Do-Not-Call, Caller ID, Prerecorded Message, and Other Telemarketing Rules The Federal Trade Commission (FTC) and 10 state Attorneys General announced the filing of a complaint and proposed stipulations against Caribbean Cruise Line (CCL) and several other ...

VPAA2Appellate Courts Being Drawn Into VPPA Fray

Cartoon Network Plaintiff’s Arguments May Signal Plaintiffs Bar’s Approach in Other Pending VPPA Cases and Appeals Last week the Third and Eleventh Circuit Courts of Appeals assigned case numbers to the appeals of In re Nickelodeon Privacy Litigation and Locklear v. Dow Jones & Co., Inc., two recently dismissed class actions ...

Resources & Updates

locksRewind and Replay: Plaintiffs Appeal Dismissal of VPPA Suits against Viacom, Google and Dow Jones

Plaintiffs in two recently dismissed class actions alleging violations of the Video Privacy Protection Act (“VPPA”) filed notices of appeal this week, asking the Third and Eleventh Circuit Courts of Appeals to hit the rewind button and review the merits of their respective claims. On January 20 a New Jersey ...

HIPPA Binder2015 Edition of HIPAA Regulations Now Available

For your convenience, a bookmarked-version of the most current HIPAA regulations is available here. It includes 2014 changes to the HIPAA regulations in the Code of Federal Regulations, including: (1) the current compliance date (Oct. 1, 2015) for ICD-10 implementation; and (2) the Privacy Rule’s deletion of the Clinical Laboratory Improvement ...

Data storage cyber conceptCybersecurity: The Human Factor

Financial institutions are under a constant and growing cyber assault from hacktivists that want to cause online mischief, criminals that want to steal consumer data and nation-states that are looking for a military, political or economic advantage. In this increasingly costly war, the focus is often on the latest hardware, ...

congress money2Congress Funds Cybersecurity: Spending Bill Allocates over $1 Billion to Cybersecurity

The final spending bill of the 113th Congress, which keeps the government doors open until September 30th of 2015, was passed by the House on December 11th, the Senate on the 13th, and signed by the President on December 16th. It is a $1.1 trillion omnibus spending bill that will ...

cyber buttonCongress Confirms NIST’s Role in Cybersecurity – and the Continuation of the Cybersecurity Framework

The Cybersecurity Enhancement Act of 2014 (CEA) was passed by the House and the Senate on December 11th, and signed by the President on the 18th. The bill formalizes the role of the National Institute for Standards and Technology (NIST) in continuing to develop the voluntary Cybersecurity Framework. Through five ...