Privacy & Security Law Blog

Privacy & Security Law Blog

Legal Commentary and Resources for the Payment Industry

Insight & Commentary on Information Management and Protection

Developments & Commentary

GuardingGapsIs Wi-Fi Security Keeping You Awake on the Road?

Sometimes it’s hard to get a good night’s rest out on the road. Accessible Wi-Fi in hotels, airplanes, coffee shops, and other hospitality locations has quickly gone from a luxury to a  necessity for customers who need continuous access to the Internet. Yet serious security gaps in the majority of ...

nycAdvisory Alert: NYC Ban on Use of Credit Checks in Employment Decisions Moves to Mayor’s Office for Signature

On April 16, 2015, the New York City Council voted overwhelmingly to amend the city’s Human Rights Law to prohibit employers from using an individual’s consumer credit history to make employment decisions. While the bill contains certain exceptions for positions requiring heightened levels of security, the proposed law will affect ...

green keyAre Regulatory Fears Impeding Industry Cyber Sharing?

Business leaders confess that concerns of adverse regulatory actions are impacting industry willingness to share cyberthreat information with authorities They say that no good deed goes unpunished. And when it comes to cyber sharing, industry leaders are concerned that their only “reward” for helping the government identify and respond to cyberthreats ...

lock httpLegal Departments: New PCI DSS Requirements Mandatory in June

PCI Council publishes new PCI Data Security Standard Version 3.1 and provides very short time to implement new encryption standards. The PCI Council just published a new version of the PCI Data Security Standard (PCI DSS).  The new Version 3.1 (agreement required) is available to use immediately and becomes mandatory on ...

FCCBorderAdvisory Alert: The FCC Just Upped the Ante for Communications Providers and the FTC

The FCC has been warning communications companies for months that protecting consumer privacy and information security is a top priority, and the recent announcement of a $25 million settlement with AT&T over its alleged failures to adequately protect consumer information are a good indication of the agency’s intent to follow ...

Resources & Updates

locksRewind and Replay: Plaintiffs Appeal Dismissal of VPPA Suits against Viacom, Google and Dow Jones

Plaintiffs in two recently dismissed class actions alleging violations of the Video Privacy Protection Act (“VPPA”) filed notices of appeal this week, asking the Third and Eleventh Circuit Courts of Appeals to hit the rewind button and review the merits of their respective claims. On January 20 a New Jersey ...

HIPPA Binder2015 Edition of HIPAA Regulations Now Available

For your convenience, a bookmarked-version of the most current HIPAA regulations is available here. It includes 2014 changes to the HIPAA regulations in the Code of Federal Regulations, including: (1) the current compliance date (Oct. 1, 2015) for ICD-10 implementation; and (2) the Privacy Rule’s deletion of the Clinical Laboratory Improvement ...

Data storage cyber conceptCybersecurity: The Human Factor

Financial institutions are under a constant and growing cyber assault from hacktivists that want to cause online mischief, criminals that want to steal consumer data and nation-states that are looking for a military, political or economic advantage. In this increasingly costly war, the focus is often on the latest hardware, ...

congress money2Congress Funds Cybersecurity: Spending Bill Allocates over $1 Billion to Cybersecurity

The final spending bill of the 113th Congress, which keeps the government doors open until September 30th of 2015, was passed by the House on December 11th, the Senate on the 13th, and signed by the President on December 16th. It is a $1.1 trillion omnibus spending bill that will ...

cyber buttonCongress Confirms NIST’s Role in Cybersecurity – and the Continuation of the Cybersecurity Framework

The Cybersecurity Enhancement Act of 2014 (CEA) was passed by the House and the Senate on December 11th, and signed by the President on the 18th. The bill formalizes the role of the National Institute for Standards and Technology (NIST) in continuing to develop the voluntary Cybersecurity Framework. Through five ...