Privacy and Security Law Blog : Privacy & Security Law Blog : Davis Wright Tremaine LLP : Seattle, Los Angeles, Washington D.C., New York, San Francisco, Shanghai, Portland and Anchorage Law Firm

Posted by Charlene Brownlee

The Office of Management and Budget issued a data breach notification memorandum May 22, 2007[1] to the heads of federal executive agencies and departments exactly one year after the Veterans Affairs Department announced the largest publicly known federal government data breach.[2]

All federal agencies have 120 days to implement policies to notify individuals in the event of a breach of their personal information by the federal government.  In addition, agencies must also review their collection and use of Social Security numbers and develop a plan to, within 18 months, eliminate their unnecessary collection and use of SSNs.

• Email This
• Print
• Comments
• Share Link

 Posted by Randy Gainer

As of May 25, 2007, one state has adopted and five are considering important new data breach laws. The laws will require businesses that fail to implement adequate security to pay some of the costs that others incur if the first business’s failure to implement security measures contributes to the theft of consumers’ personal information. Although the state laws are not uniform, they each address the failure of current federal and state data security statutes to permit businesses to recover such costs. The laws also respond to court decisions that refused to shift costs to businesses whose security contributed to data thefts.

• Email This
• Print
• Comments (1)
• Share Link

Posted by Thomas R. Burke

Just in time for Memorial Day... if the State of Nebraska has its way, the public will never know the names or anything else about nearly 1,000 former mental health patients buried between 49 and 110 years ago at a cemetery located at one of the state's rural facilities.  Using the Nebraska Public Records Act, the Adams County Historical Society in Hastings, Nebraska recently sought access to burial records for information about former patients who were buried in unmarked graves at the Hastings Regional Center -- originally known as the "state ayslum for the incurably insane."  The State is denying access to the records, citing to patient privacy statutes, including HIPAA.  The Nebraska Attorney General's Office late last week concluded that the names of the former patients could be properly kept secret, forever.  "These people are being denied the fact that they lived and died, and it's disgraceful," said Catherine Renschler, executive director of the Adams County Historical Society, commenting to the Associated Press in a recent article. As the nation celebrates Memorial Day 2007, it's unfortunate that the state is asserting patient privacy laws and HIPPA to deprive these individuals of some permanent dignity and to perpetuate social stigmas against those who currently suffer from mental illnesses.  

FULL DISCLOSURE -- DWT is representing the Adams County Historical Society, pro bono, in connection with this matter. 

• Email This
• Print
• Comments (1)
• Share Link

Posted by Ronald London

Earlier this week, the Federal Communications Commission issued a Forfeiture Order that, in fining Dynasty Mortgage, L.L.C., $748,000 for violations of the National Do-Not-Call Registry (NDNCR), instantly became one of the more notable decision in the FCC’s relatively limited body of telemarketing enforcement case law. The decision’s importance lies primarily in the fact that it is one of the few times the FCC pursued an alleged violator all the way through the four phases of pursuing complaints against it (i.e., citation, letter of inquiry investigation, notice of apparent liability for post-citation violations and, finally, forfeiture order), and consequently issued legal findings and factual conclusions that offer insight on how the do-not-call rules are intended to operate in real-world practice. This is significant, because many of the FCC’s rules (and the parallel rules of the FTC) are in the form of generalized prohibitions and obligations that state what telemarketers are supposed to do, but not how to go about doing so.

• Email This
• Print
• Comments
• Share Link

Posted by Joe Addiego

On the heels of the February introduction to the House of the Securely Protect Yourself Against Cyber Trespass Act, aka the Spy Act (H.R.964), which remains scheduled for debate and was the subject of my March 16, 2007 blog post, earlier this month another antispyware bill, this one called the Internet Spyware Prevention Act of 2007 (I-SPY), was ordered reported in the House.

• Email This
• Print
• Comments
• Share Link

Posted by Joe Addiego

On the heels of the February introduction to the House of the Securely Protect Yourself Against Cyber Trespass Act, aka the Spy Act (H.R.964), which remains scheduled for debate and was the subject of my March 16, 2007 blog post, earlier this month another antispyware bill, this one called the Internet Spyware Prevention Act of 2007 (I-SPY), was ordered reported in the House.

• Email This
• Print
• Comments
• Share Link

Posted by Thomas Jeffry

Monday (May 14th) marked the deadline when all facilities-based broadband Internet access providers and providers of interconnected VoIP (voice over Internet protocol) needed to comply with Section 103 and 105 of the Communications Assistance for Law Enforcement Act of 1994 (CALEA), Pub. L. No. 103-414, 108 Stat. 4279. Cable modem companies, satellite internet companies, DSL providers, and broadband over powerline join traditional telecommunications carriers in providing technology that allows law enforcement agencies to tap into email, instant messaging, web browsing logs, and other forms of electronic communications.

• Email This
• Print
• Comments
• Share Link

Bush Wants Phone Firms Immune to Privacy Suits
By Ellen Nakashima, Washington Post
May 4, 2007

Administration Pulls Back on Surveillance Agreement
New York Times
May 2, 2007

TJX breach tied to Wi-Fi exploits
By Bill Brenner, SearchSecurity.com 
May 7, 2007

• Email This
• Print
• Comments
• Share Link

Pentagon to End Talon Data-Gathering Program
By Walter Pincus
Washington Post Staff Writer - Wednesday, April 25, 2007

Bank Group Sues TJX over Data Breach
e.week.com - April 25, 2007

Google opens up government databases
By Dibya Sarkar, AP Business Writer | April 30, 2007, Boston.com        

• Email This
• Print
• Comments
• Share Link