Privacy and Security Law Blog

Bush Wants Phone Firms Immune to Privacy Suits
By Ellen Nakashima, Washington Post
May 4, 2007

Administration Pulls Back on Surveillance Agreement
New York Times
May 2, 2007

TJX breach tied to Wi-Fi exploits
By Bill Brenner, SearchSecurity.com 
May 7, 2007

Pentagon to End Talon Data-Gathering Program
By Walter Pincus
Washington Post Staff Writer - Wednesday, April 25, 2007

Bank Group Sues TJX over Data Breach
e.week.com - April 25, 2007

Google opens up government databases
By Dibya Sarkar, AP Business Writer | April 30, 2007, Boston.com        

Tool mines personal data from across Net
CNETNews.com - April 19, 2007

Calif. Lawmakers to Vote on Five Bills to Regulate RFID Technology
Computer World - April 9, 2007

HHS, GAO criticized over privacy report
By Joseph Conn / HITS
Modern Healthcare Online, 2/5/07

NCVHS report of 6/6/06 cited in the previous article.

Data Breach Bill Raises Penalties
By Roy Mark
Internetnews.com, 2/6/07
Promising long overdue reform, U.S. Sen. Patrick Leahy introduced legislation today to strengthen personal data protections and to require data-breach notifications to consumers.

NRC Declines Security Boost for Nuclear Plants
by David Kestenbaum, NPR Morning Edition, January 30, 2007 ·
Fearing terrorism, activist groups have asked the Nuclear Regulatory Commission to strengthen safeguards at power plants. On Monday, the NRC decided not to require plants to build additional defenses.

Banks on notice over security. Privacy watchdog wants to force disclosure of credit card breaches
By Susan Bradley Staff Reporter, The Chronicle Herald, January 30, 2007.
Canada’s privacy commissioner wants financial institutions and corporations to be required by law to notify their customers when a security breach takes place.

Comment, Critique And Debate On Security And Open Source Implementations At LinuxWorld OpenSolutions Summit
Business Newswire, January 30, 2007

RFID Strategy -- RFID Privacy And Security Issues: A look at the evolving state of tag security.
By Paul Faber
(Industryweek.com, 1/9/07) 

Technology Companies Are Exposed to Security Breach Litigation.
Some Cyber Policies, By Themselves, Can Leave Gaps in Protection
(PRNewswire, 1/8/07)

Airport scanners allow some to skip security lines -- for a price.
By Stephen Majors
(The Associated Press, Published in the Seattle Post Intelligencer, 1/8/07)

Posted by Peter Mucklestone and Kevin Tu

The Financial Crimes Enforcement Network (FinCEN) recently published the seventh issue of the SAR Activity Review – By the Numbers. The publication compiles and updates numerical data gathered from all suspicious activity reports (SARs) filed with FinCEN. The most recent compilation covers the over 3.6 million SARs filed with FinCEN on or before June 30, 2006. Depository institutions, certain money services businesses, casinos and card clubs, and certain segments of the securities and futures industries must file SARs with FinCEN.   A review of the compiled data highlights certain statistics and general observations with respect to each type of SARs filing, as follows:

Personal data security breaches hit 100 million milestone in US (12/19/2006 - FineExtra.com)
Over 100 million data records of US residents have been exposed due to security breaches since February 2005, according to records maintained by the Privacy Rights Clearinghouse.

Privacy Watch: Phishers reach cell phones  (12/19/2006 – Techworld)
Have you ever been SMiShed? That's not as personal a question as it may sound to the uninitiated, but it does relate to protecting your personal data.

Posted by DWT

No End in Sight: Data Breach Tally Approaches 100 Million (9/25/06 - ETC News)

The total number of records containing sensitive personal information involved in security breaches over the past two years now stands at 93,754,333, according to the Privacy Rights Clearinghouse. The updated tally includes thousands of instances of data exposure in the past month alone.

"Not a Suicide Pact": A Stone-Posner Conversation (9/23/06 - The Huffington Post)

In commemoration of Judge Richard Posner's newest book, Not a Suicide Pact: The Constitution in a Time of National Emergency, Judge Posner and I participated in the following four-part exchange on the American Constitution Society blog.

OMB issues data breach guidance (9/22/06 - GCN)

On the heels of the House Government Reform Committee issuing the results of their data breach survey, the White House and its Identity Theft Task Force outlined steps agencies should take in responding to an identity theft or ways to prevent one from happening. 

Congress Unlikely to Pass Wiretapping (9/27/06 -- Associated Press)

Congress is unlikely to approve a bill giving President Bush's warrantless wiretapping program legal status and new restrictions before the November midterm elections, dealing a significant blow to one of the White House's top wartime priorities.

White House wins more support for warrantless wiretapping law (9/26/06 - San Jose Mercury News)

The White House and its allies Monday chipped away at objections to proposed legislation for warrantless wiretapping, winning new support among reluctant Senate members and hoping for passage of the measure before this weekend's congressional recess.

Posted by DWT

We are pleased to have recently been given permission to link to two articles by members of the DWT Privacy and Security group that were recently published in Privacy and Data Security Law Journal. 

Please click here to read Lawsuits Challenge the NSA's Warrantless Data Mining and Surveillance Program by Randy Gainer.

And click here to read Current Privacy Issues Facing Marketers  by Robert J Driscoll.

Posted by DWT

This April in San Francisco, our own Bruce Johnson and Greg Kopta will be giving presentations at the "Blog Law and Blogging for Lawyers" conference in San Francisco, co-hosted by Dennis Crouch of Patently-O and Cathy Kirkman of the Silicon Valley Media Law Blog.

Other presenters will include Denise Howell, Raymond Nimmer and our friend Kevin O'Keefe at LexBlog. A more complete list of speakers with links, can be found on Patently-O.

Posted by Kraig Baker

David Brin, the science-fiction writer and futurist, was one of the keynote speakers this morning. He was quite interesting and was somewhat provocative for a privacy conference. His greatest concern was the impact of the rise of secrecy on accountability in our society. His point was that we are an enlightened society that is not ruled by the rich, the elites, or the strong, because we have transparency and accountability through markets, science, democracy, and the courts. He views the rise of privacy and security as a threat to that accountability and enlightenment and threatens the framework of American society. Although it takes a while to get exactly where Brin is going, Brin's ideas on accountability as a contrast to secrecy are pretty persuasive and an interesting counterpoint to the remainder of the conference.

Posted by Lance Koonce

Our afternoon keynote speaker at the IAPP Privacy Academy was Kevin Mitnick, of hacker fame, who spoke on social engineering as the gravest threat to corporate security. Kevin's talk was quite engaging, in particular because it was interspersed with real-life examples of social engineering scams that vividly demonstrated his theme that humans are always the weakest link in any security system.

Posted by Kraig Baker

Lance Koonce and I are blogging from the IAPP (International Association of Privacy Professionals) annual conference in Las Vegas this week. The organization seems to be getting a lot of traction as a trade group. They have over 600 attendees this year -- many more than last year. They also have a much more impressive roster of companies and organizations participating and many of the attendees seem to be more senior than in years past. Of course there are also more lawyers here this year...never a good sign.

Posted by Lance Koonce

Today was the first full day of the IAPP's Privacy Academy 2005 here in Las Vegas (actually, it's in Henderson, but let's not split hairs). The keynote addresses were given by author David Brin, IBM scientist Jeff Jonas, and Jim Harper of the Cato Institute.

Several of us will be blogging this week from the IAPP's Privacy Academy 2005 in Las Vegas, which runs from October 26th through the 28th. Lance Koonce will be speaking on a panel entitled "Privacy in a Public World: Emerging Issues". Hope to see some of you there!

Although a bit farther afield from the realm of privacy and security than our regular posts, we just wanted to mention that a DWT colleague of ours, John Parnass, has recently launched his own blog on Construction Law. It's a great looking site and John is an experienced attorney whose insight in this area will be invaluable. Welcome, John!

Posted by Lance Koonce

The new Meriam-Webster Collegiate Dictionary has been released, and included among the 100 or so new words now recognized by that dictionary are the following that may be of interest to P&SLB readers:

metadata (noun) 1983 : data that provides information about other data

DHS (abbreviation) : Department of Homeland Security

steganography (noun) 1985 1 archaic : cryptography 2 : the art or practice of concealing a message, image, or file within another message, image, or file

Wi-Fi (certification mark) —used to certify the interoperability of wireless computer networking devices

And yet....no dictionary entries for blog, blawg, vlog, moblog, podcast, splog, phish, pharm, mmorpg, VoIP, wardriving, spit, spim, HIPAA, RFID....?

Today marks the launch of Davis Wright Tremaine LLP's privacy and security blog - thanks for dropping in. Several years ago, a small group of attorneys at our firm recognized that issues surrounding the electronic collection and protection of sensitive information were throwing off new legal questions at an accelerating rate. Thus was born the Privacy and Security Group at DWT, and that original core group of attorneys has now grown to almost 40 professionals spread across seven offices, advising clients on every aspect of privacy and security.

While we share our expertise with our clients every day, this blog is an opportunity to contribute to the broader discussion on these constantly evolving topics. We welcome your comments and suggestions, and hope that we can serve a useful role in the public debate.