In a precedent-setting decision, the New Jersey Supreme Court today ruled that a company should not have read e-mails a former employee sent to her lawyer from a private Web account through her employer’s computer (See November 5, 2009 Privacy and Security Information blog post). According to the Star-Ledger, the court, which determined the company’s… Continue Reading
Monthly Archives: March 2010
Government “Outs” Mystery Retailers in Gonzalez Hack Case
Posted in Data BreachInteresting post in today’s Wired: Threat Level blog about a motion in the Alberto Gonzalez hacking case that was unsealed on Monday. We now have the identities of the other two “mystery” retailers – J.C. Penney was “Company A” and Wet Seal was “Company B.” J.C. Penney argued unsuccessfully last week to keep the company’s… Continue Reading
More detail on Dave & Buster’s FTC Settlement
Posted in LegislationAs we blogged here last week, we were going to post our Client Alert with further details about the settlement and consent order reached by the restaurant chain Dave & Buster’s and the Federal Trade Commission relating to the breach suffered by the chain. Here is the alert — Privacy and Security Alert: Popular Restaurant… Continue Reading
French Senate Passes Breach Notice Bill
Posted in LegislationThe French Senate has overwhelmingly approved a major draft bill updating the country’s 1978 data protection act to, among other things, create the European Union’s strongest breach notification requirement and expand powers of the French data protection authority, known as “CNIL.” This bill also doubles monetary penalties for violations of the data protection law. It… Continue Reading
Privacy and Security Bits and Bytes
Posted in Data BreachSome news items for the last Friday in March – Another state has joined the Payment Card Industry Data Security Standard (“PCI“) bandwagon. On March 22, 2010, Washington state became the third state to incorporate the into law. The Washington House and Senate passed HB 1149 and it has been signed into law by the… Continue Reading
HHS Announces Delay in Enforcement of HITECH Rules as Applied to Business Associates
Posted in LegislationAs we have discussed before, HHS’s Office of Civil Rights has let it be known that a proposed rule implementing the HITECH Act’s privacy and security provisions as they apply to business associate liability is in the works. The proposed rule will also deal with new limitations on the sale of protected health information, marketing,… Continue Reading
Restaurant Chain Settles FTC Data Breach Charges
Posted in Data BreachYesterday, the Federal Trade Commission (“FTC”) weighed in with another proposed settlement agreement requiring that the Dave & Buster’s restaurant chain that experienced a massive data breach in 2007 establish and maintain a comprehensive information security program as a condition of settling a consumer protection action arising out of that data breach. This is the… Continue Reading
TJX hacker sentenced to 20 years
Posted in Data BreachA computer hacker has been sentenced to 20 years in prison for helping engineer one of the largest thefts of credit and debit card numbers in US history. http://www.boston.com/business/ticker/2010/03/tjx_hacker_sent.html
Senate Commerce Committee Approves Rockefeller-Snowe Cybersecurity Act
Posted in Data Compliance & SecurityWe will post a link to the amended legislation as soon as it is released by the Committee. The Senate Commerce Committee press release – WASHINGTON, D.C.—Senator John D. (Jay) Rockefeller IV, Chairman of the U.S. Senate Committee on Commerce, Science, and Transportation, and Senator Olympia J. Snowe (R-ME), a senior member of the committee,… Continue Reading
Boston ranks 2nd in U.S. cyber-crime study
Posted in Data BreachA new study has Boston ranked No. 2 among U.S. cities as a “hotspot” of cybercrime. In a study published yesterday by California data security firm Symantec Corp. (Nasdaq: SYMC), Boston registered as the second-riskiest city in the U.S., after Seattle, due to its high concentration of cyber crimes and WiFi availability. Out of 50… Continue Reading
Quick Compliance Survey
Posted in Data BreachNo, we’re not “taking names” here. This is just a 10-question survey to gauge some basic compliance metrics. Please participate! Click here to take survey
International Cybercrime Reporting and Cooperation Act introduced this afternoon
Posted in LegislationSenators Gillibrand and Hatch this afternoon introduced their cybersecurity bill, the International Cybercrime Reporting and Cooperation Act. The complete text of the bill is not yet available online, but the press release does include the details of the bill, which include: (1) an annual Presidential report on the state of other countries’ use of communication… Continue Reading
Massachusetts Data Security Compliance Workshop
Posted in Data Compliance & SecurityIn case your data security compliance plan is stuck in neutral, you have questions, or you haven’t started yet…there will be a free (!) breakfast hands-on workshop on Thursday in Tewksbury, MA. “Massachusetts Data Protection Law: Demystifying the Details” is being sponsored by the Merrimack Valley Venture Forum. The Merrimack Valley Venture Forum has assembled… Continue Reading
Maine Legislative Committee Votes to Repeal Marketing Law Aimed at Minors
Posted in LegislationWe have blogged about the on-again, off-again, then on-again (but revised) Maine “Act to Prevent Predatory Marketing Practices Against Minors”. Well, it’s now off. For good. Last week, a Maine legislative committee voted to repeal the controversial online marketing law, which was widely seen as unconstitutional, that restricts the data that can be collected from… Continue Reading
Privacy and Security Bits and Bytes
Posted in Data Compliance & SecurityOur Friday afternoon feature is back (albeit on Thursday due to schedule tomorrow) – a quick round-up of bits and bytes related to data privacy and security. Don’t Ignore New Massachusetts Data Privacy Regs – a piece by Lora Bentley from ITBusinessEdge (for which the editor of this blog was interviewed) Your smart phone may… Continue Reading
Big Fines Coming in UK for Data Breaches
Posted in Data BreachBy Susan Foster, Mintz Levin London As of April 6, 2010, the UK’s Information Commissioner’s Office (ICO) can levy fines of up to £500,000 for breaches of the Data Protection Act 1998 that are: • serious in nature • deliberate or reckless, and • likely to cause substantial damage or distress to an individual. The… Continue Reading
Another Potential Privacy Pitfall on Facebook
Posted in Data BreachRumors are flying that Facebook will unveil a new geolocation sharing device next month. According to a post in Bits Blog in the New York Times, you will be able to share your location with friends without updating your status. Jared Newman in an article in PCWorld has a good point … “My gut reaction… Continue Reading
Breaking News – ID Theft Company to Pay $12 Million for Deceptive Advertising
Posted in Legislation“[E]nough holes that you could drive a truck through it…..” That’s how Federal Trade Commission Chairman Jon Leibowitz described the identity theft protection offered to consumers by the widely-advertised LifeLock product and the claims made by the company that its service provided comprehensive identity theft protection. Those claims have cost the company $12 million dollars… Continue Reading
Major “goof” at Citibank
Posted in Data BreachFor all of you who have been struggling with data security compliance obligations from various fronts, and trying to handle complex technical issues such as encryption of portable devices and data “at rest” and “in transit” — here is a very big story regarding plain old everyday mail. If you are a Citibank customer, Citi… Continue Reading
Hotel Chain Hacked Again….
Posted in Data BreachWyndham Hotels and Resorts has apparently notified the U.S. Secret Service and several state attorneys that hackers stole customer names and payment card information from its computer system. Wyndham has since notified credit card companies so that affected cardholders’ accounts may be monitored. It also has hired a firm to investigate the breach and assist… Continue Reading
Today is the day……
Posted in Data Compliance & SecurityAfter implementation delays and rule changes, new data protection regulations that are widely considered the most stringent in the nation take effect today. The Massachusetts data security regulations require institutions that hold personal data on Massachusetts citizens to encrypt that information and implement written data protection policies, reports the Boston Globe. Discussion continues and questions… Continue Reading