Written by Dianne J. Bourque and Stephanie D. Willis The HIPAA Omnibus Rule goes into effect today, which officially starts the clock for covered entities, business associates, and their subcontractors to begin updating their agreements, forms, policies, procedures, and practices to meet approaching compliance deadlines. Business Associate Agreement (BAA) and Data Use Agreement (DUA) compliance… Continue Reading
Monthly Archives: March 2013
Google: Better to Seek Forgiveness Than Permission?
Posted in Class Action Litigation, Privacy LitigationWritten by Amy Malone For years, Google has been blazing trails in the technology world and along the way they have been caught in a few snares. The latest entanglement wrapped up this week as the company settled a two-year investigation led by an executive committee that represents 38 states and the District of Columbia… Continue Reading
FTC Finally Updates Its “.com Disclosures” – Welcome to the Small Screen
Posted in Mobile Privacy, Online AdvertisingWritten by Amy Malone After rounds of comments and public workshops, the FTC has finally released an update to its digital advertising disclosure guidelines (here). The FTC first released guidance on digital advertising in 2000 (see those guidelines here) and last May the FTC requested comments on how the guidelines could be updated. The FTC points… Continue Reading
Privacy and Security Not the Only Concerns in the Cloud
Posted in Cloud Computing, Cybersecurity, Data Compliance & SecurityWritten by Jonathan Cain Security and privacy are the most frequently expressed concerns about cloud computing (defined for this article to include software as a service, platform as a service and storage as a service), but for companies that engage in research, design, development, manufacturing and servicing of items that are subject to U.S. export… Continue Reading
To the Nation’s Largest Banks: Thanks for Reading
Posted in Cybersecurity, SecurityIt seems that some of the nation’s largest public company banks must be avid readers of this blog and have taken to heart our 2013 prediction that the SEC would require greater disclosure related to data security risks and breaches. In their recent annual reports, Goldman Sachs Group Inc., Citigroup, Inc., Bank of America Corp…. Continue Reading
Setback for Apple in iPhone MDL
Posted in Class Action LitigationWritten by Evan Nadel In a case about exposing user data, Apple suffered a setback due to its concealment of information in litigation. Last week, in the multi-district litigation, In Re iPhone Application Litigation, Judge Lucy Koh of the Northern District of California denied Apple’s motion for summary judgment in a putative class action by… Continue Reading
Zip Code as Personal Information: The Massachusetts Round 2
Posted in Class Action Litigation, Data Compliance & Security, Privacy LitigationYesterday, the Massachusetts Supreme Judicial Court (“SJC”) ruled that zip codes constitute “personal identification information” under G.L. c. 93. The question of law came to the SJC from the U.S. District Court for Massachusetts stemming from Tyler vs. Michaels Store, Inc, which was dismissed in January. This ruling echoes California’s 2011 decision that the Song-Beverly… Continue Reading
FTC Staff Report Shines a Light on the Treacherous Road Ahead for Mobile Payments
Posted in Data Compliance & Security, Privacy Regulation, SecurityWritten by Jake Romero Perhaps we are being cynical, but if we imagine the current conversation between consumers and the makers of mobile payment applications, it would be something along the lines of: Mobile Payment Industry: “Hello Consumer, would you like to start using your mobile device to transmit payments and make purchases?” Consumer: “Thank… Continue Reading
DataGuidance: Cynthia Larose on Cybersecurity Framework
Posted in Data Compliance & SecurityAs published in DataGuidance USA: New cybersecurity framework has far-reaching effects on US economy President Obama issued – on 12 February 2013 – the long-awaited Executive Order entitled ‘Improving Infrastructure Cybersecurity’ (the Order), alongside Presidential Policy Directive/PPD 21, to establish a nation-wide ‘Cybersecurity Framework’ and ‘enhance the security and resilience of the Nation’s critical infrastructure’…. Continue Reading
A Birthday Tribute to Dr. Seuss
Posted in Cloud ComputingCloud Security According to Dr. Seuss Credit and props to Graham Thompson, CCSK, CISSP (www.intrinsec.ca) The budget was tight. For hardware we could not pay. So we sat around thinking All that cold, cold, wet day. I sat there with Sally We sat there, we two. And I said “How I wish we… Continue Reading
