The Department of Defense and the General Services Administration, which together spend more than $500 billion annually on information technology, have released a joint report to the White House recommending steps to upgrade the cybersecurity requirements of acquisitions of information technology and services throughout the federal government. These recommendations will affect not only suppliers to… Continue Reading
Monthly Archives: January 2014
Some Reading for #DPD2014
Posted in Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & SecurityWe have some reading to add to your Data Privacy Day (#DPD2014) activities: New California Data Breach Notification Requirements BNA Privacy and Security Law Report Privacy Policies: How to Effectively Communicate with Consumers Privacy 101: The Best Defense is A Good Offense
New Timeline for Adoption of Definitive EU Data Protection Regulation
Posted in European Union, Legislation, Privacy RegulationWritten by Susan Foster, Solicitor England & Wales/Admitted in California (LONDON) The European Commission announced yesterday that it is working towards a revised timeline for the adoption of a definitive Data Protection Regulation by the end of 2014. While Commissioner Viviane Reding’s press release about finalizing the Regulation by the end of 2014 has been… Continue Reading
Data Privacy Day 2014
Posted in UncategorizedThe “observance” of Data Privacy Day annually on January began in 2008. The National Cyber Security Alliance (NCSA) will be kicking off today’s events with a live stream of its press conference in Washington, DC. You can access the stream at the NCSA’s Facebook page here. Data privacy — and data security —… Continue Reading
Retailers Ask FCC to Clarify that Text Message Responses Are OK
Posted in Privacy Regulation, UncategorizedWritten by Ernest C. Cooper Should retailers be required to obtain written consent before sending a consumer a text message with information or a coupon that was specifically requested? The Retail Industry Leaders Association (RILA) thinks not, and has filed a petition asking the Federal Communications Commission to clarify that sending a one-time text message… Continue Reading
Damages Issues Again Thwart the Bulk of Plaintiffs’ Claims in the PlayStation Network Data Breach Class Action
Posted in Class Action Litigation, Data BreachWritten by Kevin McGinty In the latest chapter in the Sony PlayStation Network (“PSN”) data breach saga, a decision that issued on January 21, 2014 permanently dismissed all but a handful of the class action claims advanced in a 51 count complaint. Plaintiffs, representing a putative nationwide class of PSN users, asserted dozens of state… Continue Reading
Look North, Marketers – Canadian Anti-Spam Law is Coming
Posted in Data Compliance & Security, Privacy RegulationWritten by Cynthia Larose The US CAN-SPAM Act is old hat for marketers in the US. But it is time to revisit email marketing compliance programs if you send email north of the US border. Canada’s anti-spam law (known as “CASL”) has been debated for years but is finally coming into effect. Industry Canada released its… Continue Reading
To 8-K, or not to 8-K? For Target, that is indeed the question.
Posted in Data Breach, Data Breach NotificationWritten by Adam Veness and Cynthia Larose As anyone with a pulse and a computer, television or carrier pigeon knows, Target Corporation (NYSE: TGT) suffered a major data breach in December – the extent of which is still being uncovered – and pegs the latest number of customers that have had their personal information stolen anywhere… Continue Reading
BREAKING NEWS: FTC Announces Major Settlement with Apple
Posted in Children, Federal Trade CommissionWritten by Julia Siripurapu and Cynthia Larose Apple Agrees to Pay Consumers At Least $32.5 Million to Settle Complaint of Unfair Billing Related to Children’s In-App Charges FTC Chairwoman Edith Ramirez just announced (press conference) that Apple, Inc. (“Apple”) has agreed to provide consumers full refunds of at least $32.5 Million Dollars to settle the… Continue Reading
Privacy Monday – January 13, 2014
Posted in Privacy MondayThese are busy times in the data privacy/security world. If Misery Loves Company, Target Has Friends Target was not the only target of data thieves this holiday season. Reports over the weekend revealed that Neiman Marcus was attacked – during the same relative time period. Details regarding number of affected cards were not available. Other… Continue Reading
The Number of The Day: 70 Million (at least)
Posted in Data Breach, Data Breach NotificationThe Target data breach story keeps getting worse. The December pre-Christmas disclosure was the theft of up to 40 million Target shoppers’ credit and debit card information in what appeared to have been a hack of the Target point-of-sale system that allowed the thieves to swipe magnetic card data as customers checked out. … Continue Reading
COPPA: New Year, New Requests to FTC For Investigation of Violations
Posted in Children, Federal Trade Commission, Privacy RegulationWritten by Julia Siripurapu As we predicted in our prior blog post reviewing the key children’s privacy developments of the past year, 2014 is turning out to be the year of enforcement of children’s privacy regulations! The first two requests for investigation under the Amended COPPA Rule have been filed with the FTC by the Center… Continue Reading
Social Media for Financial Institutions – Final Guidance
Posted in Privacy Regulation, UncategorizedWritten by Amy Malone At the end of 2013, the Federal Financial Institutions Examination Council (FFIEC) became the latest regulator to weigh in on social media and offered their final social media guidance. The proposed regulation was released last January (mentioned in our post here.) The final guidance is much like the original proposal with… Continue Reading
COPPA: “Knowledge-Based Authentication” Method Approved by Federal Trade Commission
Posted in Children, Federal Trade CommissionWritten by Julia Siripurapu The FTC has announced (press release) that it has unanimously approved the knowledge-based authentication method proposed by Imperium, LLC (“Imperium”) as a COPPA-compliant method of obtaining verifiable parental consent (“VPC”). Knowledge-based authentication has been used by entities in the financial services industry to authenticate users for several years. For more information… Continue Reading
Happy 2014!
Posted in Data BreachAfter a brief hiatus for the holidays and our “12 Days of Privacy” series, we are back. We have had a series of late year — and new year — data breaches in the news. These latest incidents should prompt New Year’s resolutions to undertake risk assessments and internal reviews of data security practices… Continue Reading