President Obama’s February 13 Executive Order, “Promoting Private Sector Cybersecurity Information Sharing” (the “EO”), turns out to be light on new measures to improve cybersecurity, but focused heavily on adjustments to prior Executive Orders implementing the rules for handling classified information. This focus introduces concerns about government agencies picking winners and losers in the cybersecurity… Continue Reading
Tag Archives: Privacy
Congress Moves Critical Infrastructure Cybersecurity Bill
Posted in Cybersecurity, LegislationOn Wednesday, the House Homeland Security Committee passed a substitute bill for H.R. 3696, the National Cybersecurity and Critical Infrastructure Protection Act of 2013. The committee substitute bill was broadly supported by both parties. As it presently stands, H.R. 3696 delegates to the Department of Homeland Security the responsibility for civilian cybersecurity research and development, incident detection… Continue Reading
Overheard in the interview room: What is your Facebook password?
Posted in Employee Privacy, Privacy RegulationIf you’ve missed this development of late, the word on the street is that prospective employers are not just using Google to search for whatever may be available on the Internet — they are asking applicants to provide their Facebook passwords to allow the prospective employer to peruse their Facebook page. Our colleagues over at… Continue Reading
Summary of Pending Omnibus Privacy Legislation
Posted in UncategorizedGiven that there are several sets of pending privacy legislation, here is a comparison for easy reference. Side-by-Side Comparison of Privacy Bills
No Violation of Electronic Communications Privacy Act by Facebook
Posted in UncategorizedWritten by Stu Eaton The United States District Court for the Northern District of California has dismissed the claims of the plaintiffs against Facebook in the case of In re: Facebook Privacy Litigation. Plaintiffs’ claims were based on Facebook’s admitted disclosure of their personal information to is advertisers in its “Referrer Headers,” which are created when… Continue Reading
Privacy “Webinar Wednesday” Series
Posted in Data Compliance & SecurityLast week, we introduced the “Privacy Webinar Wednesday” educational series with Data Privacy and Security Issues for the Not-for-Profit: 201 CMR 17.00, PCI, and Other Acronyms You Should Know. It was incredibly well-received – over 150 registrants. We’ll be presenting various privacy and security issues on the first Wednesday of the month. In case you… Continue Reading
Data Privacy and Security for the Not-for-Profits
Posted in UncategorizedWe’re conducting a webinar on May 4th on data privacy and security issues as they affect not-for-profit institutions. Registration is here.
Update: Representative Cliff Stearns (R-FL) gets into the privacy legislation act
Posted in UncategorizedTech Daily Dose reports on the House of Representatives’ entry into the federal privacy legislation act. The Consumer Privacy Protection Act of 2011 specifically would: • Require covered entities to notify consumers that their personally identifiable information as defined in the bill may be used for a purpose unrelated to the transaction. • Require entities to… Continue Reading
Kerry and McCain Introduce Commercial Privacy Bill of Rights
Posted in UncategorizedAs we have been saying since the beginning of the new session of Congress, it appears that privacy is the true bipartisan issue. Evidence of that was front and center yesterday as Senators John Kerry (D-MA) and John McCain (R-AZ) introduced their “Commercial Privacy Bill of Rights” requiring businesses that collect, use, store or transfer… Continue Reading
FTC Extends Comment Period – UPDATED
Posted in Data Compliance & Security, Online AdvertisingThe Federal Trade Commission has extended the public comment period on its December 1, 2010 report — FTC Privacy Report. The FTC press release says that, in light of the complex issues raised by the report, a number of organizations have requested an extension of the original January 31, 2011 deadline. Stakeholders now have until February 18,… Continue Reading
Onward into 2011 – the Commerce Department Privacy “Green Paper”
Posted in UncategorizedHappy New Year to our readers! The Commerce Department and the Federal Trade Commission’s privacy initiatives are proceeding apace in this new year. We’ve prepared a summary of the Commerce Department’s “green paper” that can be read here: Commerce Privacy Report Summary. In the coming days, we will also post a comparison of the Commerce… Continue Reading
Commerce Department Seeking Public Input on Proposed Privacy Framework
Posted in UncategorizedYesterday, the Department of Commerce published a notice in the Federal Register, seeking feedback on proposals in its recently-unveiled privacy report. Among other questions, the Commerce Department is seeking comment on such issues as : • Should baseline commercial data privacy principles be enacted by statute or some other means? • How should baseline… Continue Reading
Questions Asked by the FTC in the Privacy Report – Part II
Posted in UncategorizedIn last week’s Privacy Report , the Federal Trade Commission posed a series of questions, soliciting comment and discussion from stakeholders to better inform its final report on the subject, due to be issued mid-2011. We reviewed some of the questions in our December 2 post. Here are some of the other questions — parties with… Continue Reading
Questions Asked by the FTC in the Privacy Report – Part I
Posted in UncategorizedYesterday’s blockbuster Privacy Report released by the Federal Trade Commission (blog post here) is as important for the questions it asked of stakeholders in eliciting public comment as for the recommendations it appears to be making. Since at least a portion of what will end up in the FTC’s final report will depend on the… Continue Reading
No Harm, No Foul; Ninth Circuit Affirms Dismissal of Data Breach Case Against The Gap
Posted in Data BreachWritten by Kevin McGinty It’s a distressingly common scenario. A corporate laptop containing job applicant data, including social security numbers, is stolen from an employee who has taken the laptop off of corporate premises. Access to the social security numbers makes it possible for wrongdoers to engage in identity theft. Is an applicant’s fear that… Continue Reading
Twitter Settles With FTC
Posted in Data BreachTwitter has reached a settlement with the Federal Trade Commission (FTC) over charges that it “deceived consumers and put their privacy at risk by failing to safeguard their personal information.” In the Matter of Twitter, Inc., The FTC had alleged that “serious lapses” in Twitter’s security last year “allowed hackers to obtain administrative control of… Continue Reading
FTC to Hold Data Privacy Roundtables
Posted in Data Compliance & SecurityHere’s an important notice from the Federal Trade Commission – The FTC will host a series of day-long public roundtable discussions to explore the privacy challenges posed by the vast array of 21st century technology and business practices that collect and use consumer data. Such practices include social networking, cloud computing, online behavioral advertising, mobile… Continue Reading
IAPP Privacy Academy 2009
Posted in Employee PrivacyThe IAPP Privacy Academy is taking place in Boston this week. Privacy professionals from all over the world are gathered to catch up on the latest developments and best practices. I’ll blog a bit from the Academy and pass on some of the tidbits.
Some “light reading” for privacy geeks…
Posted in Data Compliance & SecurityOr, actually, for anyone interested in building privacy into business from the “ground up” and how privacy can (and should) become a business differentiator. Dr. Ann Cavoukian is Ontario’s Information and Privacy Commissioner and has long been an advocate of privacy technologies and coined the term “Privacy by Design” in the late-nineties. Her latest book… Continue Reading
Maine Lawsuit Dismissed and Law “Likely Unconstitutional”
Posted in LegislationThe kerfuffle over the controversial Maine law slated to become effective this week that would have prohibited all marketing to minors has been dismissed. Yesterday, the District of Maine issued a Stipulated Order of Dismissal stating that there is a likelihood that the statute is “overbroad and violates the First Amendment.” Further (and perhaps more… Continue Reading
Maine AG – I Will Not Enforce New Marketing Law
Posted in LegislationIt looks as though Maine’s Attorney General will not enforce a controversial new state law that restricts marketing to minors, but has drawn a federal lawsuit because plaintiffs argued that the law swept too broadly. The Wall Street Journal today reports that a spokesperson for Maine AG Janet Mills said that Mills will not be… Continue Reading
Low Tech ID Theft ……
Posted in Identity TheftAs Federal Reserve Chairman Ben Bernanke and his wife recently found out, identity theft often has nothing to do with technology…. PC Mag: Fed Chairman Hit by ID Theft
Class Action Suit Filed in “Clear” Program Termination
Posted in Secure TravelingHere we go …..
What is happening with Registered Traveler data? It’s not “Clear”….
Posted in Secure TravelingAs I blogged a few weeks back, the “Clear” Registered Traveler program abruptly ended because the service provider ceased operations. The announcement at the time raised the questions of what happens to the vast trove of personal information and biometric data that the company collected in order to “clear” frequent fliers who ponied up the… Continue Reading