Privacy and cybersecurity risks continue to emerge for organizations large and small. While by no means exhaustive, we briefly discuss some key issues that organizations may need to focus on in 2019 and beyond. Business Email Compromise (BEC)/Email Account Compromise (EAC) – BEC and EAC attacks are widespread and show no sign of slowing in the … Continue Reading
On September 23, 2018, Governor Jerry Brown signed into law SB-1121 amending certain provisions of the California Consumer Privacy Act of 2018 (CCPA) which was enacted in June of this year. As we reported previously, CCPA will apply to any entity that does business in the State of California and satisfies one or more of … Continue Reading
This Sunday, January 28, is Data Privacy Day, which Congress recognized on Jan. 27, 2014, when it adopted S. Res. 337, supporting the designation. As noted by the National Cyber Security Alliance, Data Privacy Day began in the United States and Canada in January 2008, an extension of the Data Protection Day celebration in Europe. Don’t … Continue Reading
We are proud to once again announce that the Workplace Privacy Report has been nominated for The Expert Institute’s Best Legal Blog Competition. From a field of thousands of nominees, the Workplace Privacy Report has received enough nominations to join one of the largest competitions for legal blog writing online today. If you enjoy the Workplace … Continue Reading
On January 9, 2017, lawmakers in the House re-introduced legislation, the Email Privacy Act, which, if enacted, would require the government to obtain a court-issued warrant to access electronic communications, including emails and social networking messages, from cloud providers (e.g., Google, Yahoo) when such communications are older than 180 days. Current law, the Electronic Communications … Continue Reading
A class action alleging Viacom illegally obtained and disclosed personally identifiable information from children under the age of thirteen through the Nickelodeon website recently reached the end of line (almost) when the class’ petition for writ of certiorari was denied by the Supreme Court this month. The high court chose not to further define the … Continue Reading
In honor of Data Privacy Day, we provide the following “Top 10 for 2017.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2017. 1. Phishing Attacks and Ransomware – Phishing, as the name implies, is the attempt, usually via email, to obtain sensitive or personal … Continue Reading
The Federal Trade Commission (“FTC”) recently announced that FTC chairwoman Edith Ramirez will be stepping down effective February 10, 2017. Ms. Ramirez guided the agency through a period of significant enforcement activity, particularly in the areas of cybersecurity and consumer privacy. President-elect Donald Trump will now have the opportunity to fill three vacancies at the … Continue Reading
The Federal Trade Commission (“FTC”) has entered into a Consent Order to resolve a complaint brought against a digital advertising company, Turn Inc. Turn provided advertisers with the ability to engage in targeted advertising by tracking consumer’s activities or characteristics to deliver ads tailored to the consumer’s interests. The FTC alleged that Turn violated federal … Continue Reading
Late last month, the Federal Communications Commission adopted new privacy rules for broadband Internet service providers (ISPs). We first discussed this topic in March when the proposal was introduced by the FCC Chairman. The rules are intended to protect the privacy of consumers and to provide customers with meaningful choice, greater transparency, and strong security … Continue Reading
Michael Schrage at Harvard Business Review warns his readers, “Stop swearing at Siri. Quit cursing Cortana,” arguing such behavior could soon be seen just as destructive to an organization as ridiculing a subordinate. In the 1993 film, Demolition Man, Sylvester Stallone’s character, John Spartan, received multiple tickets from a wall box that overheard him violate … Continue Reading
According to a recent New York Times article, “Facebook scrambled on Monday to respond to a new and startling line of attack: accusations of political bias.” Slate followed with a report that the online social networking giant became the subject of a United States Senate inquiry, with Commerce Committee Chairman John Thune wanting information about how … Continue Reading
One year ago, in March 2015, the Federal Communications Commission (“FCC”) reclassified broadband Internet access service as a common carrier Telecommunications Service subject to regulation under Title II of the Communications Act. At that time, however, the FCC recognized that the then-current rules were not well suited to broadband privacy. On March 10, 2016, the … Continue Reading
Recognizing the growing number of connected and interconnected devices, a bipartisan group of Senators recently introduced a bill which would convene a working group of Federal stakeholders to provide recommendations to Congress on how to appropriately plan for and encourage the proliferation of the Internet of Things (IoT). The Developing Innovation and Growing the Internet of … Continue Reading
Earlier today, the European Commission (the Commission) issued a draft “adequacy decision” as well as the texts that will constitute the EU-U.S. Privacy Shield (the Privacy Shield). This includes the Privacy Shield Principles companies have to abide by, as well as written commitments by the U.S. Government on the enforcement of the arrangement, including assurance … Continue Reading
Earlier this month, the Federal Trade Commission (“FTC”) issued a report discussing “big data.” The report compiles the agency’s learning from recent seminars and research, including a public workshop held on September 15, 2014. Known best for its role as the federal government’s consumer protection watchdog, the FTC highlights in the report a number of … Continue Reading
You’ve spent extensive time and effort, not to mention money, establishing your company’s reputation only to have the company defamed or disparaged anonymously online. This is a scenario which many organizations face in today’s virtual marketplace. As a recent decision by the Delaware Superior Court illustrates, dealing with these types of issues is often difficult … Continue Reading
The Cybersecurity Information Sharing Act or CISA passed the Senate this week by vote of 74-21, but not without controversy. CISA would not establish a generally applicable federal standard for safeguarding personal information, nor would it enact a federal breach notification requirement. Rather, if signed into law, CISA would among other things create a framework … Continue Reading
According to a Bloomberg article, the second phase of HIPAA audits by the Office for Civil Rights (OCR), originally set to commence in 2014, may be coming soon. This update came at a HIPAA conference co-hosted by OCR during which OCR Director Jocelyn Samuels said the agency was in the process of confirming contact information of … Continue Reading
Over the past few years, states around the country have enacted laws limiting an employer’s ability to access the personal social media accounts of applicants and employees. Earlier this year, Montana’s Governor Steve Bullock signed HB 342 into law. Before that, Virginia enacted a similar measure. On May 19, Connecticut’s Governor added the Nutmeg state to … Continue Reading
According to a report by Deutsche Welle, the German Federal Labor Court held that employers may monitor employees only when they have concrete suspicions of wrongdoing that are based on fact. In the U.S., the standards for engaging in monitoring employees may not be quite that high, but employers should be thinking about whether a … Continue Reading
As the vast array of internet-connected devices mushrooms, and technologies permit those devices to communicate with one another, calls for privacy and security can be heard. On the heels of a recent victory in the ongoing LabMD case, the Federal Trade Commission (FTC) announced yesterday “concrete steps” businesses can take to enhance the privacy and … Continue Reading
The FTC recently settled a charge with True Ultimate Standards Everywhere, Inc. (“TRUSTe”) alleging that the internet privacy certification company deceived consumers about its recertification program, as well as misrepresented itself as a non-profit entity when, in fact, it had converted to a for-profit company. TRUSTe is a well-known internet privacy watchdog. Its seal is … Continue Reading
Thanks to a new state law enacted to protect minors from the modern follies of youth, minors in California can ring in the New Year by permanently deleting their regrettable online posts. This so-called “Online Eraser Law” – signed by Governor Jerry Brown on September 23, 2013 – will take effect on January 1, 2015. … Continue Reading
