Archives: Uncategorized

Subscribe to Uncategorized RSS Feed

Spearphishermen Catch Big Fish

Data security is too often synonymous with the loss of consumer financial information. A recent report by a cybersecurity research firm reminds us, however, that a data breach can have an impact far beyond consumer privacy concerns.  On December 1, 2014, FireEye Inc. announced that a group called “FIN4” was duping executives, lawyers, and financial … Continue Reading

FTC Enters Another Settlement Agreement Arising Out of Alleged Privacy Misrepresentations

The FTC recently settled a charge with True Ultimate Standards Everywhere, Inc. (“TRUSTe”) alleging that the internet privacy certification company deceived consumers about its recertification program, as well as misrepresented itself as a non-profit entity when, in fact, it had converted to a for-profit company. TRUSTe is a well-known internet privacy watchdog. Its seal is … Continue Reading

California District Court – “Under TCPA Autodialer Must Generate Numbers”

One of the most complex issues under the Telephone Consumer Protection Act (TCPA) is determining whether the technology utilized qualifies as an “automatic telephone dialing system” (ATDS) or “autodialer.”  The TCPA prohibits using an ATDS to make calls to cell phone numbers, absent prior consent of the called party.  An ATDS  is generally define as … Continue Reading

Negligence Claims for Breach of Patient Privacy Not Preempted by HIPAA, Connecticut Supreme Court Holds

Healthcare providers continue to have challenges with responding to attorney requests for information and subpoenas. We highlighted some of these last year, along with some issues providers should be considering to help meet those challenges.  In this case, after the patient advised the provider not to disclose her PHI to her significant other, the provider received a … Continue Reading

Liability for Providing Too Little Information?

Most employers are well aware that potential liability lurks if unauthorized information is disclosed to third parties. Obvious examples would include unauthorized employee or applicant health or financial information or personal information such as social security numbers and the like. In an interesting twist, the Minnesota Supreme Court considered whether liability could be created when … Continue Reading

Computer Fraud and Abuse Act No Help to Employer Suing Employee Who Took Proprietary Business Info

An employer had no cause of action under the Computer Fraud and Abuse Act (“CFAA”) against an employee who accessed its computer systems to misappropriate confidential and proprietary business information to start a competing business, the U.S. District Court for the Southern District of Ohio has held. Cranel Inc. v. Pro Image Consultants Group, LLC, … Continue Reading

Data Breach Notification Deadline Extended 10 Days for Certain Healthcare Providers in California

While recent legislation has tended to tighten data breach notification requirements (e.g., Florida and California), Assembly Bill 1755 extended the breach notification deadline from five to 15 days for certain healthcare providers. More specifically, according to AB1755 which becomes effective January 1, 2015, the deadline to provide notification of a breach of medical information for healthcare providers covered by … Continue Reading

Enterovirus D-68 and Ebola Cases Raise Privacy Concerns for Healthcare Providers and their Workers

On September 25, a four-year old boy from New Jersey died of Enterovirus D-68, reports myfoxphilly.com. Increasingly, there are reports about potential Ebola cases in the U.S. Naturally, the spread of infectious disease raises concern for everyone, particularly for healthcare workers who want to do their jobs, and also protect their families. There are already … Continue Reading

Data Incident Response–Are You Prepared?

Two recent surveys provide some detailed analysis of cybersecurity and its impact in today’s world. The Global State of Information Security Survey 2015, conducted by PricewaterhouseCoopers LLP (PWC),  found a 48% increase in the number of security incidents detected from 2013.  PWC surveyed more than 9,700 security, information technology and business executives found a total … Continue Reading

Companies Need to be Better Prepared to Respond to Problematic Social Media Activity, Including Facebook “Likes”

The National Labor Relations Board has found that another employer (a non-union employer) violated its employees’ protected concerted activity rights under the National Labor Relations Act (NLRA) when it disciplined and fired them for certain social media activity. Our Labor Group provides an extensive analysis of this decision in Triple Play Sports Bar and Grille, 361 NLRB No. 31 … Continue Reading

Strengthened Florida Data Breach Notification Law Signed by Governor Scott

As we reported earlier, Florida lawmakers passed extensive revisions to its existing data breach notification law, SB 1524. On June 20, 2014, Florida’s Governor Rick Scott signed the bill into law, which becomes effective on July 1, 2014. Our earlier post provides more of a discussion about key provisions of the law. But here are a … Continue Reading

Oklahoma Joins Growing Number of States Limiting Employer Access To Personal Social Media Accounts

Add Oklahoma to the list of states prohibiting employers from requesting or demanding access to the personal social media accounts of employees or applicants. Signed into law by Gov. Mary Fallin, H.B. 2372 becomes effective November 1, 2014. In addition to being prohibited from requesting or demanding usernames or passwords from employees or applicants to their … Continue Reading

Volunteer State (Tennessee) Prohibits Employers From Asking Employees, Applicants to Volunteer Access to Social Media, Internet Accounts

Effective January 1, 2015, Tennessee employers, including government entities, will be prohibited from requesting or requiring access to the private social networking or online accounts of employees and job applicants under the Volunteer State’s “Employee Online Privacy Act of 2014,” signed by Governor Bill Haslam. Our Tennessee colleagues outline the key provisions of the law, including some of … Continue Reading

Kentucky Enacts a Data Breach Notification Law and Protects Student Data in the Cloud

Kentucky Gov. Steve Beshear signed H.R. 232 on April 10, 2014, making the Commonwealth the 47th state to enact a data breach notification law. The law also limits how cloud service providers can use student data. A breach notification law in New Mexico may follow shortly. Data Breach Notification Mandate The Kentucky law follows the same general structure of … Continue Reading

EEOC Meeting: Social Media Discovery Chills The Exercising of Rights

The United States Equal Employment Opportunity Commission (EEOC) recently held a meeting to gather information about the growing use of social media and how it impacts the laws the EEOC enforces. During the meeting, a panel representative from the Society for Human Resource Management (SHRM) explained that employers use different types of social media for various … Continue Reading

Student Files Suit After Tweet Lands Her In Hot Water

A New Jersey student has filed a federal court lawsuit, H.W. v. Sterling High School District, alleging that she has been subject to disability discrimination and that her First Amendment rights have been violated. The student, known only as H.W. in court papers, was banned from the prom, senior trip, and the school’s commencement ceremony following … Continue Reading

Recent IRS, MTA Data Breaches Provide Reminders To Not Ignore the “Low-Hanging Fruit”

Many organizations believe they have taken all steps necessary to eliminate the risk of a data breach. They often point to the organization’s deft IT team and tout the installation of some of the latest software solutions to protect sensitive data. However, some of these same organizations often fail to take some very basic steps … Continue Reading

San Francisco implements “ban the box” legislation

San Francisco has joined the growing numbers of cities and states around the country implementing “ban the box” legislation which restricts inquiries regarding an applicant’s criminal records on applications for employment and during job interviews.  The EEOC recommends “banning the box” in line with its guidance regarding convictions and consideration in use of information based … Continue Reading

Another Employer’s Social Media Policy Is Found Unlawful By An NLRB Administrative Law Judge

The National Labor Relations Board (“NLRB”) continues to be active in its review of employer social media policies. In recent years, the NLRB’s review of social media policies has focused largely on whether an employee would reasonably construe the language of the policy as prohibiting him or her from engaging in activity protected by Section … Continue Reading

FTC Announces Identity Theft Was Top Consumer Complaint During 2013, 14 Years Running

According to an FTC press release, identity theft tops the national ranking of consumer complaints for 2013, with American consumers losing a reported $1.6 billion to fraud last year. Here is how some of the numbers break down: Fourteen (14) percent of the more than two million complaints to the FTC (or 290,056) stemmed from identity theft. Thirty … Continue Reading

Is it really deleted?

A significant percentage of “recycled” computers were found to still contain personal information, according to a study conducted by the National Association for Information Destruction (NAID). As reported in e-Place Solutions, the NAID-ANZ Secondhand Hard Drive Study, found that “15 of 52 hard drives randomly purchased contained highly confidential personal information.” What kind information: “spreadsheets … Continue Reading

U.S. Attorney General Eric Holder Urges the Passage of a National Data Breach Notification Law

After years of identity theft holding the top spot for crimes reported to the Federal Trade Commission, and following recent reports of massive data breaches, U.S. Attorney General Eric Holder urged Congress today to enact a national law setting a uniform standard for notifying individuals regarding breaches involving their personal information, according to a report by … Continue Reading

What Employers Need to Know About Bitcoin

Ask the average person what they know about Bitcoin and they might be able to tell you that it is a digital currency. Most have probably heard the name mentioned in articles about its giant fluctuations in value or in connection with black market internet transactions. Beyond that, how Bitcoin actually operates remains relatively unknown … Continue Reading
LexBlog