Category Archives: Advice for companies

Subscribe to Advice for companies RSS Feed

European Court of Justice Invalidates EU-U.S. Safe Harbor

On October 6, the European Court of Justice released an opinion that will have a significant effect on many companies which do business in the EU and transfer information to United States operations. In Schrems v. Data Protection Commissioner, the Court held that the EU-U.S. Safe Harbor Agreement does not preempt the data protection authorities … Continue Reading

SEC Announces Focus Areas for Second Round of Cybersecurity Exams of Broker-Dealers and Investment Advisers

On September 15, 2015, the Office of Compliance Inspections and Examination (OCIE) of the Securities and Exchange Commission (SEC) published a Risk Alert to provide additional information on the focus areas for its second round of cybersecurity exams. While the SEC’s oversight with respect to its cybersecurity exam initiative only extends to broker-dealers, investment advisers, … Continue Reading

EU-U.S. Data Protection Treaty Could Open U.S. Courts to EU Litigants

The U.S. and the EU recently concluded a treaty which will open the doors of U.S. courts to Europeans suing U.S. companies for data privacy violations. For a long time the Europeans have been skeptical about the protection of data privacy in the United States. The name “Snowden” still touches a sore spot with most … Continue Reading

Good News from the IRS on Taxability of Identity

Businesses and governmental entities increasingly store sensitive nonpublic personal information electronically. It should be no surprise, then, that identity theft is a major problem in the United States. Identity theft is generally considered to occur when a person wrongfully obtains and uses another person’s personal information (for example, name, social security number, or banking or … Continue Reading

FTC Confirmed as Data Privacy and Security Sheriff: Court Holds That FTC Can Regulate Company’s Data Practices

On August 24, 2015, the Third Circuit released a long-awaited decision, holding that the Federal Trade Commission (“FTC”) does have authority to regulate data privacy and security practices which fail to protect consumer data. The decision could impact many companies and other organizations which hold consumer data, by increasing the risk if they fail to adequately … Continue Reading

Did Seventh Circuit Case Make Data Breach Lawsuits Easier for Plaintiffs?

After a data breach, companies and other organizations have many worries—what happened to their data? How will their employees and clients be affected? How to remedy the situation? Will we face a lawsuit and, if so, is the lawsuit likely to be successful? Although lawsuits do occur after data breaches, plaintiffs often have difficulty proving … Continue Reading

PCI Council Retires Old Data Security Standard

Earlier this year, the PCI Security Standards Council published PCI Data Security Standard (PCI DSS) Version 3.1 and supporting guidance. While a majority of the revisions in this updated version are minor updates and clarifications, we highlight a few of the more significant changes in this blog post. PCI DSS Version 3.1 addresses vulnerabilities within … Continue Reading

FDA Issues Warning on Cybersecurity for Infusion Pump

On July 31, 2015, the U.S. Food and Drug Administration (“FDA”) issued a safety warning alerting users of the Hospira Symbiq Infusion System to cybersecurity vulnerabilities associated with the infusion pump. The Symbiq Infusion System is a computerized pump designed for the continuous delivery of general infusion therapy for a broad patient population. The infusion … Continue Reading

New Cybersecurity Assessment Tool

The Federal Financial Institutions Examination Council recently published its Cybersecurity Assessment Tool (Assessment) to help financial institutions identify cybersecurity risks and determine the institution’s preparedness through a repeatable and measurable process over time. We share it with our data privacy audience because its value is not limited to financial institutions. It is a thoughtful, structured … Continue Reading

VCs considering data when evaluating funding targets

With major data breaches seemingly in the news every day, venture capitalists are increasingly considering data issues as they evaluate potential investments. Gone is the era when data privacy concerns were not a priority for VCs, according to a recent post in The Privacy Advisor by Sam Pfeifle. The post noted venture capitalist Andreessen Horowitz’s … Continue Reading

Healthy reminder: HIPAA rules apply to most workplace wellness programs

Wellness programs are great ways for employers to provide guidance on ways employees can improve their health through fitness, diet and various other means. But oftentimes, employers forget that wellness programs may be an extension of a company’s heath care plan. As such, the Health Insurance Portability and Accountability Act (HIPAA) rules apply equally to … Continue Reading

Responding to Shareholder Inquiries re Cybersecurity Oversight

Oversight of a company’s risk management programs is one of the chief responsibilities of the board of directors, and for many companies cybersecurity risks rank among the key areas for scrutiny.  It’s little surprise, therefore, that some institutional investors are reportedly sending detailed questionnaires to directors of public companies seeking extensive information about the company’s … Continue Reading

Top 3 data privacy, security issues in-house counsel should focus on in 2015

This article originally appeared in the April edition of the Wisconsin Law Journal Recent cyber attacks have caused companies to focus on privacy and security issues more than ever before. With the attack on Sony in December 2014 and the unprecedented breach involving health plan information of Anthem Blue Cross Blue Shield in early 2015, … Continue Reading

Proposed data privacy legislation at the federal level may be a step in the right direction, but falls short of consumer advocacy groups’ expectations

More than a month after announcing plans to build on cyber security infrastructure, President Obama released a draft of new data privacy legislation—once again stirring the debate on the best approach to protecting consumer data. The new legislation—the Consumer Privacy Bill of Rights—places several notable requirements on companies. Among these requirements, companies would have to … Continue Reading

Putting a plan into place to protect your company — Part 3

If this bubble graph, produced by Information is Beautiful, says anything, it’s that the risk and occurrences of data breaches shows no signs of slowing down. Even the largest, most respected companies have fallen victim to hackers. Already in 2015, the country’s second-largest health insurer, Anthem, experienced a breach of about 80 million of its … Continue Reading

Were you affected by the Anthem breach? Answers to these questions may help

It’s being called “a very sophisticated external cyber-attack.” With the theft of 80 million of its customers’ and employees’ records, Anthem Health Insurance has suffered one of—if not the—largest data breach in our nation’s history. Reports suggest the cost of the attack may exceed $100 million. After sophisticated hackers broke into the company’s database, likely … Continue Reading

Officers, boards maintain roles in protecting companies — Part 2

On Jan. 28, we celebrated Data Privacy Day (DPD)—an international effort centered on “Respecting Privacy, Safeguarding Date and Enabling Trust.” And it’s in the spirit of DPD that we continue the discussion around executives and boards of director alike prioritizing cyber-security within their companies. During our recent event, “Counseling Your Board of Directors and Officers … Continue Reading

Officers and boards have key roles in protecting companies — Part 1

To say that data privacy and concern over cyber breaches is important for any company functioning within the global economy is an understatement. For years IT departments have been working hard to keep their companies’ data safe, and, until recently, that responsibility was primarily theirs and theirs alone. But in this new world of “big … Continue Reading

Children’s online privacy rights must be considered by companies

The Topps Company— the maker of Ring Pops—may have been just trying to have a little marketing fun. But a recent contest the company sponsored in 2014 around its jewel-shaped ring candy has caused a ruckus among several children’s rights advocacy groups and is at the root of a complaint recently filed with the Federal … Continue Reading

Counseling your board of directors and officers on cybersecurity risks

Data security is a business issue that goes beyond the IT department. Join Quarles & Brady for an overview of breach-response preparation and response imperatives. The event will be from 8:30 to 10 a.m. CT Jan. 22 at the firm’s Chicago office and the discussion will particularly target in-house counsel, compliance officers, chief audit executives … Continue Reading

Holiday season underscores the growing concern of data security

Ahh, the holidays! A time for giving, a time for sharing, a time for family and a time to worry about data security. While every company is at risk of experiencing a data breach, retailers in particular are in the line of fire. During the holidays, retailers—both online and brick-and-mortar—are busier than any other time … Continue Reading

EEOC suit against Honeywell could have far reaching ramifications

When the Equal Employment Opportunity Commission (EEOC) sued Honeywell Inc. in October over the company’s wellness program, it had many legal experts scratching their heads. The wellness plan Honeywell offers to its employees is pretty typical of most plans offered within corporate America. But according to the EEOC’s suit, filed in a Minneapolis court on … Continue Reading

Chart serves as a reminder: It can happen to you

Big data breaches are on the rise. That’s not news. For the past several years, headlines have been dominated with company after company suffering from some sort of cyber-security attack. A recent chart, however, puts the frequency of these breaches into perspective—and also underscores the fact that small, unknown companies are just as vulnerable as … Continue Reading