Category Archives: Data

Subscribe to Data RSS Feed

Approved – Cybersecurity Act of 2015

It is official, on December 18, 2015 President Obama signed the Cybersecurity Act of 2015, which encompassed the Cybersecurity Information Sharing Act of 2015 (“CISA”), into law. Much to the vexation of privacy advocates, CISA was buried in the 2,009-page $1.1 trillion spending bill. The Act provides liability protection to companies that voluntarily share “cyber … Continue Reading

End of Year Thoughts on FTC Data & Security Requirements

Two recent events involving the FTC demonstrate that the FTC’s previously-broad authority to regulate companies’ data security provisions may have taken a hit, but that the FTC still has significant power over companies that collect and store consumer information. Authority of FTC. The FTC generally has authority under federal law to bring a cause of … Continue Reading

ERISA Preemption and State Data Breach Notification Laws…Good News?

Many employers which offer a group health plan need to comply with federal rules requiring privacy protections for medical information, such as the HIPAA Privacy and Security Rules. But do employers also need to comply with state medical privacy and data breach laws? Or, does ERISA preempt those laws, such that employers can ignore them? … Continue Reading

EU Reaches Agreement on Data Privacy: What Does It Mean For Your Business?

You have probably already seen the headlines about the new EU data privacy regulation which will replace the current data privacy directive. No immediate action is required as it will not come into effect until 2018. Companies should, however, start planning for the changes by implementing serious data privacy policies and procedures as the new … Continue Reading

European Commission and Data Protection Authorities Issue Guidance

When the European Court of Justice invalidated the Safe Harbor Framework, companies were left scrambling to determine how best to conduct day-to-day business involving data transfers between the EU and the U.S. To remind us of our options, the European Commission released a communication setting out the alternative grounds upon which personal data may still … Continue Reading

U.S. Senate Encourages Sharing – of Cyber Threat Indicators, That Is

To share or not to share — that is the question for companies when they have information about cybersecurity threats. New federal legislation which was adopted by the Senate on October 27, 2015 is designed to encourage companies to share information — with other companies and the federal government — about cybersecurity threats. The provisions … Continue Reading

EU-U.S. Safe Harbor Invalidity Gives Renewed Interest in U.S. Legislation

The recent holding of the European Court of Justice to invalidate the EU-U.S. Data Privacy Safe Harbor has given new impetus for Congress to pass the Judicial Redress Act sponsored by Sen. Orrin Hatch and Sen. Chris Murphy which would give EU citizens a cause of action in U.S. courts. What to do in the … Continue Reading

European Court of Justice Invalidates EU-U.S. Safe Harbor

On October 6, the European Court of Justice released an opinion that will have a significant effect on many companies which do business in the EU and transfer information to United States operations. In Schrems v. Data Protection Commissioner, the Court held that the EU-U.S. Safe Harbor Agreement does not preempt the data protection authorities … Continue Reading

EU-U.S. Data Protection Treaty Could Open U.S. Courts to EU Litigants

The U.S. and the EU recently concluded a treaty which will open the doors of U.S. courts to Europeans suing U.S. companies for data privacy violations. For a long time the Europeans have been skeptical about the protection of data privacy in the United States. The name “Snowden” still touches a sore spot with most … Continue Reading

FTC Confirmed as Data Privacy and Security Sheriff: Court Holds That FTC Can Regulate Company’s Data Practices

On August 24, 2015, the Third Circuit released a long-awaited decision, holding that the Federal Trade Commission (“FTC”) does have authority to regulate data privacy and security practices which fail to protect consumer data. The decision could impact many companies and other organizations which hold consumer data, by increasing the risk if they fail to adequately … Continue Reading

PCI Council Retires Old Data Security Standard

Earlier this year, the PCI Security Standards Council published PCI Data Security Standard (PCI DSS) Version 3.1 and supporting guidance. While a majority of the revisions in this updated version are minor updates and clarifications, we highlight a few of the more significant changes in this blog post. PCI DSS Version 3.1 addresses vulnerabilities within … Continue Reading

FDA Issues Warning on Cybersecurity for Infusion Pump

On July 31, 2015, the U.S. Food and Drug Administration (“FDA”) issued a safety warning alerting users of the Hospira Symbiq Infusion System to cybersecurity vulnerabilities associated with the infusion pump. The Symbiq Infusion System is a computerized pump designed for the continuous delivery of general infusion therapy for a broad patient population. The infusion … Continue Reading

VCs considering data when evaluating funding targets

With major data breaches seemingly in the news every day, venture capitalists are increasingly considering data issues as they evaluate potential investments. Gone is the era when data privacy concerns were not a priority for VCs, according to a recent post in The Privacy Advisor by Sam Pfeifle. The post noted venture capitalist Andreessen Horowitz’s … Continue Reading

Top 3 data privacy, security issues in-house counsel should focus on in 2015

This article originally appeared in the April edition of the Wisconsin Law Journal Recent cyber attacks have caused companies to focus on privacy and security issues more than ever before. With the attack on Sony in December 2014 and the unprecedented breach involving health plan information of Anthem Blue Cross Blue Shield in early 2015, … Continue Reading

EU’s new data protection law is likely to impact all companies doing business in Europe

Headlines have been popping up lately around Europe’s latest proposed rules to address data privacy. While the focus of the media seems to be mostly on how it’s bad news for big tech companies such as Google and Facebook—which will likely have even more complicated data privacy waters to navigate in Europe—there is likely a … Continue Reading

Proposed data privacy legislation at the federal level may be a step in the right direction, but falls short of consumer advocacy groups’ expectations

More than a month after announcing plans to build on cyber security infrastructure, President Obama released a draft of new data privacy legislation—once again stirring the debate on the best approach to protecting consumer data. The new legislation—the Consumer Privacy Bill of Rights—places several notable requirements on companies. Among these requirements, companies would have to … Continue Reading

Holiday season underscores the growing concern of data security

Ahh, the holidays! A time for giving, a time for sharing, a time for family and a time to worry about data security. While every company is at risk of experiencing a data breach, retailers in particular are in the line of fire. During the holidays, retailers—both online and brick-and-mortar—are busier than any other time … Continue Reading

Chart serves as a reminder: It can happen to you

Big data breaches are on the rise. That’s not news. For the past several years, headlines have been dominated with company after company suffering from some sort of cyber-security attack. A recent chart, however, puts the frequency of these breaches into perspective—and also underscores the fact that small, unknown companies are just as vulnerable as … Continue Reading