Tag Archives: Data Security

Cyber-Hacking and Cyberterrorism Are Bringing More Attention to Technology Firms and Software Manufacturers

Should “cyber products” be added to the United States Munitions List (USML)? Cyber-hacking and cyberterrorism are growing concerns for the national security of the United States, so this question could not go unanswered. The Defense Trade Advisory Group (DTAG) decided that “cyber products” should not be added to the USML. The addition of this broad … Continue Reading

Target Agrees to $39 Million Settlement with Credit Card Issuers’ Data Breach Claims

Still recovering from its 2013 data breach, Target Corp. agreed to a $39 million settlement with a class of banks suing the well-known retailer, marking the settlement as the first class-wide data breach pact ever reached on behalf of financial institutions. Target’s data breach exposed 40 million credit and debit cards to fraud during the 2013 … Continue Reading

ALJ Dismisses FTC’s Data Security Suit Against LabMD for Failure to Prove ‘Substantial Injury’ to Consumers

In a landmark decision, an administrative law judge dismissed the FTC’s long-running data security lawsuit against Atlanta-based cancer screening laboratory, LabMD Inc., following an alleged data breach. Chief Administrative Law Judge D. Michael Chappell (the “ALJ”) ruled in his Initial Decision that the FTC had failed to prove that the laboratory’s alleged conduct harmed, or … Continue Reading

San Francisco Launches First “Internet of Things” Wireless Network in United States

With the onslaught of smart watches, smart thermostats, and even smart refrigerators that allow you to Tweet hangry messages to your followers, it’s only natural that a “smart city” would follow. This week, San Francisco city officials agreed to run a one-year pilot project with Sigfox – an FCC certified French start-up that builds low-power … Continue Reading

FINANCIAL INSTITUTIONS MAKE HISTORY IN TARGET MDL, FIRST CLASS ACTION CERTIFIED IN FEDERAL COURT TO LITIGATE SECURITY BREACH ISSUES

Before September 15, 2015, no federal court had certified a class action to litigate security breach claims. But now U.S. District Court Judge Paul A. Magnuson, overseeing the In re: Target Corporation Customer MDL, has certified as a class: All entities in the United States and its Territories that issued payment cards compromised in the … Continue Reading

Third Circuit Upholds FTC’s Authority in Wyndham Case

On August 24, 2015, the Third Circuit, in a highly anticipated ruling, upheld a 2014 New Jersey District Court decision that the FTC has authority under section 5 of the FTC Act to regulate “unfair” data security practices without engaging in formal rulemaking.  As we have previously discussed, the implications of the lower court ruling, … Continue Reading

Target Reaches $67 Million Settlement with Visa over Data Breach Claims

More than a year-and-a-half after Target’s December 2013 announcement of a massive data breach, the retailer has reached an agreement with Visa, whereby it will reimburse Visa and certain affected card issuers up to $67 million for expenses incurred in connection with the breach.  This will include costs associated with reissuing cards. The agreement comes … Continue Reading

PCI Council Updates both Card Production Standards and Data Security Standards

The Payment Card Industry Security Standards Council (‘PCI SSC’) has had a busy year thus far updating both its Card Production Security Requirements and its Data Security Standards (‘PCI DSS’). First, on 10 April, the PCI SSC updated its Card Production Requirements (guidance published to help card producers secure the card production process from creation … Continue Reading

PCI Council Updates both Card Production Standards and Data Security Standards

The Payment Card Industry Security Standards Council (‘PCI SSC’) has had a busy year thus far updating both its Card Production Security Requirements and its Data Security Standards (‘PCI DSS’). First, on 10 April, the PCI SSC updated its Card Production Requirements (guidance published to help card producers secure the card production process from creation … Continue Reading

Update: Proposed Settlement in Target Data Breach Litigation

The proposed settlement agreement in the Target data breach consumer litigation that we reported on on March 19, 2015 has been approved by the judge, and a final approval hearing set for November 10, 2015. Based on this order, class members should start to receive notice of the settlement within 45 days of yesterday’s order.… Continue Reading

Proposed Settlement in Target Data Breach Litigation

A proposed settlement has been reached in the multi-district consumer litigation Target faces following a data breach that compromised at least 40 million credit cards during the 2013 holiday shopping season. The settlement, which requires Target to pay $10 million into a settlement fund and adopt specific data security measures, still needs court approval. If … Continue Reading

Enforced subject access requests now a criminal offence in the UK

In September 2014 we reported on the UK’s intention to stamp out a practice commonly known as “enforced subject access requests”. This concerned the previously dormant section 56 of the UK Data Protection Act 1998 (‘DPA’), which, following an announcement from the Ministry of Justice, was implemented on March 10, 2015. Under this section, it … Continue Reading

Update on State Attorneys General: Connecticut Creates a Permanent Privacy Department; NAAG Covers Big Data, Cybersecurity, and Cloud Computing; and States Amend Breach Laws

The federal government may be pushing a cybersecurity and data privacy agenda, but that doesn’t mean that the states are taking a back seat. The state attorneys general are maintaining their focus on issues relating to privacy and data security and expanding the scope of that focus to address the ever-evolving nature of those issues. … Continue Reading

Ofgem’s Smart Meter Network Decision: UK gas and electricity consumer privacy gets broader protection

In February 2015, Ofgem (the UK’s Office of Gas and Electricity Markets) published its Decision on Extending the Smart Meter Framework to Remote Meters (the Decision). This confirms that, following a public consultation, the privacy requirements embedded in the supplier licence terms and which will apply to suppliers’ use of customer data from “smart meters” … Continue Reading

PCI Security Standards Council Announces Revisions to the use of SSL

The Payment Card Industry (PCI) Security Standards Council has released a bulletin on impending revisions to version 3.0 Payment Application Data Security Standards (PA-DSS) and version 3.0 of the PCI Data Security Standard (PCI-DSS), which we reported on in January 2014. To ensure the continued protection of consumers’ payment data, the PCI Security Standards Council … Continue Reading

NGOs may rely on UK’s Journalism Exemption

The UK Information Commissioner’s Officer (the “ICO”), in a letter to Global Witness (in Steinmetz and others v Global Witness) (the “Letter”), stated that non-media organisations may rely on the special-purposes exemption for journalism in s32 of the Data Protection Act 1998 (the “DPA”), to withhold personal data in response to Data Subject Access Requests. … Continue Reading

Article 29 Working Party issues its Cookie Sweep Combined Analysis – Report

On 3 February, the Article 29 Data Protection Working Party published its ‘Cookie Sweep Combined Analysis – Report’. The sweep was undertaken by the WP29 in partnership with eight of the European data protection regulators, including the UK’s ICO, France’s CNIL and Spain’s AEPD, in order to assess the current steps taken by website operators … Continue Reading

South Korean Communications Commission Releases Guidelines on Data Protection for Big Data

In December 2014, the Korea Communications Commission (KCC) released the“Big Data Guidelines for Data Protection” (Guidelines). Aimed at Information and Communications Service Providers (ICSPs), they are designed to prevent the misuse of “publicly available information” to create and exploit new information. The Guidelines expressly permit ICSPs to collect and use “publicly available information”, within certain … Continue Reading

China’s State Administration for Industry and Commerce Releases Measures Defining Consumer Personal Information

In January, China’s State Administration for Industry and Commerce (SAIC) released its ‘Measures on Penalties for Infringing Upon the Rights and Interests of Consumers’ (Measures) which are due to take effect March 15, 2015. These Measures flesh out China’s Consumer Rights Protection Law (CRPL) which was amended in March 2014 and provides guidance as to … Continue Reading

EU Art. 29 Working Party Letter on Health Data and Apps

The EU Article 29 Working Party (“WP29”) has published a letter to the European Commission (“EC”) on the scope of health data in relation to lifestyle and well-being apps, following the EC’s Working Document on mHealth and the outcome of its public consultation, which generated interest in strong privacy and security tools, and strengthened enforcement … Continue Reading

Google signs UK Undertaking to Improve its Privacy Policy

On 30 January 2015, Google signed an Undertaking with the Information Commissioner’s Office (ICO) to improve and amend the Privacy Policy it adopted 1 March 2012. Among other things, the modifications to the Privacy Policy allowed Google to combine personal data across all services and products. For example, personal data collected through YouTube could now … Continue Reading

New Data Protection Laws in Africa

In recent years, the number of African countries which have enacted privacy frameworks or are planning data protection laws has vastly increased. Currently, 14 African countries have privacy framework laws and some sort of data protection authorities in place. Once the African Union Convention on Cyber Security and Personal data Protection (Convention) is ratified across … Continue Reading

FAA Takes One Small Step Toward Legalizing Commercial Use of Small Unmanned Aircraft Systems, a.k.a. Drones

The Federal Aviation Administration (FAA) has long been studying the promise and perils of small unmanned aircraft systems (“UAS”), a.k.a. drones. The commercial potential of UAS technology is clear. Businesses are eager to use UAS to do everything from covering traffic accidents to taking real estate and wedding photos to delivering small parcels. However, the … Continue Reading
LexBlog