Privacy & Management

Subscribe to Privacy & Management

On January 4, 2017, the National Institute of Standards and Technology (“NIST”) published the final version of NIST IR 8062 “An Introduction to Privacy Engineering and Risk management in Federal Systems.”  The report introduces the concept of applying systems engineering practices to privacy and provides a new model for conducting privacy risk assessments on systems.  In the blog post accompanying the release, NIST notes that the report is intended to address the absence of a vocabulary for talking about privacy outcomes and to produce “processes that are repeatable and could lead to measurable results.”

To this end, the report introduces three (3) privacy engineering objectives, which are intended to help system designers, engineers and policy teams to help “bridge the gap between high-level privacy principles and their implementation within systems.” These objectives are defined as follows:
Continue Reading NIST Publishes Introduction to Privacy Engineering and Risk Management to Assist Agencies and Organizations in Designing Privacy-Compliant Systems

With the onslaught of smart watches, smart thermostats, and even smart refrigerators that allow you to Tweet hangry messages to your followers, it’s only natural that a “smart city” would follow.

This week, San Francisco city officials agreed to run a one-year pilot project with Sigfox – an FCC certified French start-up that builds low-power wireless networks – to create an Internet of Things (“IoT”) wireless network that caters exclusively to smart devices with low-bandwidth apps. While the term “wireless network” typically conjures up thoughts of the ubiquitous Wi-Fi symbol, this low-power, wide area network (“LPWAN”) on which Sigfox will operate is entirely separate from traditional cellular networks, which require a much higher level of data streaming and power usage.

Sigfox and city technology crews have installed about 20 of its base stations throughout San Francisco, using libraries and other city buildings. Each base station covers about 12 to 18 miles and is roughly the size of a briefcase. Device makers who want to join the network must install a radio chip that costs less than $2 and comes loaded with the Sigfox firmware.
Continue Reading San Francisco Launches First “Internet of Things” Wireless Network in United States

A proposed settlement has been reached in the multi-district consumer litigation Target faces following a data breach that compromised at least 40 million credit cards during the 2013 holiday shopping season. The settlement, which requires Target to pay $10 million into a settlement fund and adopt specific data security measures, still needs court approval.

If

In September 2014 we reported on the UK’s intention to stamp out a practice commonly known as “enforced subject access requests”. This concerned the previously dormant section 56 of the UK Data Protection Act 1998 (‘DPA’), which, following an announcement from the Ministry of Justice, was implemented on March 10, 2015. Under this section, it

The federal government may be pushing a cybersecurity and data privacy agenda, but that doesn’t mean that the states are taking a back seat. The state attorneys general are maintaining their focus on issues relating to privacy and data security and expanding the scope of that focus to address the ever-evolving nature of those

In February 2015, Ofgem (the UK’s Office of Gas and Electricity Markets) published its Decision on Extending the Smart Meter Framework to Remote Meters (the Decision). This confirms that, following a public consultation, the privacy requirements embedded in the supplier licence terms and which will apply to suppliers’ use of customer data from “smart meters”

The Payment Card Industry (PCI) Security Standards Council has released a bulletin on impending revisions to version 3.0 Payment Application Data Security Standards (PA-DSS) and version 3.0 of the PCI Data Security Standard (PCI-DSS), which we reported on in January 2014.

To ensure the continued protection of consumers’ payment data, the PCI Security Standards Council