Tag Archives: security

Ransomware in the Spotlight with Recent Attacks

This month’s WannaCry ransomware attack is the latest example of how these targeted attacks can cripple operating systems, with the bitcoin payments the price for alleged relief. In the attack, the WannaCry ransomware computer worm targeted the Microsoft Windows operating system, infecting more than 230,000 computers in 150 countries. The ransomware was allegedly spread through … Continue Reading

Data Privacy and Security Legal Reform, and Plaintiffs’ Bar White Paper the Focus of IAPP Panel

A panel on legal reform in the area of privacy and data security at this week’s IAPP Summit provided an opportunity for a discussion between businesses and regulators, as well as for the launch of a white paper on the activities of the plaintiffs’ bar in this area that Reed Smith prepared for the U.S. … Continue Reading

New FAA Drone Rules

On June 21, 2016, the FAA issued its long-awaited regulations governing “Small Unmanned Aircraft,” or drone operation.  The regulations allow the use of drones weighing less than 55 pounds, traveling less than 100 mph groundspeed, and up to 400 feet above the ground, for a wide variety of purposes during daylight hours.  The regulations allow … Continue Reading

Why Are My Competitors Outsourcing IT? Should I?

Many organizations in different markets and industries are outsourcing parts (or all) of their IT functions (including support, development, help desk, data storage and others). Why are they outsourcing? What are the potential benefits of outsourcing? Helps the company bottom line – saves money. Many companies find lots of savings in outsourcing. The savings may be … Continue Reading

State Attorneys General Maintain Sharp Focus on Privacy

Though the National Association of Attorneys General (NAAG) Presidential Initiative “Privacy in a Digital Age” expired in June 2013 when a new NAAG president took over, the state attorneys general have maintained their sharp focus on all things privacy, with no signs that that focus will shift anytime soon. Most recent case in point: a … Continue Reading

Office for the Australian Information Commissioner (OAIC) Publishes Draft Guidelines Interpreting New Privacy Principles

The Office for the Australian Information Commissioner (OAIC) has published initial draft guidelines which provide a good indication as to how to interpret the first five of thirteen Australian Privacy Principles (APPS) that will form the foundation of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 which will become effective from 12 March 2014. APP … Continue Reading

Awaiting the Release of the HITECH Final Rule

As the year is coming to an end, the industry is speculating the release date of the Health Information Technology for Economic and Clinical Health Act (“HITECH”) final rule. The final rule is expected to address modifications to the Privacy, Security, Enforcement, and Breach Notification Rules, and with the release date yet to be determined, … Continue Reading

More News on COPPA…

This post was also written by Frederick Lah. One day after the FTC issued its second report on privacy concerns with mobile apps for kids, “Mobile Apps for Kids: Disclosures Still Not Making the Grade“, a consumer privacy group filed a complaint with the FTC against a mobile game-maker for alleged violations of COPPA.  The complaint, … Continue Reading

UK Information Commissioner’s Office Issues Cloud Guidance

With a need for mobile access to data and the influx of innovative and affordable cloud computing products to global markets, organisations are shifting towards a greater use of the cloud. In response to its growing popularity, the Information Commissioner’s Office (ICO) has published guidelines on data protection compliance issues surrounding cloud computing. The practical … Continue Reading

FERC Issues Order to Investigate Possible Violations of its Cyber Security Protocols for the Electric Grid

This post was also written by Amy Mushahwar. The Federal Energy Regulatory Commission (FERC) issued an order on July 20, 2012 to investigate whether any Authorized Certification Authorities (ACAs) had violated the North American Energy Standards Board (NAESB) Public Key Infrastructure (PKI) Standards, which outline various security requirements and specifications for the electric grid.1  The Order requires all … Continue Reading

Changes in State Data Privacy Laws to Become Effective Soon

This post was also written by Frederick Lah. We previously reported on Texas House Bill 300 that was signed into law last year.  The new law presents stricter requirements for health privacy and data breach notification obligations.  That law is set to become effective September 1, 2012.  Two types of entities will be primarily affected by the law: “Covered … Continue Reading

Electric Grid Cyber Threat Concerns Raised Last Week During an Intense Push for General Cybersecurity Legislation

This post was also written by Amy Mushahwar. Since three cyber security bills passed the House in April (H.R.2096, H.R.3523, and H.R.3834), all eyes have been on Washington for cyber security developments in the Senate. This past week there were several. The week began with a hearing on Tuesday, July 17, by the U.S. Senate … Continue Reading

Obama Administration Finalizes Its Privacy Framework: DOC Steams Ahead with Privacy Regulatory Blueprint in the Absence of Federal Privacy Legislation

This post was also written by Christopher G. Cwalina and Amy S. Mushahwar. Today, in a ceremony with much fanfare, Secretary of Commerce John Bryson and Federal Trade Commission Chairman John Liebowitz outlined the Obama administration’s privacy blueprint for a “consumer bill of rights.” Shortly thereafter, the Department of Commerce released its long-awaited consumer privacy … Continue Reading

Privacy Ratings: Do They Mean Anything?

This post was also written by Chris Cwalina, Nick Tyler and Frederick Lah. Consumers increasingly demand transparency into how companies use their personal information. We’ve seen a number of responses to this. One has been legislative; for example, the accounting requirement under the Dodd-Frank Act and California’s Shine the Light Act. For our previous analysis of … Continue Reading

Markey Releases Discussion Draft of the Mobile Device Privacy Act

This post was written by Amy S. Mushahwar. Today, in response to the controversy surrounding cellphone tracking software from Carrier IQ, U.S. Representative Edward Markey (D-MA) released a draft of a cellphone privacy bill. As background, the Carrier IQ software first made headlines in November, when a researcher posted a YouTube video claiming to show … Continue Reading

Does “Public” Privacy Exist?

This post was also written by John Hines, and Frederick Lah. Just how much privacy are we entitled to in public places, such as public highways and buses, classrooms, restaurants, or even on the Internet? While we expect to lose some sense of privacy when we move into public spaces, does this mean that we should … Continue Reading

Judge Rules IP Address Does Not Identify User

This post was also written by Chris Cwalina and Frederick Lah. In VPR Internationale v. Does 1-1017 (C.D. Ill.), Judge Baker opined that Internet Protocol (“IP”) addresses do not — by themselves — qualify as personal information, capable of accurately identifying an individual. While this decision is a landmark ruling for the mass-BitTorrent lawsuits in … Continue Reading

Canadian Court Finds Reasonable Expectation of Privacy on Work Computers

This post was also written by Frederick Lah. Standards for determining whether an employee has privacy rights with respect to an employer-issued communications device continue to develop. The analysis continues to be grounded in a detailed, fact-specific analysis of what the employee has been told, and permitted to do, by the employer. Recently, the Court of … Continue Reading

Indian Government discussing BlackBerry ban: “security more important than privacy”

A few days following the concession made by BlackBerry manufacturers, Research in Motion (RIM), to provide Indian security agencies access to their encrypted data, India’s Home Minister P. Chidambaram held “security to be more important than privacy”. Security concerns in India have certainly risen following the terror attack on Mumbai in November 2008, the worsening … Continue Reading
LexBlog