Our experienced team views data breach response as a joint effort in partnership with the client where the client’s philosophy, brand and customer base are considered integral in reconciling compliance with the numerous, and often competing, laws and regulations. [...]
Moving (Slowly) Toward a National Data Breach Notification Standard
Just last week, small steps were taken toward setting a national standard for reporting of security breaches involving personal data. The Senate Judiciary Committee approved three proposed data breach bills: The Personal Data Privacy and Security Act of 2011, S. 1151 The bill incorporates several components of the Obama administration’s Cybersecurity Legislative Proposal [.pdf], including setting a … Continue reading
Dropbox Sued for Data Breach – Plaintiff Seeks Class Action
In May, we discussed the FTC’s investigation of whether Dropbox encrypts data stored according to industry best practices in order to decrease the risk of data breach and identity theft to its customers. On June 20th, Dropbox announced that after a code change, it discovered that it had accidentally turned off password authentication for its … Continue reading
Ireland’s Security Breach Code of Practice May Be Effective Soon
Ireland is prepping for stricter requirements soon to be in effect for the protection of personal data. In March of 2011, Ireland’s Data Protection Commissioner released his 2010 Annual Report [.pdf] regarding the state of data protection. It was reported that in 2010, the office of the Data Protection Commissioner received 410 data breach notifications, … Continue reading
CT AG Jepsen Carries Blumenthal’s Enforcement Torch
Connecticut Attorney General George Jepsen is continuing his predecessor’s aggressive efforts to safeguard the personal information of the state’s citizens. Former Connecticut Attorney General Richard Blumenthal, during his tenure, investigated numerous organizations regarding possible data breaches, and in one case, fined insurance provider Health Net $250,000 for losing the data of 500,000 Connecticut residents. Jepsen recently requested specific … Continue reading
Could Your Social Media Policy Violate the NLRA?
Social media presents many privacy challenges to employers. Now, the National Labor Relations Board (“NLRB”) has stepped in and shown that it has an ongoing interest in a company’s social media policy – especially where an employee’s rights under the National Labor Relations Act (“NLRA”) may be violated. We are still awaiting more information regarding the NLRB’s discussions with Thomson Reuters … Continue reading
FTC Called to Investigate Security of Dropbox
Cloud storage services are used daily by businesses to share proposals, invoices, important confidential documents, etc. Cloud storage services are also used to share personal information amongst family and friends, including photos, receipts, travel plans, etc. With the recent high profile attacks on data, the Federal Trade Commission (“FTC”) has been called to investigate Dropbox, the popular cloud storage service … Continue reading
The SEC is Serious About Protecting a Customer’s Confidential Information
On April 7, 2011, for the first time, the Securities and Exchange Commission (SEC) announced fines assessed against three former executives of GunnAllen Financial, Inc. (GunnAllen), a broker-dealer based in Tampa. Without admitting or denying the SEC’s findings, the three former executives, including a former president, former national sales manager, and former chief compliance officer, … Continue reading