Tag Archives: data security

FTC and D-Link Settle Data Security Dispute

By Sheila Millar and Tracy Marshall on July 17, 2019 Posted in Data Privacy

After protracted litigation, the Federal Trade Commission (FTC) entered into a proposed settlement with computer software manufacturer D-Link over charges that the company misrepresented the security of its wireless routers and Internet-connected cameras and failed to take reasonable software testing and remediation measures to protect the devices. As we previously reported, part of the FTC’s… Continue Reading

UK ICO Proposes GDPR Fines for British Airways and Marriott Data Breaches

By Sheila Millar and Tracy Marshall on July 11, 2019 Posted in Data Security

Earlier this week, the UK Information Commissioner’s Office (ICO) announced its intent to fine British Airways £183,390 million ($230 million) and its intent to fine Marriott International more than £99 million ($123 million) for violations of the General Data Protection Regulation (GDPR) arising out of data breaches. The ICO investigated the breaches as the lead… Continue Reading

FDA Issues Final Guidance on Interoperable Medical Devices

By Sheila Millar, JC Walker and Tracy Marshall on October 5, 2017 Posted in Connected Products, Product Safety

The U.S. Food and Drug Administration (FDA) finalized its recommendations on September 6, 2017 on how to secure interoperable medical devices’ interactions with other devices and information systems. The FDA’s initial guidance, drafted in January 2016, was designed to help manufacturers develop safe, secure information exchange systems in connected medical devices. The updated guidance incorporates… Continue Reading

Are Your Security Tools Up to Date?

By Sheila Millar and Tracy Marshall on May 22, 2017 Posted in Cybersecurity, Data Security, Privacy

The effects of the massive cyberattack using ransomware known as “Wanna Cry” are still being felt all over the world. Tens of thousands of organizations have been infected, including the UK’s National Health Service, which ran some services on an emergency-only basis the day the attack began in earnest. Some security experts surmise that the… Continue Reading

New Mexico Enacts Data Breach Notification Law; Tennessee Reinstates Encryption Safe Harbor

By Tracy Marshall and Sheila Millar on April 28, 2017 Posted in Privacy

New Mexico is the 48th state to enact a data breach law. That law, the Data Breach Notification Act (HB15), is scheduled to take effect on June 16, 2017. Alabama and South Dakota are now the only states without a data breach notification law. The New Mexico law is like other state breach notification laws… Continue Reading

NIST Issues New Update to Cybersecurity Framework

By Sheila Millar and Tracy Marshall on January 17, 2017 Posted in Cybersecurity

On January 10, 2017, the National Institute of Standards and Technology (NIST) released an update to its Cybersecurity Framework, first issued in 2014. The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The new draft provides details on managing cyber supply… Continue Reading

NTIA Steps into IoT Debate

By Sheila Millar and Tracy Marshall on April 21, 2016 Posted in Cybersecurity, Privacy

Continuing its tradition of active involvement in digital economy questions, the Department of Commerce’s (DOC) National Telecommunications and Information Administration (NTIA) issued a request for public comment on questions posed by the growth of the Internet of Things (IoT). The explosive growth of connected products, anticipated to reach 25 billion by 2020, is one reason… Continue Reading

Appeals Court Agrees That Health Solutions Provider’s Insurance Requires Defense in Data Disclosure Class Action

By Douglas Behr and Sheila Millar on April 13, 2016 Posted in Data Security, Litigation, Privacy

Availability of insurance is often among the first questions that arises when a company encounters a data breach or other Internet-related problem involving company records, even where the company lacks a cyberinsurance policy. The federal Fourth Circuit Court of Appeals recently affirmed a ruling by a District Court that required insurance coverage for an inadvertent… Continue Reading

The FCC Continues Privacy Push with Draft Proposal Regulating ISP Customers’ Data

By Sheila Millar and Tracy Marshall on March 11, 2016 Posted in Data Security, Privacy, Regulations

On the heels of the Open Internet Order adopted by the Federal Communications Commission (FCC) last year, FCC Chairman Tom Wheeler has circulated a Notice of Proposed Rulemaking (NPRM) to fellow Commissioners that would apply the privacy protections of the Communications Act to broadband Internet access services. Wheeler’s proposal will be voted on at the… Continue Reading

New Year, New Cyber Law

By Sheila Millar and Tracy Marshall on January 4, 2016 Posted in Cybersecurity

In the rush of holidays and storms around the country (and weirdly warm weather here in D.C.), it was easy to miss that Congress finally approved the Cybersecurity Information Sharing Act (CISA). The bill was included in the middle of its omnibus spending package, the Consolidated Appropriations Act, 2016, Pub. L. 114–113 (Dec. 18, 2015),… Continue Reading

Life After the U.S.–EU Safe Harbor

By Sheila Millar and Tracy Marshall on November 3, 2015 Posted in Data Security, Privacy

We’ve written about the ground-breaking and panic-inducing ruling of the European Court of Justice (ECJ) invalidating the U.S.–EU Safe Harbor framework as an adequate data transfer mechanism, and ruling that national authorities are not bound by Commission approvals. Click here for our September 23, 2015 blog post, and here for a related October 16, 2015… Continue Reading

Article 29 WP Says Safe Harbor Transfers Illegal; Model Clauses and BCRs Under Review

By Sheila Millar and Tracy Marshall on October 16, 2015 Posted in Data Security, Litigation, Privacy

The Article 29 Working Party (WP) issued a press release on October 16, 2015 announcing the outcome of the meeting to discuss coordinated action after the Court of Justice of the European Union (ECJ) decision in the matter of Schrems v. Data Protection Commissioner (C-362-14), which invalidated the U.S.-EU Safe Harbor Agreement. While calling for… Continue Reading

EU Official Calls for Invalidation of EU–U.S. Safe Harbor Pact

By Sheila Millar and Tracy Marshall on September 23, 2015 Posted in Data Security, Privacy

A European Court of Justice (ECJ) advocate general, Yves Bot, has called for the European Union–U.S. Safe Harbor Agreement to be invalidated due to concerns over U.S. surveillance practices (press release here, opinion here). The ECJ has discretion to reject the recommendation, but such opinions are generally followed. A final decision on the issue is… Continue Reading

In Commission Win, Appeals Court Agrees that FTC Can Regulate Business Data Security Practices Under Unfairness Authority

By Sheila Millar and Tracy Marshall on August 26, 2015 Posted in Cybersecurity, Data Security, Privacy

In a closely watched case where the Federal Trade Commission (FTC) pursued Wyndham Worldwide Corporation for several data breaches that led to millions of dollars in fraudulent charges on customers’ payment cards, the U.S. Court of Appeals for the Third Circuit on Monday agreed with the Commission’s broad interpretation of its “unfairness” authority (opinion here).… Continue Reading

FTC Issues Data Security Guidance

By Sheila Millar and Tracy Marshall on July 1, 2015 Posted in Cybersecurity, Data Security

The U.S. Federal Trade Commission (FTC) issued new data security guidance for businesses on June 30, 2015. The publication, Start With Security: A Guide for Business, consolidates other guidance from the FTC that reflects its position that security by design, much as privacy by design, should be integrated into business processes. The guidance isn’t new,… Continue Reading

High Court to Decide If Congress Can Let Consumers Sue Over Publication of Inaccurate Personal Information Without Concrete Damages

By Douglas Behr and Sheila Millar on May 7, 2015 Posted in Cybersecurity, Data Security, Litigation, Privacy

The Supreme Court of the United States granted certiorari late last month in a case with important implications for consumer privacy and for the ability of Congress generally to create wholly new protections for consumers. Plaintiffs must always show that they have standing – a legally-protected interest that allegedly has been violated – before a federal… Continue Reading

Third Circuit Says Privacy Class Action Members are “Ascertainable” in Suit Against Aaron’s Stores Because There are Records

By Douglas Behr on May 4, 2015 Posted in Data Security, Privacy

Every class action lawsuit always involves the question of how to identify, or “ascertain”, who is a member of the class. Consumers keep expensive products or at least keep records related to their purchase. Inexpensive or transitory products are generally gone by the time litigation commences and no records of the purchase exist. In such… Continue Reading

House Passes Cyber Information Sharing Bills

By Sheila Millar and Tracy Marshall on April 24, 2015 Posted in Cybersecurity, Data Security, Privacy

This week, the U.S. House of Representatives passed two cybersecurity information sharing bills that gained qualified support from the Obama Administration. Together, the bills (the Protect Cyber Networks Act (PCNA) and the National Cybersecurity Protection Advancement Act (NCPAA)) would authorize companies to share cyber threat information and defensive measures with each other and the government,… Continue Reading

Managing “Cyber” – A New Guide for Companies on Cybersecurity and Addressing Cyberthreats and Cybercrime

By Sheila Millar on April 16, 2015 Posted in Cybersecurity, Data Security

The Paris-based International Chamber of Commerce (ICC) today released a new guide to help companies manage their cybersecurity, including how to address cyberthreats and how to prevent cybercrime. The ICC Cyber security guide for business, prepared by the ICC’s Commission on the Digital Economy, was written to help companies address the new types of risks… Continue Reading

Data Breaches: Not Just for States and the FTC Anymore

By Tracy Marshall and Sheila Millar on April 8, 2015 Posted in Cybersecurity, Data Security, Privacy

The Federal Communications Commission (FCC) announced today that AT&T Services, Inc., will pay $25 million to resolve an investigation into whether the company violated Sections 201(b) and 222 of the Communications Act relating to consumer privacy at AT&T call centers in Mexico, Colombia, and the Philippines. According to the FCC’s order and consent decree, call… Continue Reading

Tips for Preventing Privacy and Data Breach Suits

By Sheila Millar and Tracy Marshall on January 8, 2015 Posted in Privacy, Product Safety

As we discussed in the Privacy Class Action Claims on the Rise post from December 17, 2014, the number of privacy class action claims is trending upwards, along with all things privacy-related. Some of the breaches and other big media stories could have been avoided, while others were unavoidable for the businesses at issue. Either… Continue Reading