Year in Review: Top Privacy and Data Security Developments of 2013
|
|
- Godwin Maxwell
- 8 years ago
- Views:
Transcription
1 Contact: Timothy J. Toohey Partner Year in Review: Top Privacy and Data Security Developments of is the year when privacy and data security became matters of general public recognition. Privacy and security were constantly in the headlines in 2013, particularly after the revelations of Edward Snowden regarding the surveillance activities by the National Security Agency (NSA). The final months of 2013 were particularly active, with news of the data security breach affecting the retailer Target, two court decisions addressing the constitutionality of NSA surveillance (one finding it unconstitutional and the other constitutional), extensive recommendations by a Presidential committee for changing government surveillance programs, major court decisions in privacy litigation involving Google and Apple, and heightened debate in the European Union (EU) regarding a major reform of its data protection laws and the EU/US Safe Harbor allowing data to be transferred between the US and EU. The top developments in privacy and data security in 2013 are described below. A separate story will address what to look for in NSA Surveillance Undoubtedly the number one story of 2013 was the revelation by Edward Snowden of unprecedented details regarding US government surveillance programs. Although these programs involved government surveillance, they have impacted virtually every aspect of data collection and security, including those undertaken by non-government entities, such as businesses. Indeed, the term Snowden Effect has been coined to describe the wide-ranging effects that the disclosures have had and continue to have on privacy and data security. The Snowden Effect reveals the ways in which laws regarding data security and privacy have either not kept up with or have been drastically modified by changes in technology in recent years. The surveillance techniques that have been revealed rely on an ability to collect and access massive amounts of data that
2 was unheard of when the Foreign Intelligence Surveillance Act (FISA), 1 on which these programs are based, was passed in Courts struggle with the impact of technological change on the law, as seen in the decisions of two different district courts in December 2013 addressing the constitutionality of the NSA s program regarding the bulk collection of telephone metadata. In the first of these decisions, 2 Judge Richard Leon of the United States Court for the District of Columbia found that the NSA s mass collection of telephony metadata is unconstitutional under the Fourth Amendment because technological advances have made the third party doctrine inapplicable. This doctrine, which was stated in the seminal 1979 Supreme Court case of Smith v. Maryland, 3 holds that an individual has no reasonable expectation of privacy in data disclosed to a third party, such as a telecommunications provider. In contrast, Judge William H. Pauley III of the United States Court for the Southern District of New York decided later that same month 4 that the third party doctrine is still valid, despite changes in surveillance technology. In an opinion that made frequent reference to the events of September 11, 2001, Judge Pauley found that when a person voluntarily conveys information to a third party, he forfeits the right to privacy in the information... The collection of breathtaking amounts of information unprotected by the Fourth Amendment does not transform that sweep into a Fourth Amendment search. Three days after Judge Leon s decision, the Obama Administration made public a three-hundred page committee report 5 suggesting 40 different changes to the surveillance programs. Later that month, Mr. Snowden went on British television 6 with a Christmas message warning that a child born today will grow up with no conception of privacy at all. 2. Data Security Although data security breaches are not a new phenomenon, 2013 brought further attention to the scope and variety of breaches of both personal and proprietary information. On February 12, 2013, President 1 50 USC 1801 Definitions, Legal Information Institute, Cornell University Law School, 2 Klayman v. Obama, Civ. No , 3 Smith v. Maryland, 442 U.S. 735 (1979), 4 Doug Stanglin, Federal judge: NSA phone surveillance legal, USA Today, Dec. 27, Liberty and Security in a Changing World: Report and Recommendations of The President s Review Group on Intelligence and Communications Technologies, The White House, Dec. 12, 2013, 6 Stephen Castle, TV Message by Snowden Says Privacy Still Matters, The New York Times, Dec. 25, 2013,
3 Obama issued an Executive Order 7 for increased cyber security for US critical infrastructure. Although cyber security legislation remains bogged down in Congress, the National Institute of Standards and Technology (NIST) of the Department of Commerce issued a Preliminary Cybersecurity Framework 8 pursuant to the Executive Order that received many comments before public comments were closed in December. Overshadowing these developments in the public eye was the constant drum beat of attacks on personal and proprietary data, from ransom ware attacks that hold individuals computers hostage by encrypting the data and locking them out of their computers until payment of the ransom, to stolen or hacked log-in credentials that impacted companies such as Adobe, and malware affecting mobile applications. Data security also has an international dimension. In February 2013, for example, the New York Times revealed 9 that a Shanghai office tower housed a Chinese army base responsible for an overwhelming percentage of cyber-attacks on American corporations and government agencies. The year s data security stories culminated with the revelation that hackers had stolen as many as 40 million credit and debit card records from nationwide retailer Target in the busy post-thanksgiving shopping season. As a result, numerous class actions were filed against Target and some called for retailers 10 to adopt a pointof-purchase security system, such as the chip and pin system widely used in Europe. 3. Big Data Continuing a trend from prior years, the term big data was increasingly used in 2013 to describe the phenomenon where massive amounts of data are collected, retained, and used by private businesses and, as the Snowden stories reveal, by the government. Although big data has many proponents, retention and analysis of large amounts of data by private businesses in 2013 came under increasing scrutiny with some questioning 11 why consumers are more comfortable with businesses collecting personal information than with the government obtaining the same information. With data being collected online, from devices (see Internet of Things, below), brick and mortar businesses, and via omnipresent 7 Executive Order -- Improving Critical Infrastructure Cybersecurity, The White House, Feb. 12, 2013, 8 Improving Critical Infrastructure Cybersecurity Executive Order 13636: Preliminary Cybersecurity Framework, 9 David Sanger, David Barboza, and Nicole Perlroth, Chinese Army Unit Is Seen as Tied to Hacking Against U.S., The New York Times, Feb. 18, 2013, 10 Alan Yu, Outdated Magnetic Strips: How U.S. Credit Card Security Lags, NPR, Dec. 19, 2013, 11 Should the government know less than Google? The Economist, June 11, 2013,
4 communications devices, concerns have arisen that privacy is being undermined by massive amounts of potentially linkable data. Indeed, even those who proclaim the benefits of big data 12 are concerned it may lead to holding people responsible for predicted future acts, ones they may never commit a scenario almost directly out of Steven Spielberg s film Minority Report. In light of these concerns, some have called for additional government regulation and changing the notice and consent model on which many current privacy laws are based. 4. The Internet of Things. From medical devices to smart cars and buildings, the Internet of Things drew increasing attention in The promise of such smart devices is that they can transmit critical information in real time to professionals, such as doctors, and provide consumers with convenient ways to control and monitor devices in their homes and elsewhere. The concern, as highlighted in an episode of Homeland (and echoed by former Vice President Cheney s worries regarding his own pacemaker), 13 is that the wireless function in such devices may be hacked. The security and privacy concerns arising out of the Internet of Things were highlighted in a symposium conducted by the FTC 14 on November 19, 2013 and by the FTC s settlement of an administrative action 15 against Trendnet on September 4, Trendnet, which marketed a camera that allowed consumers remotely to monitor their homes, was accused of failing to use reasonable security measures, including password protections, which allowed consumers private video feeds to be visible on the Internet. 5. Health Care The privacy and security implications of health care were much in the news in 2013, including the rocky rollout of the Affordable Healthcare Act s website was also notable for large security breaches in the health care industry, including those of Horizon Blue Cross Blue Shield of New Jersey, which affected 840,000 patients, Advocate Medical Group of Chicago, which affected 4 million patients, and numerous 12 Michiko Kakutani, Watched by the Web: Surveillance Is Reborn, The New York Times, June 10, 2013, 13 Dan Goodin, Dick Cheney altered implanted heart device to prevent terrorist hack attacks, Ars Technica, Oct. 19, 2013, 14 Internet of Things - Privacy and Security in a Connected World, Federal Trade Commission, Nov. 19, 2013, 15 Marketer of Internet-Connected Home Security Video Cameras Settles FTC Charges It Failed to Protect Consumers' Privacy, Federal Trade Commission, Sept. 4, 2013,
5 other breaches. 16 The breaches involved a wide array of conduct, from unauthorized access and disclosure of protected health information, lost or stolen devices containing unencrypted patient data, illegal recording of patient images during examinations, sharing of information with unauthorized personnel, and mishandling of information by subcontractors. Further underlining the continued sensitivity of health information, the US Department of Health and Human Services (HHS) implemented the HITECH Act on September 23, 2013 through the HIPAA Omnibus Rule. 17 The Omnibus Rule extended the range of individuals and entities that are treated as business associates under HIPAA and thus must comply with the increasingly strict HIPAA Privacy and Security Rules. Given the continued interest in protecting health care information, it is likely that the HHS through its Office of Civil Rights (OCR) will continue actively to enforce these rules. 6. Mobile Applications The enormous growth in mobile applications was another hallmark of In February, the FTC issued a staff report 18 on ways that all players in the mobile ecosystem could improve mobile privacy disclosures to allow consumers to get information about what data is collected and how it is used. California has been active in this area, with the Attorney General issuing guidance 19 on how mobile apps can better improve consumer privacy and pursuing actions against companies under the California Online Privacy Protection Act (CalOPPA) for failure to conspicuously post and comply with privacy policies. On July 1, 2013, the FTC s 20 revised rule for the Children s Online Privacy Protection Act (COPPA) came into effect with increased restrictions on websites and mobile apps that are directed to children and general audience websites with actual knowledge that they are collecting, using, or disclosing personal information from children under 13. The FTC also signaled its interest in mobile applications by announcing a settlement 21 on December 5, 2013 with Goldenshores Technology, which is alleged to have 16 Nicole Freeman, Healthcare s most significant data breaches of 2013, HealthITSecurity, Dec. 23, 2013, 17 The Health Insurance Portability and Accountability Act (HIPAA) Omnibus Final Rule Summary, American Medical Association, 18 FTC Staff Report Recommends Ways to Improve Mobile Privacy Disclosures, Federal Trade Commission, Feb. 1, 2013, 19 Attorney General Kamala D. Harris Issues Guidance on How Mobile Apps Can Better Protect Consumer Privacy, State of California Department of Justice, Jan. 10, 2013, 20 Complying with COPPA: Frequently Asked Questions, Bureau of Consumer Protection Business Center, 21 Android Flashlight App Developer Settles FTC Charges It Deceived Consumers, Federal Trade Commission, Dec. 5, 2013,
6 deceived consumers using its highly popular Brightest Flashlight application by failing to inform them that the app sent geolocation and device identifier information to third parties, including advertising networks. 7. Litigation As before, litigation alleging privacy and security violations by prominent companies has been a part of the US landscape in As before, plaintiffs in privacy lawsuits have encountered significant challenges to these lawsuits, particularly in establishing standing, alleging injury in fact, and finding a statutory basis for their claims. Among the highlights of 2013 were the settlement in May 22 of a seven-year-old lawsuit against AOL for distributing insufficiently anonymized data to researchers and the dismissal in late November of a lawsuit against Apple alleging that it had improperly disclosed personal information through applications purchased for its ios operating system. In dismissing the Apple lawsuit, the court found that the plaintiffs had not presented evidence that users of applications even saw, let alone read and relied upon, the alleged representations in Apple s privacy policies either prior to purchasing his or her iphone, or any time thereafter. Google was again the subject of a major ruling in a privacy case involving its consolidation of its 70 or more privacy policies into a single policy. In a December 3, 2013 order, a court found 24 that the plaintiffs had standing to pursue their claims because of allegations regarding overpayment and suffering alleged economic and statutory injuries, but dismissed the case with leave to amend. Although plaintiffs alleged that they were aggrieved by Google s actions, the court found the allegations did not fit within existing federal and state laws, including the Wiretap Act, Stored Communications Act, misappropriation of likeness, or unfair competition laws. Also in the news in 2013 were attacks on settlements of privacy litigations that had no provisions for monetary payouts to plaintiffs, but did compensate plaintiffs attorneys for legal fees and gave payments to charitable organizations. These settlements were based on the legal doctrine of cy pres which allows for settlements that accomplish the aim of the lawsuit as near as possible when the original objective is impracticable. On November 4, 2013 the Supreme Court refused to hear a challenge to a settlement of a lawsuit involving Facebook that provided no payment to plaintiffs with Chief Justice Roberts expressing 22 Wendy Davis, AOL Settles Data Valdez Lawsuit For $5 Million, MediaPost Publications, Feb. 19, 2013,
7 the view 25 that [i]n a suitable case, this Court may need to clarify the limits on the use of such remedies. 8. California Legislation In the absence of Congressional passage of privacy and security laws, California continues actively to legislate in these fields. Because of its large population and the fact that many Internet and technology companies are headquartered in the state, California privacy and data security legislation has a disproportionate impact on the rest of the country and, in some instances, may establish a national standard was a very active year in California legislation with two significant laws coming into effect on January 1, In a closely watched measure, California in 2013 amended its Online Privacy Protection Act (CalOPPA), 26 Cal. Bus. & Prof. Code et seq., to require operators of websites to disclose in their privacy policies how they respond to Do Not Track signals and whether third parties may collect personally identifiable information about consumer online activities over time and across websites. Because responding to Do Not Track signals is in a state of flux and is much debated, considerable uncertainty has arisen as to how website operators can comply with this provision. California in 2013 also modified its data breach notification law, 27 Cal. Civil Code and , which requires persons and businesses to disclose breaches involving personal information, by expanding the definition of such information to include [a] user name or address, in combination with a password or security question and answer that would permit access to an outline account. This amendment will most likely have the greatest effect on online businesses, which typically collect passwords and other security data. Although it will not come into effect until January 1, 2015, California in 2013 also became the first state to enact a law governing the privacy rights of minors, 28 i.e., persons under eighteen years of age. The new law prohibits operators of websites and other online services and applications from marketing or advertising certain products to minors. The law gives minors the right to request and obtain removal of, content or information posted on the operator s Internet Web site, online service, online application, or mobile application by the user
8 9. The EU/US Safe Harbor The Snowden Effect also expanded to the EU, which has long prided itself on valuing privacy as a fundamental right. Alarmed by the implications of the NSA revelations on the rights of EU citizens, which do not have rights under the US Constitution to challenge surveillance of their communications, some in the EU called for the suspension or repeal of the EU/US Safe Harbor. The Safe Harbor, which was adopted by treaty in 1998, allows for the transfer of data from the EU to the US for companies subscribing to its principles of notice, choice, onward transfer, access, security, data integrity and enforcement. 29 Without the Safe Harbor, many companies in the US would not be able to obtain personal data from EU citizens for processing in the US. In late November 2013, the European Commission issued a report criticizing the inadequacies of the Safe Harbor self-regulatory regime, but stopping short of calling for its suspension. The report offered thirteen suggestions for the improvement of the Safe Harbor mechanism. 30 The Future of Privacy Forum (FPF), which is largely funded by industry, disputed the Commission s suggested changes, 31 noting that the Safe Harbor (and the EU data protection directive itself) are concerned only with commercial privacy and do not apply to national security matters. As the FPF s report noted, US-based companies that are presented with a valid legal order from the US government for information will nonetheless be compelled to provide access to that data regardless of their membership in the Safe Harbor. 10. EU Proposed Data Protection Regulation Because of its implications for companies having customers or employees in the EU, the 2013 debates regarding the proposed EU data protection regulation are also one of the year s leading stories, even for companies based in the US saw a fierce and occasionally acrimonious debate over the proposed regulation, which (unlike the current data protection directive) would apply uniformly to all of the EU member states. Reflecting the importance of the potential changes, the US technology sector, sometimes supported by the US government, lobbied strenuously against certain provisions of the proposed law. 29 U.S.-EU Safe Harbor Overview, Export.gov, 30 Restoring Trust in EU-US data flows - Frequently Asked Questions, Europa, Nov , 31 The US-EU Safe Harbor: An Analysis of the Framework's Effectiveness in Protecting Personal Privacy, Future of Privacy Forum,
9 After months of debate and consideration, the responsible committee of the EU Parliament voted a strengthened bill out of committee on October 22, and initiated negotiations with the Council of the EU, which is comprised of ministers of the 28 individual EU member states, for a final version of the law. Although EU authorities and the Parliament have pressed for passage of the regulation in 2014, doubts have arisen that this will occur because of the Council s continued debate over certain provisions. Some member states, such as the United Kingdom, 33 are concerned that the regulation would be anticompetitive, while other member states, such as Germany, 34 are worried that the regulation would be weaker than existing law. Among the aspects of the law that are actively being debated are the so-called one stop shop concept, which subjects organizations with more than 250 employees to a single data protection authority in a single member state, the requirement that organizations with more than 250 employees have data protection officers (DPOs), substantially increased sanctions of up to 2% of an organization s annual worldwide turnover for violations of the regulation, restrictions on direct marketing, and the right of the individual to erase his or her data (the right to be forgotten ). Once enacted, the EU proposed regulation will not come into effect for two more years. 32 Civil Liberties MEPs pave the way for stronger data protection in the EU, Committees Committee on Civil Liberties, Justice and Home Affairs, Oct. 21, 2013, %2f%2fEP%2f%2fNONSGML%2bIM-PRESS%2b IPR22706%2b0%2bDOC%2bPDF%2bV0%2f%2fEN 33 James Milligan, EU data protection reform could be delayed until 2015, Direct Marketing Association, 34 James Milligan, EU data protection reform could be delayed until 2015, Direct Marketing Association,
10 About the Author Tim Toohey is partner with Morris Polich & Purdy LLP in Los Angeles and is the head of the firm s Cyber, Privacy and Data Security team. He is a US and EU Certified Information Privacy Professional (CIPP/US and CIPP/EU). Tim is the author of Understanding Privacy and Data Protection: What You Need to Know to be published in early 2014 by Thomson Reuters/Aspatore. About Our Cyber, Privacy & Data Security Practice Data is the lifeblood of our global economy. Collected, stored and transmitted, digital data not only imparts great opportunities, but unprecedented privacy and security challenges for businesses in all industry sectors. Privacy and cyber risks require businesses to contend with a complex web of state, federal and international laws. Best practices and self-regulatory standards further complicate the picture for companies attempting to navigate the cyber, privacy and data security maze. With the government giving companies security and privacy practices greater scrutiny, businesses need to be prepared to meet their evolving obligations in these fields. Constantly changing technology affects the competitive environment and privacy and security requirements. Failure to respect privacy and data security may lead not only to serious economic consequences, but adverse publicity and loss of business. Businesses therefore increasingly consult professionals with expertise to meet the challenges of the cyber, privacy and data security environment. Morris Polich & Purdy's Cyber, Privacy & Data Security team collaborates closely with clients to take a comprehensive approach to managing, responding and mitigating privacy and data security risks. Our team proactively develops, implements and assesses privacy and data security for companies in numerous business sectors. From preparing initial policies and procedures governing privacy and data security and performing baseline privacy and risk assessments, to implementing programs and performing compliance analyses, the team s expertise allows it to respond effectively and efficiently. Our team is equipped to respond to government inquiries, investigate and comply with data breach notification requirements and to handle any litigation or regulatory actions arising from alleged privacy violations or data breaches. MPP s Cyber Privacy & Data Security team is comprised of attorneys specializing in the key areas of cyber and social media law, professional liability, insurance coverage, health and long term care, litigation, employment, commercial transactions, electronic discovery and intellectual property. The team works on
11 a national basis and has knowledge and experience regarding a wide variety of laws affecting privacy and data security. The team is involved in advising and providing litigation support for numerous federal provisions, including the Computer Fraud and Abuse Act (CFAA), the US/EU Safe Harbor, the Fair Credit Reporting Act (FCRA), the Health Information Portability and Accountability Act (HIPAA), the Children s Online Privacy Protection Act (COPPA), the Gramm-Leach-Bliley Act (GLB), the Electronic Communications Privacy Act (ECPA), the Stored Communication Act (SCA), the Red Flags Rule, and a myriad of other provisions. Team members have also been involved in numerous matters involving state law, including those arising under California s Song-Beverly Act, the California Medical Information Act (CMIA), the California Invasion of Privacy Act (CIPA), the California Online Privacy Protection Act (CalOPPA), and the California Shine the Light law, among others. MPP s lawyers have also been involved in handling matters dealing with legal provisions relating to cyber security and data breaches, including federal and state laws relating to data breach notification, laws mandating security and encryption, and best practices and self-governing security standards, such as the Payment Card Industry Data Security Standards (PCI DSS). Because digital data is today readily transmitted across national boundaries, members of MPP s team are also knowledgeable regarding international privacy and data security laws, including those of the European Union (EU), Canada, Mexico and Asia. The team is headed by a lawyer who is a United States Certified Information Privacy Professional (CIPP/US) and a European Union Certified Information Professional (CIPP/E) and team members regularly monitor legal developments affecting businesses operating domestically and internationally. Privacy and data security matters are constantly evolving as technology continues to develop. MPP s Cyber, Privacy & Data Security team has both the technical and legal knowledge to monitor these changes and advise clients regarding resulting risks. The team has handled matters involving cloud computing, Big Data, biometric identifiers, the Internet of Things (i.e. smart devices), social media, online behavioral advertising (OBA), and other technologies. Team members have also advised and assisted with numerous privacy issues in the workplace, including Bring Your Own Device (BYOD), preemployment screening, internal investigations, employee use of social media and electronic devices, employee monitoring, and other aspects of the employment relationship. Complementing its work in privacy and data security, the MPP team also has expertise in other aspects of
12 cyber law. The team includes lawyers familiar with copyrights, trademarks, patents, the Digital Millennium Copyright Act (DMCA), government subpoenas of electronic information, trade secrets, and protection of proprietary information. Team members have also handled a wide variety of other cyber matters, including licensing disputes, preservation of electronic evidence, protection of intellectual property against piracy, and registration of domain names. The team has also dealt with numerous e- Discovery issues, particularly those regarding the interplay between electronic collection of documents and relevant privacy and security requirements. This announcement is designed to provide information in regard to the subject matter and may not reflect the most current legal developments, verdicts or settlements. This information is made available with the understanding that the article does not constitute the rendering of legal advice or other professional services. If legal advice is required, such services should be sought Morris Polich & Purdy LLP. All rights reserved.
The Importance of Privacy & Data Security in a Changing World
Cyber, PrivaCy & Data SeCurity 360 www.mpplaw.com about our PraCtiCe Data is the lifeblood of our global economy. Collected, stored and transmitted, digital data not only imparts great opportunities, but
More informationHow To Prepare For The Challenges Of 2014
Contact: Timothy J. Toohey Partner 213.417.5324 ttoohey@mpplaw.com The Year Ahead in Privacy and Data Security 2014 promises to be another eventful year in the privacy and data security fields. Although
More information[ 2014 Privacy & Security Update ].
U.S. Privacy Law: Hiding in Plain Sight U.S. Federal Trade Commissioner Julie Brill Second German-American Data Protection Day Munich, Germany April 30, 2015 Thank you, Dr. Ehmann, for your kind introduction.
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP
More informationPrivacy Issues Airports
Privacy and Data Breaches A GROWING AIRPORT CONCERN Dominic Nessi Los Angeles World Airports Privacy in General There is none Google and other search engines, cookies Growth of on-line commerce Social
More informationWe Know Where You ve Been: Emerging Rules in Online Behavioral Advertising
We Know Where You ve Been: Emerging Rules in Online Behavioral Advertising Prepared for the International Association of Privacy Professionals by Liisa M. Thomas There is a debate raging in the world of
More informationPrivacy & Data Security: The Future of the US-EU Safe Harbor
Privacy & Data Security: The Future of the US-EU Safe Harbor NAOMI MCBRIDE, LISA J. SOTTO AND BRIDGET TREACY, HUNTON & WILLIAMS LLP, WITH PRACTICAL LAW US INTELLECTUAL PROPERTY & TECHNOLOGY AND UK IP&IT
More informationHIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act
International Life Sciences Arbitration Health Industry Alert If you have questions or would like additional information on the material covered in this Alert, please contact the author: Brad M. Rostolsky
More informationPrivacy Law Basics and Best Practices
Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?
More informationThe Legal Pitfalls of Failing to Develop Secure Cloud Services
SESSION ID: CSV-R03 The Legal Pitfalls of Failing to Develop Secure Cloud Services Cristin Goodwin Senior Attorney, Trustworthy Computing & Regulatory Affairs Microsoft Corporation Edward McNicholas Global
More informationTechnological Evolution
Technological Evolution The Impact of Social Media, Big Data and Privacy on Business Consumer Privacy & Big Data Advice, Regulatory and Resulting Litigation Denise Banks Chief Privacy Officer BMO Financial
More informationPREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION. Protecting Personal Consumer Information from Cyber Attacks and Data Breaches.
PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION on Protecting Personal Consumer Information from Cyber Attacks and Data Breaches Before the COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION UNITED
More informationBy Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN
Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the
More informationRecent Developments in U.S. Law: Privacy and Information Technology Health - 2013
Recent Developments in U.S. Law: Privacy and Information Technology Health - 2013 Amyt M. Eckstein Moses & Singer LLP 405 Lexington Avenue New York, NY 10174-1299 (212) 554-7843 What Does Privacy Mean?
More informationFederal Trade Commission
Federal Trade Commission The FTC s Privacy and Data Security Program: Where It Came From, Where It s Going Jessica Rich 1 Director, Bureau of Consumer Protection, FTC International Association of Privacy
More informationInsights into Cloud Computing
This article was originally published in the November 2010 issue of the Intellectual Property & Technology Law Journal. ARTICLE Insights into Cloud Computing The basic point of cloud computing is to avoid
More informationMind Your Business: Privacy, Data Security & Regulatory Compliance Best Practices & Guidance
Mind Your Business: Privacy, Data Security & Regulatory Compliance Best Practices & Guidance National Bar Association - Commercial Law Section 2015 Corporate Counsel Conference February 26, 2015 www.alston.com
More informationThe Matrix Reloaded: Cybersecurity and Data Protection for Employers. Jodi D. Taylor
The Matrix Reloaded: Cybersecurity and Data Protection for Employers Jodi D. Taylor Why Talk About This Now? Landscape is changing Enforcement by federal and state governments on the rise Legislation on
More informationThank you for the opportunity to join you here today.
Ambassador Daniel A. Sepulveda Remarks on the U.S. Privacy Framework and Signals Intelligence Reforms November 3, 2015 Digital Europe Brussels, Belgium Thank you for the opportunity to join you here today.
More informationGovernment Focus on Cybersecurity Elevates Data Breach Legislation. by Experian Government Relations and Experian Data Breach Resolution
Government Focus on Cybersecurity Elevates Data Breach Legislation by Experian Government Relations and Experian Data Breach Resolution Will Congress pass data breach legislation in 2015/2016? Recent high-profile
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP
More informationData Privacy and Security: A Primer for Law Firms
Data Privacy and Security: A Primer for Law Firms All We Do Is Work. Workplace Law. In four time zones and 46 major locations coast to coast. www.jacksonlewis.com JACKSON LEWIS SERVING THE DIVERSE NEEDS
More informationBefore the AmCham EU Transatlantic Conference (Mar. 3, 2011), available at http://useu.usmission.gov/kennard_amchameu_030311.html.
One Year Later: Privacy and Data Security in a World of Big Data, the Internet of Things, and Global Data Flows Keynote Address Before the USCIB/BIAC/OECD Conference on Promoting Inclusive Growth in the
More informationJan Philipp Albrecht Rapporteur, Committee on Civil Liberties, Justice and Home Affairs European Parliament
September 5, 2012 Jan Philipp Albrecht Rapporteur, Committee on Civil Liberties, Justice and Home Affairs European Parliament Lara Comi Rapporteur, Committee on Internal market and Consumer Protection
More informationCYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131
CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations
More informationOPEN ACCESS, PRIVACY AND HACKER CULTURE
OPEN ACCESS, PRIVACY AND HACKER CULTURE An Inside Higher Ed webinar with Tracy Mitrano Director of IT policy and the Institute for Internet Culture Policy and Law at Cornell University October 2, 2013
More informationThe Ethical Implications of NSA Surveillance for Lawyers. David G. Ries Clark Hill Thorp Reed
The Ethical Implications of NSA Surveillance for Lawyers David G. Ries Clark Hill Thorp Reed 2 3 The June 2013 Headlines: NSA collecting phone records of millions of Verizon customers daily The Guardian,
More informationHIPAA and Beyond: The Evolving Landscape of Health Privacy
HIPAA and Beyond: The Evolving Landscape of Health Privacy Melissa Bianchi, Hogan Lovells US LLP Ann Tobin, UnitedHealth Group IAPP Global Privacy Summit, March 9, 2012 No Longer Just HIPAA New developments
More informationDATA PRIVACY ENFORCEMENT EFFORTS BY STATE ATTORNEYS GENERAL
DATA PRIVACY ENFORCEMENT EFFORTS BY STATE ATTORNEYS GENERAL State AGs have been very active in the leadership of data privacy protection initiatives across the country, and have dedicated considerable
More informationData Privacy and Cybersecurity Task Force
Data Privacy and Cybersecurity Task Force key contact Josephine Cicchetti Shareholder T: 202.965.8162 F: 202.965.8104 email We provide clients across industries with comprehensive counsel on complex, evolving,
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationPrivacy is the ability of an individual or group to keep their lives and
Privacy Versus Security in the Workplace ALAN L. PEPPER AND BETHANIE F. THAU An important challenge facing employers today is balancing the security of the workplace versus the privacy rights of employees.
More informationPRIVACY & CYBERSECURITY
PRIVACY & CYBERSECURITY UPDATE AUGUST 2014 CONTENTS (click on the titles below to view articles) NIST Announces October Workshop and Releases Framewok Update...1 Insurance Company Succeeds in Cybersecurity
More informationInformation Security Law: Control of Digital Assets.
Brochure More information from http://www.researchandmarkets.com/reports/2128523/ Information Security Law: Control of Digital Assets. Description: For most organizations, an effective information security
More information3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?
HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed
More information12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013
Regulatory Updates Eric M. Wright, CPA, CITP Schneider Downs & Co., Inc. December 5, 2013 Eric M. Wright, CPA, CITP Eric has been involved with Information Technology with Schneider Downs since 1983. He
More informationCase 1:13-cv-00851-RJL Document 108-1 Filed 04/15/14 Page 1 of 5 UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA
Case 1:13-cv-00851-RJL Document 108-1 Filed 04/15/14 Page 1 of 5 UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA --------------------------------------------------- KLAYMAN et al., Plaintiffs,
More informationPrivacy Legislation and Industry Security Standards
Privacy Legislation and Issue No. 3 01010101 01010101 01010101 Information is generated about and collected from individuals at an unprecedented rate in the ordinary course of business. In most cases,
More informationBrief. The BakerHostetler Data Security Incident Response Report 2015
Brief The BakerHostetler Data Security Incident Response Report 2015 The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 the year of the
More informationClients Legal Needs in HIPAA Security Compliance
Clients Legal Needs in HIPAA Security Compliance Robyn A. Meinhardt, JD, RN FOLEY & LARDNER LLP 2004 Preserving Attorney-Client Privilege and Work Product Protections 1 Relevance to Security Compliance
More informationChildren s Privacy in the Mobile Data Environment
DataGuidance is the leading global data protection and privacy compliance resource tool, created with a single aim - to make data protection and privacy compliance simpler. It delivers, in one site, legal
More informationData Privacy & Security in the Cloud: Legal Basics and New Developments
Data Privacy & Security in the Cloud: Legal Basics and New Developments Lawrence R. Freedman Partner, Edwards Wildman Palmer LLP lfreedman@edwardswildman.com (202) 939-7923 1 The Basics Two basic data
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP A Note discussing written information security programs (WISPs)
More informationData Protection in the United States
Data Protection in the United States Bruce E. H. Johnson Chair, Privacy and Security Group Davis Wright Tremaine LLP Pacific Rim Advisory Council Singapore, October 18, 2011 Overview of US Privacy Regulations
More informationData security: A growing liability threat
Data security: A growing liability threat Data security breaches occur with alarming frequency in today s technology-laden world. Even a comparatively moderate breach can cost a company millions of dollars
More informationCommittee on Civil Liberties, Justice and Home Affairs - The Secretariat - Background Note on
Committee on Civil Liberties, Justice and Home Affairs - The Secretariat - Background Note on US Legal Instruments for Access and Electronic Surveillance of EU Citizens Introduction This note presents
More informationPREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION. Safeguarding Consumers Financial Data. Before the COMMITTEE ON BANKING, HOUSING, & URBAN AFFAIRS
PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION on Safeguarding Consumers Financial Data Before the COMMITTEE ON BANKING, HOUSING, & URBAN AFFAIRS SUBCOMMITTEE ON NATIONAL SECURITY & INTERNATIONAL TRADE
More informationData Breach Response Basic Principles Under U.S. State and Federal Law. ABA Litigation Section Core Knowledge January 2015 1
Data Breach Response Basic Principles Under U.S. State and Federal Law ABA Litigation Section Core Knowledge January 2015 1 I. Introduction Data breaches have become an unfortunate reality for many of
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More informationE-ALERT Privacy & Data Security
E-ALERT Privacy & Data Security September 30, 2013 OVERVIEW OF RECENT CALIFORNIA PRIVACY ENACTMENTS & IMPACT The California legislature recently has passed four privacy-related bills. The following provides
More informationFACEBOOK STATEMENT RICHARD ALLAN NOVEMBER 11, 2013. My name is Richard Allan, and I am the Director of Public Policy
FACEBOOK STATEMENT RICHARD ALLAN NOVEMBER 11, 2013 [I. INTRODUCTION] My name is Richard Allan, and I am the Director of Public Policy for Facebook in Europe, the Middle East and Africa. I have been with
More informationMyths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA)
Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA) MYTH: The cyber threat is being exaggerated. FACT: Cyber attacks are a huge threat to American lives, national security,
More informationCyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014
Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A. Puplava
More informationNetwork Security and Data Privacy Insurance for Physician Groups
Network Security and Data Privacy Insurance for Physician Groups February 2014 Lockton Companies While exposure to medical malpractice remains a principal risk MIKE EGAN, CPCU Senior Vice President Unit
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationPresidential Summit Reveals Cybersecurity Concerns, Trends
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Presidential Summit Reveals Cybersecurity Concerns,
More informationRecent Developments in Cybersurveillance
David W. Opderbeck New Jersey Law Journal, May 16, 2016 Over the past few months, there has been a flurry of sometimes contradictory activity concerning the government's ability to access electronic information
More informationBloomberg BNA Professional Learning Legal Course Catalog OnDemand Programs
Bloomberg BNA Professional Learning Legal Course Catalog OnDemand Programs *This is a sample course catalog. BBNA is in the process of moving all of our recorded content on to our new platform. Not all
More informationPolicy Views UPDATING THE ELECTRONIC COMMUNICATIONS PRIVACY ACT: AN ESSENTIAL LEGISLATIVE GOAL FOR MEDIA COMPANIES AND THE PUBLIC THEY SERVE
Policy Views UPDATING THE ELECTRONIC COMMUNICATIONS PRIVACY ACT: AN ESSENTIAL LEGISLATIVE GOAL FOR MEDIA COMPANIES AND THE PUBLIC THEY SERVE Kurt Wimmer I. The Need for Reform: A 1986 Act Doesn t Fit the
More informationHow To Help Your Business With Data Security And Privacy
DATA SECURITY AND PRIVACY WORKING TOGETHER, OUR TEAM PROVIDES INSIGHTFUL COUNSEL AND A DEPTH OF SPECIALIZED EXPERIENCE. Overview: S ince well before companies entered the age of Big Data, Benesch attorneys
More informationHCCA Compliance Institute 2013 Privacy & Security
HCCA Compliance Institute 2013 Privacy & Security 704 Conducting a Privacy Risk Assessment A Practical Guide to the Performance, Evaluation and Response April 23, 2013 Presented By Eric Dieterich Session
More informationCSR Breach Reporting Service Frequently Asked Questions
CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could
More informationProofpoint HIPAA Breach Report:
Proofpoint HIPAA Breach Report: An Analysis of HITECH Breach Notifications and Settlements, Q1 2013 Healthcare Industry Update threat protection compliance archiving & governance secure communication Contents
More informationPrivacy and Data Breach Protection Modular application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationCLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013
CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street
More informationTop Issues for Safeguarding Brand Reputation When Engaging In Social Media Activities
Top Issues for Safeguarding Brand Reputation When Engaging In Social Media By: Alan L. Friel, Akash Sachdeva, Jesse Brody and Jatinder Bahra Social media has changed the way people communicate, and enabled
More informationWHAT DOES THE FUTURE LOOK LIKE FOR MARKETING IN CYBERSPACE?
WHAT DOES THE FUTURE LOOK LIKE FOR MARKETING IN CYBERSPACE? Keynote Address for the Consumer Marketing, Advertising, Distribution and Sales Conference Suffolk University Law School March 23, 2012 Good
More informationdetails, and numerous other data points. Enough information is often collected that even 2
Big Data Study Office of Science and Technology Policy Eisenhower Executive Office Building 650 Pennsylvania Avenue, NW Washington, D.C. 050 VIA E MAIL bigdata@ostp.gov March, 04 Re: Big Data Study, Document
More informationDATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT
Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda! Rise in Data Breaches! Effects of Increase in Cybersecurity Threats! Cybersecurity
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationDEPARTMENT OF JUSTICE WHITE PAPER. Sharing Cyberthreat Information Under 18 USC 2702(a)(3)
DEPARTMENT OF JUSTICE WHITE PAPER Sharing Cyberthreat Information Under 18 USC 2702(a)(3) Background Improved information sharing is a critical component of bolstering public and private network owners
More informationWhite Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES
White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate
More informationIntroducing Tumblr s Calendar Year 2013 Law Enforcement Transparency Report
Introducing Tumblr s Calendar Year Law Enforcement Transparency Report At Tumblr, we believe it s important to provide everyone from occasional visitors to our most active community members with an open,
More informationAN INTRODUCTION TO THE EU DIRECTIVE ON THE PROTECTION OF PERSONAL DATA
AN INTRODUCTION TO THE EU DIRECTIVE ON THE PROTECTION OF PERSONAL DATA By Peter K. Yu Introduction The Internet and new communications technologies have made shopping more convenient than ever. Online
More informationHelp for ADP s Mobile App
Help for ADP s Mobile App Contents Main Screen... 2 Settings... 3 Preferences... 4 Change PIN... 5 International... 6 Privacy... 7 Terms of Use... 10 Requirements... 13 Help (Main Screen)... 14 Springboard...
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationLegislative Language
Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking
More informationPolicy Implications: Privacy, Security and Liability Big Data in Telecom. June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX
Policy Implications: Privacy, Security and Liability Big Data in Telecom June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX Who We Are Leading trade association in support of information and communications
More informationSolutions Brief. PC Encryption Regulatory Compliance. Meeting Statutes for Personal Information Privacy. Gerald Hopkins Cam Roberson
Solutions Brief PC Encryption Regulatory Compliance Meeting Statutes for Personal Information Privacy Gerald Hopkins Cam Roberson March, 2013 Personal Information at Risk Legislating the threat Since the
More informationCSA Survey Results Government Access to Information July 2013
CSA Survey Results Government Access to Information July 2013 EXECUTIVE OVERVIEW During June and July of 2013, news of a whistleblower, US government contractor Edward Snowden, dominated global headlines.
More informationIntroduction to Data Privacy & ediscovery Intersection of Data Privacy & ediscovery
Today s Topics Introduction to Data Privacy & ediscovery General Overview Data Privacy in the United States Data Privacy in Foreign Countries Intersection of Data Privacy & ediscovery Preservation of Data
More informationCYBER-SURVEILLANCE BILL SET TO MOVE TO SENATE FLOOR
CYBER-SURVEILLANCE BILL SET TO MOVE TO SENATE FLOOR July 28, 2015 The Senate is expected to consider the Cybersecurity Information Sharing Act (CISA, S. 754 1 ) on the Senate floor soon. The bill was marked
More informationCYBER LIABILITY CLAIMS
CYBER LIABILITY CLAIMS TRENDS AND DEVELOPMENTS IN THE U.S. AND CANADA Animateur / Moderator: Daniel Desjardins, Senior Director Global Risk Management & Insurance, Bombardier Inc. Conférenciers / Speakers:
More informationOutline. Outline. What is HIPAA? I. HIPAA Compliance II. Why Should You Care? III. What Should You Do Now?
Outline MOR-OF Education and Medical Expo August 23, 2014 Tatiana Melnik Melnik Legal PLLC tatiana@melniklegal.com 734-358-4201 Tampa, FL I. HIPAA Compliance II. Why Should You Care? A. Market Pressure
More informationCanada s New Anti-Spam Legislation: Overview and Implications for Businesses
dentons.com Focus on Communications Canada s New Anti-Spam Legislation: Overview and Implications for Businesses January, 2011 Contact Margot Patterson Dentons Canada LLP Counsel, Ottawa margot.patterson@dentons.com
More informationKnowledge. Practical guide to competition damages claims in the UK
Knowledge Practical guide to competition damages claims in the UK Practical guide to competition damages claims in the UK Contents Reforms to damages litigation in the UK for infringements of competition
More informationContact Sport: Mobile Marketing To Sports Fans
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Contact Sport: Mobile Marketing To Sports Fans Law360,
More informationMatthew Howes Senior Vice President, Strategic Services inventiv Digital+Innovation Matthew.Howes@inVentivHealth.com
WHITE PAPER Global Digital Security: The Human Element March 2014 Written by: Matthew Howes Senior Vice President, Strategic Services inventiv Digital+Innovation Matthew.Howes@inVentivHealth.com TABLE
More informationPREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION. Protecting Consumer Information: Can Data Breaches Be Prevented? Before the
PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION on Protecting Consumer Information: Can Data Breaches Be Prevented? Before the COMMITTEE ON ENERGY AND COMMERCE SUBCOMMITTEE ON COMMERCE, MANUFACTURING,
More information9/13/2011. Miscellaneous Current Topics in Healthcare Professional Liability. Antitrust Notice. Table of Contents. Cyber Liability.
Miscellaneous Current Topics in Healthcare Professional Liability Josh Zirin, FCAS, MAAA Antitrust Notice The Casualty Actuarial Society is committed to adhering strictly to the letter and spirit of the
More informationIn an age where so many businesses and systems are reliant on computer systems,
Cyber Security Laws and Policy Implications of these Laws In an age where so many businesses and systems are reliant on computer systems, there is a large incentive for maintaining the security of their
More informationPreservation of longstanding, roles and missions of civilian and intelligence agencies
Safeguards for privacy and civil liberties Preservation of longstanding, respective roles and missions of civilian and sharing with targeted liability Why it matters The White House has pledged to veto
More informationThe United States has high levels of Internet use, but access to fast broadband remains patchy.
Country Report: United States The United States has comprehensive and up-to-date laws in place for e-commerce, electronic signatures and cybercrime. The US has signed and implemented the Convention on
More information2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.
The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million
More informationRe: Big Data Request for Information
March 31, 2014 Attn: Big Data Study Office of Science and Technology Policy Eisenhower Executive Office Building 1650 Pennsylvania Avenue NW Washington, D.C. 20502 Ladies and Gentlemen: Re: Big Data Request
More informationData Breach Response Planning: Laying the Right Foundation
Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More informationCYBER LIABILITY. Bring on tomorrow. Network Security and Privacy. May 15, 2014
CYBER LIABILITY Network Security and Privacy Bring on tomorrow May 15, 2014 1 AGENDA I. Identify Exposures II. Identify how a breach can occur III. The Coverage (Third Party Liability + First Party Losses)
More information