Privacy & Cybersecurity

We've sounded warnings about the lowly copy machine before. The proliferation of digital devices in the workplace means that data security must extend beyond computer networks and laptops. Seemingly old fashioned equipment, such as copiers, can hide sensitive legally-protected data.

What did you do over your summer vacation? Yes, the sad truth is that summer is almost over. You can tell because there wasn’t a single superhero movie that opened at the box office last weekend (no, Smurfs2 does not count) and because the California Senate is preparing to reconvene from its summer recess.

Last week an Oregon jury awarded an individual plaintiff over $18 million in compensatory and punitive damages in what some sources have reported to be the first jury verdict in a case brought under the Fair Credit Reporting Act (“FCRA”), 15 U.S.C. § 1681a(c). 

The California ballot measure process permits any California voter to propose a ballot initiative to the state’s Attorney General which, if enough signatures are gathered, will then appear on state-wide ballot for approval at the next election.

It appears that Wyndham Hotel & Resorts LLC (“Wyndham”) has received reinforcements in its defense against the Federal Trade Commission’s (the “FTC”) case. A federal judge has agreed to allow the U.S. Chamber of Commerce and several other organizations to file an amicus curiae brief in support of dismissing the FTC’s case against Wyndham.

Just before the Labor Day holiday, the Federal Trade Commission issued a press release announcing its complaint against LabMD, Inc., a company that performs medical testing for consumers around the country. The complaint alleges that the company did not take reasonable measures to protect the security of consumers’ personal data. 

The "hits" to data bases, in any event. Here is a rundown of some of the most recent data breach reports --
Oregon Health & Science University Data Breach Compromises 3,000 Patients’ Records in the Cloud.

Ever since our 2013 prediction, an ever increasing number of public companies are adding disclosure related to cybersecurity and data breach risks to their public filings. We previously analyzed how the nation’s largest banks have begun disclosing their cybersecurity risks. 

Aiming to “address the real privacy and security risks that consumers face when telecommunications carriers use their control of customers’ mobile devices to collect information about their customers’ use of the network,” the Federal Communications Commission (FCC) has adopted a Declaratory Ruling holding that the existing rules requiring carriers to protect customer proprietary network information (CPNI) apply to CPNI collected by mobile devices when such collection is undertaken at the carrier’s direction and the carrier has access to or control over that information.

The latest in a series of National Institute of Standards and Technology (“NIST”) publications is the Guidelines for Managing the Security of Mobile Devices in the Enterprise (the “Guidelines”), a comprehensive document to help federal agencies manage and secure mobile devices such as smart phones and tablets used by their employees for government business (whether organization-provided or personally-owned) against a variety of threats.

Californians are a diverse bunch (as you’ve probably gathered from those commercials with Arnold Schwarzenegger), but apparently there is something that 2.5 million of us all have in common. California Attorney General Kamala Harris has released a first-of-its-kind data breach report  that includes statistics, recommendations and assessments based on breaches that were reported to the Attorney General’s office during the 2012 calendar year.

What Is COPPA?
Children’s Online Privacy Protection Act, enacted by Congress in 1998

Welcome to a new feature of Privacy & Security Matters -- Privacy Monday.
We will start your week with a fresh collection of privacy tidbits, goofs and gaffes.

In its recent decision in Harris v. comScore, Inc., the Seventh Circuit declined to review a trial court order certifying a plaintiff class consisting of hundreds of thousands of computer owners who downloaded software that permitted comScore, Inc. to track internet traffic and usage.

The National Institute of Standards and Technology (“NIST”)1 has released the fourth revision of its standard-setting computer security guide, Special Publication 800-53 titled Security and Privacy Controls for Federal Information Systems and Organizations2 (“SP 800-53 Revision 4”), and this marks a very important release in the world of data privacy controls and standards.

California Attorney General Kamala Harris’ attempt to bring an enforcement action against Delta Air Lines won’t be leaving the runway. California Superior Court Judge Marla J. Miller has dismissed a data privacy complaint against Delta brought by Attorney General Harris.

California Attorney General Kamala Harris’ attempt to bring an enforcement action against Delta Air Lines, Inc. won’t be leaving the runway. California Superior Court Judge Marla J. Miller has dismissed a data privacy complaint against Delta brought by Attorney General Harris.

Another class action suit has been filed in Massachusetts in the zip code wars. This time, the target is instrument retailer Guitar Center for allegedly requesting customers to provide their zip codes when making purchases with a credit card in contravention of Mass. Gen Laws ch. 93§ 105(a).

Do you ever find yourself worrying that, given the types of things minors deem appropriate to post on social networking Web sites like Facebook and Twitter, our country won’t be able to produce an electable candidate for president in 40 years? 

Weighing in at half the length of Tolstoy's legendary tome War and Peace, it is no surprise that the thought of the impending deadline for compliance with the 538-page  HIPAA Omnibus Rule  has left many small clinical practices feeling overwhelmed.