Privacy & Cybersecurity

If a haunted house or trick-or-treating was your scariest experience last week, you must not be one of the 100 mobile application developers who received a notice of non-compliance from California Attorney General Kamala D. Harris. 

The Federal Trade Commission (the “FTC”) has filed its response to the Wyndham Hotel & Resorts LLC’s (“Wyndham”) Motion to Dismiss. 

As the New York Times reports, Barnes & Noble disclosed this week that it learned over one month ago – on September 14 – that hackers broke into point of sale PIN pad devices at 63 Barnes & Noble stores around the country and stole credit and debit card information for customers who had made purchases at those stores.

Class action plaintiffs asserting claims against Sony in connection with the 2011 Sony PlayStation Network (“PSN”) data breach face permanent dismissal of their claims unless they can allege actual losses resulting from the breach.

Last week, the U.S. Department of Health and Human Services Office of Inspector General (OIG) released the results of a study entitled CMS Response to Breaches and Medical Identity Theft.

Facebook announced last week that it now has upwards of 1 billion active users. That same week, over 10 million Twitter messages were sent during the U.S. presidential debate.

We have two "Save the Date" announcements today - for registration information click on the links below:

It’s time for an updated version of our “Mintz Matrix” – the Mintz Levin matrix of state data security breach notification laws. We update this matrix quarterly, or as developments dictate.

Much has been written, in this space and elsewhere, on the concept of "reasonable security" -- what constitutes "reasonable security," how much security is "reasonable," etc.  

How true........

Today's Washington Post includes a front page article that should serve as a warning to any employer about increasingly sophisticated social engineering attacks that exploit one key vulnerability that is essentially immune to technical solutions: their employees. 

This week, Apple shareholders requested that its Board of Directors publish a report explaining how the board oversees privacy and data security risks. The proposal was prompted by concern that recent issues such as the unauthorized access to iPhone users’ address books and the release of one million Unique Device IDs could place the company’s growth opportunities at risk.

As the old saying goes, "no good deed goes unpunished...." The most recent, published Office for Civil Rights (OCR) HIPAA enforcement action serves as an important reminder that self-reported breaches can and do lead to investigations and enforcement.

Senator John D. Rockefeller IV (D., W.Va.) recently sent a letter to the CEOs of all Fortune 500 companies asking the companies for more information about their cybersecurity practices. 

A new rule proposed for federal government contractors will require that all federal contracts over $100,000 (including contracts for commercial items and those to small businesses) will have to include a clause requiring the contractor to implement  basic data security protections for any non-public data provided to the contractor by the federal government or generated by the contractor for the government. 

Mobile app developers have some unique challenges when it comes to preparation and implementation of privacy policies. But, regulators have made it quite clear that the general privacy laws and regulations apply whether the application is online or mobile. 

Wyndham Hotel & Resorts LLC (“Wyndham”) has filed a Motion to Dismiss the Federal Trade Commission’s (the “FTC”) Complaint against it, which alleges that Wyndham committed unfair and deceptive acts related to three data security breaches that Wyndham has suffered since 2008.

Lorene Schaefer, a mediator, arbitrator and workplace investigator, has reported on the One Mediation blog that by a letter of August 3, 2012 the Buffalo, New York office of the EEOC notified an employer that the employer’s written policy warning employees who participate in an investigation not to discuss the matter and providing that employees who do so may be subject to discipline including termination of employment may be a “flagrant violation” of Title VII and itself an adverse employment action.

The FTC has finally released details of their settlement with Google, including the hefty price tag of $22.5 million, the highest fine ever slapped on a violator of an FTC consent order. The Internet giant was charged with breaking the terms of the consent order they entered into last year by misrepresenting how users could opt out of having certain cookies dropped on their browser.

CNN reports that the Cybersecurity Act of 2012 (SB 3414) has failed to pass the US Senate. A cloture vote failed by a vote of 42-46, mostly along party lines.