Category Archives: Data Security

Subscribe to Data Security RSS Feed

One Employee in Europe Could Trigger New EU Data Protection Obligations

Flag_of_Europe_svgAn Update on the New EU General Data Protection Regulation On 16 April 2016, the EU adopted the General Data Protection Regulation (‘GDPR’) which largely rewrites and harmonizes the European legal framework of data protection. The new regulation will become applicable in May 2018, but given the scope and complexity of the GDPR it is … Continue Reading

Privacy Certification Program Settles COPPA Violations with NYAG

state-attorneyLast week, True Ultimate Standards Everywhere, Inc. (“TRUSTe”) agreed to pay the New York Attorney General (“NYAG”) a $100,000 penalty, and beef up privacy measures, to settle alleged violations of the Children’s Online Privacy Protection Act of 1998, 15 U.S.C. §§ 6501-6506 (“COPPA”). The Federal Trade Commission (“FTC”) is authorized to issue rules under COPPA, § 6502(b), … Continue Reading

NY AG Enters Mobile Health App Enforcement Arena with Settlements Targeting Health Claims and Privacy Practices

New York Attorney General Eric Schneiderman recently announced settlements with three mobile health app developers resolving allegations that they made deceptive advertisements and had irresponsible privacy practices. The Attorney General alleged that the developers sold and advertised mobile apps that purported to measure vital signs or other indicators of health using just a smartphone. The … Continue Reading

Ad Law News and Views Newsletter

http://ecomms.kelleydrye.com/rv/ff002e6c28b5920e40180549f84cb2de5ebc7e88Did you know Kelley Drye’s Advertising Law practice produces a newsletter, Ad Law News and Views, every two weeks to help you stay current on ad law and privacy matters? Click here to access our Publication Sign Up and select Advertising and Marketing to subscribe. Find contents from the latest issue below: Click here to view with … Continue Reading

EU Data Protection Authority Issues GDPR Action Plan, Swiss Sign Privacy Deal with U.S.

Flag_of_Europe_svgOn January 16, 2017, the Article 29 Working Party (“Working Party”)—the EU’s central data protection advisory board—published a press release regarding its Action Plan for 2017, which was adopted as part of its wider implementation strategy for the General Data Protection Regulation (“GDPR”).  The Action Plan follows up on the actions initiated in 2016 and … Continue Reading

New FTC Acting Chair Maureen Ohlhausen Offers Insight into Consumer Protection Priorities

OLYMPUS DIGITAL CAMERAJust over one week after being named acting chair of the Federal Trade Commission (FTC), Maureen Ohlhausen delivered the keynote address at the American Bar Association’s biennial Consumer Protection Conference in Atlanta on February 2. During her remarks, acting chair Ohlhausen offered insight into consumer protection priorities during her tenure as acting chair. First, acting … Continue Reading

FTC Staff Report Details Best Practices for Cross-Device Tracking

The ubiquitous use of multiple devices by consumers has created new opportunities for mobile apps, platforms, providers, and publishers alike to capture more, and more accurate, consumer data.  This practice – known as cross-device tracking – serves many purposes but is particularly valuable to advertisers. On January 23, 2017, FTC staff released a report entitled … Continue Reading

Announcing the Advertising and Privacy Law Webinar Series

Webinar SeriesPlease join Kelley Drye in 2017 for the Advertising and Privacy Law Webinar Series. Like our annual in-person event, this series will provide engaging speakers with extensive experience and knowledge in the fields of advertising, privacy, and consumer protection. These webinars will give key updates and provide practical tips to address issues faced by counsel. … Continue Reading

May Old Memoranda Be Forgot: White House Issues New Memorandum on Breach Response Plan

The White House Office of Management and Budget (“OMB”) marked the beginning of the 2017 Federal calendar year by issuing a memorandum to all agency and department heads with new guidance on breach preparation and response. While the guidance is not directed to the business sector, it is instructive for corporate counsel as it complements … Continue Reading

FTC Files Lawsuit Against Taiwanese Manufacturer for Alleged Lax Security in Wireless Routers and Cameras and Related Marketing Claims

150px-US-FederalTradeCommission-Seal_svgThe Federal Trade Commission has filed a lawsuit in federal court claiming that a networking equipment manufacturer engaged in unfair and deceptive acts, exposing thousands of consumers to the risk of cyberattack from vulnerable wireless routers and internet cameras. The complaint against Taiwan-based networking equipment manufacturer D-Link Corporation and its U.S. subsidiary D-Link Systems alleges … Continue Reading

Homeland Security Issues IoT Guidance for Businesses

The Department of Homeland Security (DHS) has published non-binding principles and best practices to help businesses work through key Internet-of-Things (IoT) security issues.   Entitled “Strategic Principles for Securing the Internet of Things (IoT), Version 1.0,” the principles seek to provide stakeholders with tools to account for security as they develop, manufacture, implement, or use network-connected … Continue Reading

Lessons from Adobe’s State AG Data Breach Settlement

Last month, several state Attorneys General announced a $1M settlement with Adobe Systems, Inc. in connection with a 2013 data incident involving the personal information of roughly 534,000 consumers. The 15 Attorneys General alleged that the software vendor failed to provide reasonable security safeguards, an allegation Adobe denied in the settlement agreement executed by the … Continue Reading

For Better or Worse: Privacy Shield Challenges and (Actions for) Annulments

Over the course of the past two months, three privacy groups in France and one in Ireland filed separate actions for annulment with the European Court of Justice seeking the invalidation of the EU-U.S. Privacy Shield Framework. The Privacy Shield honeymoon phase appears to be over, and the first year of the transatlantic relationship may … Continue Reading

School’s in Session for the Ed Tech Industry: California AG Gives Lessons on Student Data Safeguards

On Wednesday, California’s Attorney General released a report with recommendations for the education technology (“Ed Tech”) industry, a multi-billion dollar industry that is transforming learning as we know it. The Ed Tech industry has the potential to greatly enhance the student learning experience through data management systems and tools that support educators and provide personalized … Continue Reading

FCC Votes to Impose Aggressive New Privacy Rules on Broadband Providers

At the Federal Communications Commission’s (“FCC”) Open Meeting on October 27, the Commission voted along party lines (3-2) to impose more stringent rules on broadband Internet service providers (“ISPs”). Chairman Tom Wheeler, along with Commissioners Rosenworcel and Clyburn voted in favor of the item, while Commissioners Pai and O’Rielly voted against it. The new rules … Continue Reading

FTC Releases New Data Response Breach Guide For Businesses

The Federal Trade Commission released a new guide for businesses on data breach response yesterday along with a three-minute video summary. The 14-page guide highlights the immediate steps a business should take when responding to a data breach incident. As a bonus, the guidance also offers a model breach notification letter and encourages businesses to … Continue Reading

Vermont Settles with B2B Software Developer over Security Practices

Yesterday, the Vermont Attorney General announced a settlement with business-to-business software developer Entrinsik, Inc., resolving allegations that the company’s Informer program violated Vermont law, including the law placing restrictions on the use and disposal of data containing Social Security numbers. The Informer program is used by businesses, including seven colleges in Vermont, to analyze and … Continue Reading

Protected: 2016 Advertising and Privacy Law Summit Attendee Follow up

There is no excerpt because this is a protected post.

Adding Insult to Injury: Is There Coverage for a Data Breach or Hacking Event that Causes Physical Damage?

In an article published in the Bloomberg BNA Privacy and Security Law Report, Kelley Drye senior associate Ken Kronstadt analyzes the insurance coverage landscape for physical damage that results from a data breach or hacking event. Internet-connected devices have become increasingly prevalent, and there is no sign that this trend is slowing.  However, this soaring … Continue Reading

What You Need to Know About Privacy Shield: An Overview of the New Transatlantic Framework

Privacy Shield GOTOn July 12, 2016, the European Commission (“Commission”) formally adopted and released the Privacy Shield Adequacy decision, which will allow certified U.S. companies to transfer EU personal data to the United States.  The EU-U.S. Privacy Shield (“Privacy Shield”) replaces the U.S.-EU Safe Harbor framework (“Safe Harbor”), which was invalidated in October 2015 by the European … Continue Reading

8th Circuit Upholds Data Breach Coverage for Bank Loss Following Hacker’s Fraudulent Transfer

Last week, the Eighth Circuit upheld a lower court’s ruling in State Bank of Bellingham v. BancInsure Inc., finding that a bank employee’s negligence in securing its computer network did not preclude coverage for a data breach resulting in a fraudulent funds transfer.  The decision affirms the lower court’s ruling granting summary judgment in favor of … Continue Reading

Texas Settles with PayPal over Money Transfer App Advertising and Privacy Practices

On Friday, Texas Attorney General Ken Paxton announced a settlement with PayPal, resolving allegations that its Venmo money transfer app violated the Texas Deceptive Trade Practices Act by failing to clearly disclose how consumers’ phone contacts would be used, or how consumers’ transactions and interactions with other users would be shared, and misrepresenting that communications … Continue Reading

Nebraska Amends Data Breach Notification Law

Last week, Nebraska Governor Pete Ricketts signed into law LB 835, which makes the following amendments to the state’s data breach notification statute: Adds to the definition of “personal information” a user name or email address, in combination with a password or security question and answer, that would permit access to an online account. Requires … Continue Reading

Privacy Shield Pierced? Article 29 Working Party Expresses Concern with Agreement

The Article 29 Working Party (The Working Party), which includes representative data protection authorities from each EU member country and the European Data Protection Supervisor, issued a 58-page opinion yesterday that flagged perceived shortcomings of the draft EU-U.S. Privacy Shield (Privacy Shield). Privacy Shield was slated to replace the now defunct Safe Harbor, and is the updated framework designed to permit organizations … Continue Reading
LexBlog