The White House Office of Management and Budget (“OMB”) marked the beginning of the 2017 Federal calendar year by issuing a memorandum to all agency and department heads with new guidance on breach preparation and response. While the guidance is not directed to the business sector, it is instructive for corporate counsel as it complements

On July 1, 2015, both Nevada and Wyoming’s breach notification law amendments come into force, expanding the definition of Personal Information (“PI”) to include account credentials such as a username or email address. With these amendments, the two states join California and Florida in a small but growing number of states that have overhauled breach

It’s well-known that most companies collect, store and use the personal information of their customers and employees.  This is valuable and proprietary information and most companies take steps to safeguard this information from attack or inadvertent disclosure.  Yet, no security is perfect and despite efforts to secure the information, it’s often not a matter of

The Network Advertising Initiative (“NAI”) recently announced final updates to its 2013 Code of Conduct (“NAI Code”). The NAI Code is one of the leading industry self-regulatory codes of conduct governing online behavioral advertising (“OBA”) for third party digital advertising companies. While prior versions of the NAI Code were focused on advertising networks, the 2013

In December 2012, the California Attorney General filed a lawsuit against Delta Airlines, Inc. (“Delta”) alleging that Delta violated California’s Online Privacy Protection Act by failing to post a privacy policy within its Fly Delta mobile app.  It was the first mobile app enforcement action brought by the California Attorney General and closely followed the

Today, the Federal Trade Commission (“FTC”) announced that it sent letters to 10 data brokers warning them that their practices may be subject to the Fair Credit Reporting Act (“FCRA”).  A sample letter is available here.  Among other things, the FCRA governs the sale and use of consumer information which may be used to

In a first of its kind suit, on March 7, 2013, the sports-apparel retailer Genesco filed a lawsuit against Visa for recovery of fines that Visa issued against Genesco after it suffered a data breach. Generally, merchants are contractually required to be compliant with the payment card industry data security standard (PCI DSS) as well as

If you work with e-mail marketing—whether you’re putting together the content, reviewing the images and links for accuracy, or conducting a final copy and legal review—you already know that your commercial message must be compliant with the CAN-SPAM Act. It’s not that it’s hard to follow, but sometimes it can be so easy to forget.