The French Data Protection Authority (CNIL) has issued a working document setting out its recommendations to companies contemplating the use of cloud computing services. This is in part the result of a public consultation carried out by the CNIL from October to December 2011. The guidance includes a checklist applicable to both private and public … Continue Reading
By Jennifer Archie and Suan Ambler-Ebersole Second Highest HIPAA Settlement Amount to Date and First Paid by a State The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced Tuesday that it had reached a settlement with Alaska’s state Medicaid agency, the Department of Health and Social Services (DHSS) for $1,700,000 … Continue Reading
By Kevin Boyle and Kee-Min Ngiam The SEC’s Staff of the Division of Corporation Finance recently issued guidance to help clarify public reporting companies’ disclosure obligations in the area of cybersecurity risks and cyber incidents. The guidance, which does not change existing disclosure obligations for public companies, should help company officers responsible for security, privacy, … Continue Reading
By Gail Crawford and Amy Taylor At the end of 2010, the UK Government raised the national threat level for cyber security risk to Tier One (the same tier as the terrorism threat) and announced it was allocating £650 million (around US $1 billion) to governmental cyber security measures and resilience developments. A recent report … Continue Reading
As part of its cyber security legislative proposal unveiled on May 12, the Obama administration sent to Congress a proposed Data Breach Notification bill that would supersede similar state laws. If enacted, the bill would dramatically simplify response to data breaches involving residents from multiple states—a process that is now a maze of requirements, often … Continue Reading
As online services Groupon and Facebook have recently learned, cybersquatters are more than a mere nuisance. Cybersquatting can disrupt or delay business expansion or operations, or compromise security and user experience. Groupon’s planned expansion to Australia was delayed for months because a clone site in Australia named Scoopon purchased the Groupon.com.au domain name, took the … Continue Reading
Following in the wake of the FTC’s report on online tracking, the Commerce Department has issued its “green paper” on privacy. The report is part of the Department’s ongoing review of privacy practices begun in April this year. While it avoids making many specific policy recommendations, the report does recommend the development of Fair Information … Continue Reading
The Ponemon Institute is out with a new Intel-sponsored study concluding, among other things, that lost laptops cost U.S. organizations in excess of $2 billion a year. Yet, two-thirds of companies surveyed still do not take basic security precautions to protect laptops. A look at prior Ponemon work cited in the report suggests failing to … Continue Reading
In a long anticipated report entitled Protecting Consumer Privacy in an Era of Rapid Change, a divided U.S. Federal Trade Commission focused on raising consumer awareness and soliciting industry feedback on online tracking and behavioral advertising. Industry is portrayed as “too slow” to improve privacy practices in this arena. The report proposes a normative framework … Continue Reading
With state security breach notification laws starting to show their age, California has again been asked to take the lead in updating these laws. Recently, California’s legislators attempted to push two new bills through. One of the bills was just vetoed, the other passed a few weeks ago. SB 1166 The failed bill was SB 1166. … Continue Reading