Data Breach

Subscribe to Data Breach via RSS

Recently Jan Philipp Albrecht, rapporteur for the Civil Liberties, Justice and Home Affairs (LIBE) Committee, the lead committee considering the proposed draft General Data Protection Regulation, published the committee’s suggested amendments to the original draft regulation.  The reports runs to over 200 pages and contains over 350 separate amendments.

Since the original draft regulation was published in January of last year, businesses, industry bodies and regulators have been lobbying the European Commission, Council and Parliament to try and change some

By Jennifer Archie, Kevin Boyle, and Gail Crawford

What are the data breach risks that are of the most concern to the hospitality industry? What is the US Federal Trade Commission’s jurisdictional authority and what enforcement tools do they have available when it comes to data security? Learn more about these issues and other top data security matters affecting the hospitality industry in Latham & Watkins’ on-demand webcast. The webcast is moderated by Latham & Watkins partner

An August 2 webcast on Compliance and Enforcement in the Hospitality Industry  looked at the FTC proceedings in the Wyndham Hotels matter and identified some key takeaways, while considering how similar issues might play out in the European Union. (For those unable to follow the live webcast, the full presentation is now available online.)

Some of the key points covered in the discussion include:

  • While attackers can be persistent and use sophisticated tools, most breaches result from the failure

By Brian Murray

The Federal Communications Commission (“FCC”) is examining privacy and security issues raised by customer information stored on mobile communications devices. In a public notice released on May 25, 2012, the FCC sought comment on the privacy and data-security practices of mobile wireless service providers with respect to such information, as well as the application of existing privacy and security requirements to it–subjects on which the FCC last solicited public input five years ago. As the FCC acknowledged

The French Data Protection Authority (CNIL) has issued a working document setting out its recommendations to companies contemplating the use of cloud computing services. This is in part the result of a public consultation carried out by the CNIL from October to December 2011. The guidance includes a checklist applicable to both private and public clouds with seven key steps, summarized below, to be followed by cloud customers:

1. Identify the types of data and the data processing that could

By Jennifer Archie and Suan Ambler-Ebersole

Second Highest HIPAA Settlement Amount to Date and First Paid by a State

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced Tuesday that it had reached a settlement with Alaska’s state Medicaid agency, the Department of Health and Social Services (DHSS) for $1,700,000 arising out of potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.

In October 2009 a

Thumbnail image for Thumbnail image for Thumbnail image for iStock_Lock.jpgBy Kevin Boyle and Kee-Min Ngiam

The SEC’s Staff of the Division of Corporation Finance recently issued guidance to help clarify public reporting companies’ disclosure obligations in the area of cybersecurity risks and cyber incidents. The guidance, which does not change existing disclosure obligations for public companies, should help company officers responsible for security, privacy, or securities compliance, as well as securities law practitioners, better understand the Staff’s expectations on disclosure in this area. Our recent Client Alert reviews the

Thumbnail image for Thumbnail image for Thumbnail image for Thumbnail image for iStock_Lock.jpgBy Gail Crawford and Amy Taylor

At the end of 2010, the UK Government raised the national threat level for cyber security risk to Tier One (the same tier as the terrorism threat) and announced it was allocating £650 million (around US $1 billion) to governmental cyber security measures and resilience developments.

A recent report by Chatham House in association with Detica indicates that many private organizations are well behind the government in how they evaluate and defend against these

As part of its cyber security legislative proposal unveiled on May 12, the Obama administration sent to Congress a proposed Data Breach Notification bill that would supersede similar state laws.  If enacted, the bill would dramatically simplify response to data breaches involving residents from multiple states—a process that is now a maze of requirements, often requiring near instant legal judgment under 50 or more statutes as to whether a single breach event is a covered notice event.  In short

As online services Groupon and Facebook have recently learned, cybersquatters are more than a mere nuisance.  Cybersquatting can disrupt or delay business expansion or operations, or compromise security and user experience. 

Groupon’s planned expansion to Australia was delayed for months because a clone site in Australia named Scoopon purchased the Groupon.com.au domain name, took the company name Groupon Pty Limited, and tried to register the Groupon trademark (filing for the trademark seven days before Groupon in Australia).  Groupon was forced