Blog – Privacy Compliance & Data Security

http://dataprivacy.foxrothschild.com/

Mark is an author of the firm's Privacy Compliance & Data Security Blog. This blog helps readers navigate through the policies and best practices of data breach response and covers topics such as compliance with data protection laws and regulatory enforcement and litigation as well.

Recent Blog Posts

  • After the “WannaCrypt / WannaCry / WCry” Malware, Microsoft Pushes Update to Current and Unsupported Versions of Windows Yesterday we witnessed new ransomware spread across the world with incredible speed and success, bringing businesses to their knees and home users learning for the first time about ransomware and why computer backups are so important. With over 123,000 computers infected, experts believe the “WannaCrypt/WannaCry/WCry” attacks have stopped after researchers registered a domain that the software checks before encrypting.  However, nothing is stopping someone from revising the software to not require that check and releasing it into the wild.  In other... More
  • $2.5 Million Settlement Shows That Not Understanding HIPAA Requirements Creates Risk In one of the best examples we have ever seen that it pays to be HIPAA compliant (and can cost A LOT when you are not), the U.S. Department of Health and Human Services, Office for Civil Rights, issued the following press release about the above settlement.  This is worth a quick read and some soul searching if your company has not been meeting its HIPAA requirements. FOR IMMEDIATE RELEASE  April 24, 2017 Contact: HHS Press Office  202-690-6343  [email protected]  $2.5 million settlement shows that not understanding HIPAA... More
  • Don’t Get Caught in ‘Phishing Season’ With tax season in full swing, a different season is impacting businesses across all industries: “phishing season.” Copyright: fberti / 123RF Stock Photo “Phishing” or “spear phishing” refers to cyberattack scams that target certain individuals within an organization with the hope of gaining access to valuable information. These scams take advantage of the busy tax season, the desire to promptly respond to purported upper management and social engineering employees in order to target and trick only employees with immediate access to sensitive employee... More
  • The Data is In… Privacy Internet Lawsuits are Out The “new age” of internet and dispersed private data is not so new anymore but that doesn’t mean the law has caught up.  A few years ago, plaintiffs’ cases naming defendants like Google, Apple, and Facebook were at an all-time high but now, plaintiffs firms aren’t interested anymore.  According to a report in The Recorder, a San Francisco based legal newspaper, privacy lawsuits against these three digital behemoths have dropped from upwards of thirty cases in the Northern District of... More
  • Privacy Policies Matter… Whether You Read Them Or Not New innovations come hand in hand with new privacy issues.  Privacy policies may seem like a last minute add-on to some app developers but they are actually an important aspect of an app.  Data breaches are an imminent risk and a business’s first defense to potential problems is a privacy policy. Fordham University in New York hosted its Ninth Law and Information Society Symposium last week where policy and technology leaders came together to discuss current privacy pitfalls and solutions.  Joanne... More
  • A Dream or A Nightmare? How the FCC’s Addition of Vague Robocall Rules to the TCPA May Increase Litigation and Issues for Businesses The freedom from automated calls at random hours of the evening may seem like the true American dream these days as more and more companies rely on these calls to reach out and communicate with customers.  Unfortunately, now that the Federal Communications Commission (“FCC”) voted to expand the Telephone Consumer Protection Act (“TCPA”) to include stringent yet vague restrictions on telemarketing robocalls, it may not be a dream for everyone.  In June of this year, in a 3-2 vote, the... More
  • Further Thoughts on Data Breaches and Article III Standing A recent District of Nevada ruling could cause issues for consumers in data breach class action cases moving forward.  On June 1, 2015, the court ruled that a consumer class action against Zappos.com Inc. could not proceed because the class did not state “instances of actual identity theft or fraud.”  The suit was brought as a result of a 2012 data breach where Zappos’ customers’ personal information was stolen, including names, passwords, addresses, and phone numbers.  Even though the information... More
  • Their Experience, Your New Business Guide: How Settling Over Fifty Data Security Cases has Given Rise to Key Lessons from the FTC for Businesses With 2013 being dubbed as the “Year of the Mega Breach” it comes as no surprise that the Federal Trade Commission (“FTC”), on June 30, 2015 published “Start with Security: A Guide for Businesses” to educate and inform businesses on protecting their data.  The FTC is tasked with protecting consumers from “unfair” and “deceptive” business practices and with data breaches on the rise, it has come to take that job much more seriously.  The lessons in the guide are meant... More
  • How the NIST Cybersecurity Framework Can Help With HIPAA Compliance: 3 Tips Last week we posted about A Brief Primer on the NIST Cybersecurity Framework.  Our partner and HIPAA/HITECH expert Elizabeth Litten took the NIST Cybersecurity Framework and created a blog post for the HIPAA, HITECH and Health Information Technology Blog on how How the NIST Cybersecurity Framework Can Help With HIPAA Compliance: 3 Tips, which can be read here.  For those facing any HIPAA-related issues, it is a worthwhile read.... More
  • A Brief Primer on the NIST Cybersecurity Framework In February 2013, President Obama issued his Improving Critical Infrastructure Cybersecurity executive order, which presented a plan to decrease the risk of cyberattacks on critical infrastructure.  The US Department of Commerce’s National Institute of Standards and Technology (NIST) was charged with creating the plan, which became known as the Framework for Improving Critical Infrastructure Cybersecurity (Framework).  The NIST worked with over three thousand individuals and business organizations to create the Framework.  The goal of the Framework is to help businesses... More