Blog – Privacy Compliance & Data Security

http://dataprivacy.foxrothschild.com/

Mark is an author of the firm's Privacy Compliance & Data Security Blog. This blog helps readers navigate through the policies and best practices of data breach response and covers topics such as compliance with data protection laws and regulatory enforcement and litigation as well.

Recent Blog Posts

  • The Data is In… Privacy Internet Lawsuits are Out The “new age” of internet and dispersed private data is not so new anymore but that doesn’t mean the law has caught up.  A few years ago, plaintiffs’ cases naming defendants like Google, Apple, and Facebook were at an all-time high but now, plaintiffs firms aren’t interested anymore.  According to a report in The Recorder, a San Francisco based legal newspaper, privacy lawsuits against these three digital behemoths have dropped from upwards of thirty cases in the Northern District of... More
  • Privacy Policies Matter… Whether You Read Them Or Not New innovations come hand in hand with new privacy issues.  Privacy policies may seem like a last minute add-on to some app developers but they are actually an important aspect of an app.  Data breaches are an imminent risk and a business’s first defense to potential problems is a privacy policy. Fordham University in New York hosted its Ninth Law and Information Society Symposium last week where policy and technology leaders came together to discuss current privacy pitfalls and solutions.  Joanne... More
  • A Dream or A Nightmare? How the FCC’s Addition of Vague Robocall Rules to the TCPA May Increase Litigation and Issues for Businesses The freedom from automated calls at random hours of the evening may seem like the true American dream these days as more and more companies rely on these calls to reach out and communicate with customers.  Unfortunately, now that the Federal Communications Commission (“FCC”) voted to expand the Telephone Consumer Protection Act (“TCPA”) to include stringent yet vague restrictions on telemarketing robocalls, it may not be a dream for everyone.  In June of this year, in a 3-2 vote, the... More
  • Further Thoughts on Data Breaches and Article III Standing A recent District of Nevada ruling could cause issues for consumers in data breach class action cases moving forward.  On June 1, 2015, the court ruled that a consumer class action against Zappos.com Inc. could not proceed because the class did not state “instances of actual identity theft or fraud.”  The suit was brought as a result of a 2012 data breach where Zappos’ customers’ personal information was stolen, including names, passwords, addresses, and phone numbers.  Even though the information... More
  • Their Experience, Your New Business Guide: How Settling Over Fifty Data Security Cases has Given Rise to Key Lessons from the FTC for Businesses With 2013 being dubbed as the “Year of the Mega Breach” it comes as no surprise that the Federal Trade Commission (“FTC”), on June 30, 2015 published “Start with Security: A Guide for Businesses” to educate and inform businesses on protecting their data.  The FTC is tasked with protecting consumers from “unfair” and “deceptive” business practices and with data breaches on the rise, it has come to take that job much more seriously.  The lessons in the guide are meant... More
  • How the NIST Cybersecurity Framework Can Help With HIPAA Compliance: 3 Tips Last week we posted about A Brief Primer on the NIST Cybersecurity Framework.  Our partner and HIPAA/HITECH expert Elizabeth Litten took the NIST Cybersecurity Framework and created a blog post for the HIPAA, HITECH and Health Information Technology Blog on how How the NIST Cybersecurity Framework Can Help With HIPAA Compliance: 3 Tips, which can be read here.  For those facing any HIPAA-related issues, it is a worthwhile read.... More
  • A Brief Primer on the NIST Cybersecurity Framework In February 2013, President Obama issued his Improving Critical Infrastructure Cybersecurity executive order, which presented a plan to decrease the risk of cyberattacks on critical infrastructure.  The US Department of Commerce’s National Institute of Standards and Technology (NIST) was charged with creating the plan, which became known as the Framework for Improving Critical Infrastructure Cybersecurity (Framework).  The NIST worked with over three thousand individuals and business organizations to create the Framework.  The goal of the Framework is to help businesses... More
  • Bank Security and Wire Transfers: Even Vaulted Systems Can’t Protect All Personal Information With hackers on the loose, and wire transfers as a place for them to gain unauthorized access to bank accounts, it is no wonder that when it comes to potentially intercepted wires, customers and banks are playing hot potato with who to blame. Typically, banks bear the risk of loss for unauthorized wire transfers. The Electronic Fund Transfer Act (“EFTA”) for consumer accounts and Article 4A of the Uniform Commercial Code (“UCC”) for business accounts, are two entities that govern... More
  • The Anatomy of a Cyber Attack: Prevention, Response and Postmortem (Part 6 of 6) After a Cyberattack This blog post is the sixth and final entry of a six-part series discussing the best practices relating to cyber security.  The previous post discussed the individuals and organizations that should be notified once a cyberattack occurs.  This post will focus on what a business should not do after a cyberattack.  Key points include (1) not using the network, (2) not sharing information with unconfirmed parties, and (3) not attempting to retaliate against a different network. Do Not... More
  • The Anatomy of a Cyber Attack: Prevention, Response and Postmortem (Part 5 of 6) Notification This blog post is the fifth entry of a six series discussing the best practices relating to cyber security.  The previous post discussed the important steps that a business should take to preserve evidence and information once a cyberattack has been identified.  This post will discuss the individuals and organizations that should be notified once a cyberattack occurs.  The four most important groups to contact are (1) individuals within the business, (2) law enforcement officials, (3) The Department of... More