Blog

Privacy Compliance & Data Security Blog

Privacy compliance and electronic data security affect almost every business. Data breach prevention is essential. Fox Rothschild's Privacy Compliance & Data Security Blog will help readers navigate through the policies and best practices of data breach response. The Blog covers topics including compliance with data protection laws and regulatory enforcement and litigation as well.

Recent Blog Posts

  • Nonprofits Aren’t Immune From or Prepared for Cyberattacks The Financial Times reports that many nonprofits are vulnerable to cyberattacks. Many charities simply don’t want to invest time and money defending against hackers. A 2016 study found about half of nonprofits had not conducted a cyber risk assessment, and two thirds had no plans to increase spending on data security. But hackers don’t give nonprofits a pass. The article tells the story of a small, Indianapolis, Indiana-based cancer charity that lost all its client data in a ransomware attack. “While it is not surprising that charities want to spend... More
  • Hackers Increasingly Using Weak RDP Credentials in Ransomware Attacks Industry publication Data Breach Today reports hackers are increasingly exploiting weak Remote Desktop Protocol (RDP) credentials to launch ransomware attacks. “Many enterprises use remote desktop protocol to remotely administer their PCs and mobile devices,” reports Executive Editor Mathew J. Schwartz. “But security experts warn that weak RDP credentials are in wide circulation on darknet marketplaces and increasingly used by ransomware attackers.” RDP credentials have long been used to launch distributed denial of service (DDoS) and malware attacks. Investigators recently found RDP credentials for sale for... More
  • Security May Be the Silver Lining in Cloud Computing, Study Reveals Cloud computing offers greater flexibility, speed, and convenience, but some businesses were hesitating to take advantage of the technology due to fears of increasing vulnerability to cyberattacks. But a recent study reveals a marked increase in moving sensitive data to the cloud as a result of increased confidence in security – and despite continuing struggles to monitor and manage the data once it’s there. In a post on the Dark Reading blog, Kelly Sheridan reports that fewer than 25 percent of businesses... More
  • Siri: What Should Doctors Know About the Risks of Using a Voice Assistant? Physicians have their hands full on the best of days. It’s not difficult to imagine why using a voice assistant such as Amazon’s Alexa or Apple’s Siri might be attractive. In fact, a recent survey showed nearly one in four physicians uses the assistants for work-related purposes, such as researching prescription drug dosing. It’s likely many are unaware of the information security dangers they pose. In an interview with SCG Health Blog, Fox Rothschild attorneys Elizabeth Litten and Michael Kline explain that the... More
  • Is Your Business in Compliance with the Illinois Biometric Information Privacy Act A number of employers in Illinois are involved in pending class action litigation regarding violations of the Illinois Biometric Information Privacy Act, 740 ILCS 14/1, et seq. (the “BIPA”). The BIPA, which was enacted in 2008, addresses the collection, use and retention of biometric information by private entities. Any information that is captured, stored, or shared based on a person’s biometric identifiers, such as fingerprints, iris scans, or blood type, is considered “biometric information.” The Illinois Legislature enacted the BIPA... More
  • FTC Invests in Technology to Prepare for Busy Year of Litigation and Investigations The Federal Trade Commission is investing nearly $3 million in technology to support an increasing need for e-discovery driven by massive data breaches such as the one disclosed recently by Equifax. The news comes from the National Law Journal, which reports that the FTC awarded a one-year contract to Innovative Discovery LLC of Arlington, Virginia for a secure litigation support service. The agency awarded the contract without competitive bids because it “faces usual and compelling circumstances that require the immediate initiation of this pilot,” the... More
  • Upcoming CLE (Chicago): Staying One Step Ahead: Developments in Privacy and Data On Tuesday, November 7th from 2:00 to 6:30, Fox Rothschild and Kroll will be presenting the CLE: Staying One Step Ahead: Developments in Privacy and Data.  The CLE will take place at Fox Rothschild’s offices at 353 N. Clark Street in Chicago.  The speakers are Bill Dixon from Kroll, and Dan Farris and Mark McCreary from Fox Rothschild.  Cocktails and networking will follow the presentations. If you are in the Chicago are on November 7th, I hope you will join us.  Click here... More
  • Is Overconfidence Hurting Your Breach Prevention Efforts? A new study notes that despite record spending on cybersecurity, overconfidence may be hurting companies’ ability to protect against data breaches. Tech publication Information Week reports that the survey of IT professionals, by security firm Gemalto, showed that while 94 percent of respondents said their perimeter security was effective, nearly a third reported breaches within the last 12 months. Surprisingly, 14 percent said they would not trust their own organization to safeguard their personal data. Why the disconnect? Experts interviewed by Information Week chalked... More
  • Report: Employees Cited as Prime Cause of Data Breaches at Small, Mid-sized Companies For small and medium-sized businesses, the most dangerous cyberthreat may come from within. IT industry publication TechRepublic reports that a newly released study by Keeper Security and the Ponemon Institute suggests careless employees are at fault for the majority of data breaches at small and mid-sized businesses. The study surveyed 1,000 information technology professionals in the United Kingdom and North America. Some 54 percent listed employee negligence as the root cause of cybersecurity incidents, followed by insufficient password policies. A stunning 50 percent said... More
  • Massive Equifax Data Breach Raises Notification Questions It wasn’t a good week for credit reporting agency Equifax, which admitted to a major data breach affecting more than 143 million people. Consumers’ data was exposed over three months via a vulnerability in a web application, the company said in a press release announcing the breach. The breach was covered by every major news outlet, but Data Breach Today‘s Jeremy Kirk raises some interesting questions about Equifax’s notification strategy in this piece. For the latest in breach response protocol in all 50 states, download Data... More