Blog

Privacy Compliance & Data Security Blog

Privacy compliance and electronic data security affect almost every business. Data breach prevention is essential. Fox Rothschild's Privacy Compliance & Data Security Blog will help readers navigate through the policies and best practices of data breach response. The Blog covers topics including compliance with data protection laws and regulatory enforcement and litigation as well.

Recent Blog Posts

  • Article in Bloomberg BNA: The Right To Be Forgotten – Protection or Hegemony? Copyright: hywards / 123RF Stock Photo France’s data protection regulator – the  Commission Nationale de L’Informatique et des Libertés (CNIL) – ordered Alphabet Inc.’s Google in 2015 to comply with the right to be forgotten. If the ruling is upheld, the approach to personal privacy threatens the equal and competing legitimate freedom of expression and access to information rights of businesses and consumers outside the European Union. Scott L. Vernick and Jessica Kitain recently authored the Bloomberg BNA Privacy and Security Law Report... More
  • United States and Canada Warn Citizens and Organizations About Ransomware The United States and Canada have teamed up to alert both nations of the threat of ransomware, illustrating the harmful impact of these cyberattacks to individuals and organizations all over the world. The United States Computer Emergency Readiness Team (US-CERT) within the Department of Homeland Security (DHS) and the Canadian Cyber Incident Response Centre (CCIRC) jointly issued alerts in response to ransomware variants infecting computers in the healthcare industry in the United States, New Zealand and Germany. The alert gives useful information... More
  • Letter to New York State Banks and Insurance Companies: New Cybersecurity Regulations Likely (Part 2 of 2) In my previous post, I reviewed the New York State Department of Financial Services’ (NYDFS) findings and conclusions of survey results of financial institutions and insurers’ programs, costs, and future plans related to cybersecurity. Anthony J. Albanese – Acting Superintendent of Financial Services – writes in a November 9, 2015 letter to Financial and Banking Information Infrastructure Committee (FBIIC) Members that these conclusions have demonstrated a need for new cybersecurity regulations for financial institutions. Such “robust regulatory action” would be a coordinated... More
  • Letter to New York State Banks and Insurance Companies: New Cybersecurity Regulations Likely (Part 1 of 2) In reaction to two surveys of more than 150 regulated banking organizations and 43 regulated insurers in New York, the state’s Acting Superintendent of Financial Services issued a letter to all Financial and Banking Information Infrastructure Committee (FBIIC) Members addressing the need for potential new cybersecurity regulations in the financial sector. The New York State Department of Financial Services (NYDFS) expects that the November 9, 2015 letter will trigger more “dialogue, collaboration and, ultimately, regulatory convergence” among New York agencies on... More
  • Privacy v. Security: The Battle Between Apple and the FBI Fox Partner and Chair of the Privacy and Data Security Practice Scott L. Vernick was a guest on Fox Business’ “The O’Reilly Factor” and “After the Bell” on February 17, 2016, to discuss the controversy between Apple and the FBI over device encryption. A federal court recently ordered Apple to write new software to unlock the iPhone used by one of the shooters in the San Bernardino attacks in December. Apple CEO Tim Cook has vowed to fight the court order. The... More
  • The White House’s New Cybersecurity National Action Plan The White House is building on recent laws addressing cybersecurity in the United States with the release of a new Cybersecurity National Action Plan (“CNAP”). The plan focuses on: improving cybersecurity awareness and protections; additional privacy and security protections for individuals through the creation of a permanent Federal Privacy Council; maintenance of public safety, economic security and national security through a new Commission on Enhancing National Security; and encouraging citizens to take better control of their digital information and security. CNAP includes a request to... More
  • The Data is In… Privacy Internet Lawsuits are Out The “new age” of internet and dispersed private data is not so new anymore but that doesn’t mean the law has caught up.  A few years ago, plaintiffs’ cases naming defendants like Google, Apple, and Facebook were at an all-time high but now, plaintiffs firms aren’t interested anymore.  According to a report in The Recorder, a San Francisco based legal newspaper, privacy lawsuits against these three digital behemoths have dropped from upwards of thirty cases in the Northern District of... More
  • Privacy Policies Matter… Whether You Read Them Or Not New innovations come hand in hand with new privacy issues.  Privacy policies may seem like a last minute add-on to some app developers but they are actually an important aspect of an app.  Data breaches are an imminent risk and a business’s first defense to potential problems is a privacy policy. Fordham University in New York hosted its Ninth Law and Information Society Symposium last week where policy and technology leaders came together to discuss current privacy pitfalls and solutions.  Joanne... More
  • A Dream or A Nightmare? How the FCC’s Addition of Vague Robocall Rules to the TCPA May Increase Litigation and Issues for Businesses The freedom from automated calls at random hours of the evening may seem like the true American dream these days as more and more companies rely on these calls to reach out and communicate with customers.  Unfortunately, now that the Federal Communications Commission (“FCC”) voted to expand the Telephone Consumer Protection Act (“TCPA”) to include stringent yet vague restrictions on telemarketing robocalls, it may not be a dream for everyone.  In June of this year, in a 3-2 vote, the... More
  • Further Thoughts on Data Breaches and Article III Standing A recent District of Nevada ruling could cause issues for consumers in data breach class action cases moving forward.  On June 1, 2015, the court ruled that a consumer class action against Zappos.com Inc. could not proceed because the class did not state “instances of actual identity theft or fraud.”  The suit was brought as a result of a 2012 data breach where Zappos’ customers’ personal information was stolen, including names, passwords, addresses, and phone numbers.  Even though the information... More