Header graphic for print
InfoLawGroup privacy. security. technology. media. advertising. intellectual property.

Tag Archives: best practices

A Novel Data Security Law Proposed in Colorado

Posted in Regulations

Over the past couple years, many predicted that new state laws would follow the lead of states like Nevada and Massachusetts, and some anticipated we could see a situation where 50 different privacy/security laws across the country. Now it looks like we are beginning to see some renewed activity on the state level. In Hawaii we have a proposed bill that would require breached entities to provide credit monitoring and call center services to impacted individuals. In my home state, Colorado, a legislator (Dan Pabon) has proposed a novel bill that takes a new approach to incentivizing companies to implement good security. In this post, we take a look at the highlights of the Colorado bill.

Privacy News Round-Up: Lessons Learned

Posted in Privacy Law

Several important privacy issues were in the news in the first half of this week. Here’s our take on these stories, which covered online data collection, employee privacy and legislative battles about the future of privacy.

Information Security Standards and Certifications in Contracting

Posted in Breach Notification, Breach of Contract, Cloud Computing, Damages, Data Privacy Law or Regulation, Encryption, Financial Services, Information Security, Information security contracts, International, NDA / Confidentiality Agreement, Payment Card Breach Laws, PCI, PII, Plastic Card Security Laws, Privacy and Security Litigation, Privacy Law, Reasonable Security, Regulations, Service Provider Breach, Standards

It often makes sense to refer to an information security management framework or standard in an outsourcing contract, but this is usually not very meaningful unless the customer also understands what particular security measures the vendor will apply to protect the customer’s data.

Privacy’s Trajectory

Posted in Breach Notice, Breach Notification, Cloud Computing, Data Privacy Law or Regulation, Digital Evidence and E-Discovery, Information Security, Massachusetts 210 CMR 17.00, Massachusetts Data Security Regulations, Nevada Security of Personal Information Law, PCI, Privacy Law, Regulations

As many of our readers know, the International Association of Privacy Professionals (IAPP) will celebrate 10 years this Tuesday, March 16. In connection with that anniversary, the IAPP is releasing a whitepaper, “A Call For Agility: The Next-Generation Privacy Professional,” tomorrow, March 15. I am honored that the IAPP has given me the opportunity to read and blog about the whitepaper in advance of its official release.