Posts tagged information security

Blumethal, Breach, data security, InfoLawGroup, information law group, information security, Personal Data Protection and Breach Accountability Act, privacy, privacy legislation, Segalis

We Discuss Benefits of Federal Information Security Legislation on Fox

By InfoLawGroup LLP on September 14, 2011

Earlier this week we blogged about Senator Blumenthal's (D-CT) proposed Personal Data Protection and Breach Accountability Act of 2011. Today, InfoLawGroup partner Boris Segalis spoke on Fox Live about the advantages of federal information security legislation.

Breach, data protection, FTC, InfoLawGroup, information law group, information security, information security breach, information security law, information security program, InformationLawGroup, privacy, privacy law, SAFE Data Act, security breach, Segalis, state breach law

Federal Information Security and Breach Notification Law Approved by House Trade Subcommittee

By InfoLawGroup LLP on July 25, 2011

On July 20, 2011, the U.S. House of Representatives Energy and Commerce Committee's Trade Subcommittee approved the Secure and Fortify Electronic Data Act (the "SAFE Data Act"). The Act would require any business that maintains personal information to implement an information security program and notify affected individuals in the event of an information security breach. The SAFE Data Act would preempt the over 45 existing state information security and breach notification laws and task the Federal Trade Commission with developing information security rules implementing the Act.

consent, data protection, InfoLawGroup, information law group, information security, Legislation, privacy enforcement, Russia, Segalis

Russia Amends Federal Data Protection Law; Privacy Enforcement on the Rise

By InfoLawGroup LLP on July 19, 2011

Last week, the upper house of Russia's federal legislature approved amendments to the country's federal data protection law. The amendments impose detailed information security requirements on businesses that process personal data and revise some of the statute's data subject consent provisions.The amended law will come into force when it is published in the official newsletter.

Ceridian, deceptive practices, enforcement, Federal Trade Commission, FTC, FTC Act, FTC consent, InfoLawGroup, information law group, information security, information security program, InformationLawGroup, Lookout, personal data, personal information, privacy enforcement, Section 5, Segalis

FTC Privacy Enforcement Update: Two Companies Allegedly Failed to Protect Sensitive Employee Data

By InfoLawGroup LLP on May 06, 2011

On May 3, 2011, the Federal Trade Commission announced that Ceridian Corporation and Lookout Services, Inc. agreed to settle the FTC's allegations that the companies failed to safeguard their business customers' employee personal information. Ceridian's services include payroll processing, payroll-related tax filing, benefits administration and other human resource services for business customers. Lookout provides a web-based computer product that is designed to help employers comply with their obligations under federal law to complete and maintain a U.S. Citizenship and Immigration Services Form I-9 about each employee in order to verify that the employee is eligible to work in the United States.

Boris Segalis, broker, data protection, dealer, financial privacy, InfoLawGroup, information law group, information security, Nicole Friess, privacy, privacy assessment, privacy enforcement, privacy rule, Regulation S-P, Regulation SP, Safeguards Rule, SEC, Securities and Exchange Commission

Federal Privacy Enforcement Update: SEC Fines Executives for Privacy and Security Violations

By InfoLawGroup LLP on April 13, 2011

As we have reported previously on our blog, federal agencies, including the FTC, NLRB and EEOC have been very active in taking action against privacy and information security violations. This trend continues with the Securities and Exchange Commission's (SEC's) recent announcement of a settlement with three former executives a brokerage firm (GunnAllen Financial, Inc.). The SEC alleged that the former executives violated the Commission's Privacy Rule and Safeguards Rule (Regulation S-P) and aided and abetted the firm in violating these rules. This enforcement action marks the first time the SEC assessed financial penalties against individuals charged solely with violating Regulation S-P.

Boris Segalis, Buzz, Consent Order, Consumer Protection, data protection, data security, Federal Trade Commission, FTC, FTC Act, Google, Google settlement, InfoLawGroup, information law group, information security, personal information, privacy, privacy assessment, privacy by design, privacy enforcement, risk assessment, Safe Harbor, social media, social network

FTC Takes a Big Step in Privacy Enforcement with Google Buzz Settlement

By InfoLawGroup LLP on April 06, 2011

The Google Buzz settlement that the Federal Trade Commission announced on March 30, 2011 is the latest in the line of the Commission's numerous Section 5 actions related to privacy and data security violations. The Google Buzz settlement, however, is unique in several important ways. The settlement represents (i) the first FTC settlement order has requires a company to implement a comprehensive privacy program to protect the privacy of consumers' information, and (ii) the Commission's first substantive U.S.-EU Safe Harbor framework enforcement action. Let's dive in (make sure to read the "Action Item" at the conclusion of the post!).

behavioral advertising, behavioral marketing, chitika, deceptive practices, Federal Trade Commission, FIPPs, FTC Act, FTC consent, InfoLawGroup, information law group, information security, InformationLawGroup, opt-out, privacy enforcement, Section 5, Segalis, tracking, twitter

Privacy Enforcement Update: FTC Settles with Twitter and Chitika

By InfoLawGroup LLP on March 18, 2011

As we have previously reported on our blog, 2011 has seen a whirlwind of privacy enforcement activity. The FTC, NLRB, EEOC, HHS and FINRA have all taken privacy enforcement actions this year. This March, the FTC has announced privacy settlements with Chitika and Twitter.

cyber security, data security, Department of the Energy, InfoLawGroup, information law group, information security, personal information, privacy, smart grid

U.S. Department of Energy Takes on Smart Grid Security

By InfoLawGroup LLP on February 03, 2011

On February 1, 2011, the Department of Energy announced the launch of the Cyber Security Initiative to develop cyber security risk management process guidelines for the electric grid. The Department's Office of Electricity Delivery and Energy Reliability will lead the effort in collaboration with the National Institute of Standards and Technology and the North American Electric Reliability Corporation.

Boris Segalis, creditor, FACTA, FCRA, FTC, FTC Red Flags Rule, identity theft, identity theft prevention program, Info Law Group, InfoLawGroup, information security, Red Flags

House and Senate Enact Amendment of FCRA, Limit Scope of Red Flags Rule

By InfoLawGroup LLP on December 07, 2010

The Blog of Legal Times is reporting that late on December 7, 2010 the House of Representatives passed a bill on a voice vote that amends the definition of "creditor" in the Fair and Accurate Credit Reporting Act (FCRA) and, as a result, dramatically limits the scope of the Red Flags Rule. The House bill is identical to the legislation enacted by the Senate last week. We previously covered in detail on our blog both the House bill and the Senate bill.The legislation has the effect of largely limiting the applicability of the Red Flags Rule to financial institutions and entities commonly understood to be "creditors". It will generally exclude from the Rule's scope organizations whose "credit" activities are limited to providing a product or service and allowing customers to pay for the product or service at a later time. The legislation leaves open the possibility that the FTC would bring various types of creditors within the scope of the Rule through rulemaking. However, it sets a procedural threshold for expanding the scope of the Rule and appears to require the determination to be specific to the type of creditor. "When I think of the word 'creditor,' dentists, accounting firms and law firms do not come to mind," said Rep. John Adler (D-N.J.), speaking on the House floor.

compliance, Federal Trade Commission, FTC, guidance, information management, information security, privacy

FTC Launches Privacy Portal

By InfoLawGroup LLP on November 05, 2010

Today, the Federal Trade Commission announced the launch of a business center portal to help businesses understand and comply with privacy and information security requirements that the FTC enforces. The new portal provides centralized access to the FTC's privacy and information security regulations, enforcement actions and guides. The main portal also offers information about compliance with advertising, credit, telemarketing and myriad other requirements. A series of short videos explain what businesses need to know to comply, and the business center blog offers latest compliance tips and information.

AICPA, best practices, BITS, cloud computing, COBIT, contracts, FIPS, information security, ISO 27001, ISO 27002, NIST, outsourcing, PCI DSS, SAS 70, SP 800-53, standards

Information Security Standards and Certifications in Contracting

By W. Scott Blackmer on May 26, 2010

It often makes sense to refer to an information security management framework or standard in an outsourcing contract, but this is usually not very meaningful unless the customer also understands what particular security measures the vendor will apply to protect the customer's data.

compliance, contract management, data protection, data security, information governance, information security, management, pia, privacy, privacy audit, privacy governance, privacy impact assessment, procurement, risk management, security governance, standards

Information Governance

By W. Scott Blackmer on May 06, 2010

Security governance is often well established in large organizations, but privacy governance typically lags. It is time for a broader approach to "information governance" that focusses on the kinds of sensitive data handled by the enterprise and establishes policies to assure compliance and effective risk management, as well as better customer, employee, government, and business relations.