Posts tagged information security program

Breach, data protection, FTC, InfoLawGroup, information law group, information security, information security breach, information security law, information security program, InformationLawGroup, privacy, privacy law, SAFE Data Act, security breach, Segalis, state breach law

Federal Information Security and Breach Notification Law Approved by House Trade Subcommittee

By InfoLawGroup LLP on July 25, 2011

On July 20, 2011, the U.S. House of Representatives Energy and Commerce Committee's Trade Subcommittee approved the Secure and Fortify Electronic Data Act (the "SAFE Data Act"). The Act would require any business that maintains personal information to implement an information security program and notify affected individuals in the event of an information security breach. The SAFE Data Act would preempt the over 45 existing state information security and breach notification laws and task the Federal Trade Commission with developing information security rules implementing the Act.

Ceridian, deceptive practices, enforcement, Federal Trade Commission, FTC, FTC Act, FTC consent, InfoLawGroup, information law group, information security, information security program, InformationLawGroup, Lookout, personal data, personal information, privacy enforcement, Section 5, Segalis

FTC Privacy Enforcement Update: Two Companies Allegedly Failed to Protect Sensitive Employee Data

By InfoLawGroup LLP on May 06, 2011

On May 3, 2011, the Federal Trade Commission announced that Ceridian Corporation and Lookout Services, Inc. agreed to settle the FTC's allegations that the companies failed to safeguard their business customers' employee personal information. Ceridian's services include payroll processing, payroll-related tax filing, benefits administration and other human resource services for business customers. Lookout provides a web-based computer product that is designed to help employers comply with their obligations under federal law to complete and maintain a U.S. Citizenship and Immigration Services Form I-9 about each employee in order to verify that the employee is eligible to work in the United States.

Data Security and Breach Notification Act, FTC, information brokers, information security program, preemption, Pryor, Rockefeller, S- 3742

Yet Another Proposed Federal Data Security and Breach Notification Bill: Senators Rockefeller and Pryor Jump Into the Fray

By InfoLawGroup LLP on August 16, 2010

Many of us have watched over the past few years as dozens of proposed federal data security and breach notification bills have been introduced, often with bipartisan support, but have failed to become law. This year has seen many of the usual proposals. For those of you keeping track, this year's bills include: Rep. Rush's Data Accountability and Trust Act -- HR 2221; Sen. Leahy's Personal Data Privacy and Security Act - S. 1490; Sen. Feinstein's Data Breach Notification Act - S. 139; and Sens. Carper's and Bennett's "Data Security Act of 2010" - S. 3579. However, 2010 has also seen new and expansive proposals for broad and far-reaching data privacy legislation, including Rep. Boucher's "discussion draft" and Rep. Rush's "Building Effective Strategies to Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards" Act (or "BEST PRACTICES Act"). Most recently, on August 5, Sens. Pryor and Rockefeller introduced the "Data Security and Breach Notification Act of 2010" - S. 3742 (hereinafter "S. 3742" or the "Act"). S. 3742 is much more akin to the more traditional proposed breach notification and data security legislation mentioned above, and not nearly as ambitious as the draft Boucher Bill or the BEST PRACTICES Act. This post summarizes the key provisions in S. 3742.

Dave & Buster's, FTC, hacker, information security program, personal information

Dave & Buster's Busted: Another Allleged Failure to Implement "Reasonable Security"

By InfoLawGroup LLP on March 26, 2010

We are seeing more and more private litigation and regulatory enforcement actions around the issue of what constitutes "reasonable security." This week we see another. Once again the FTC asserts that a company has failed to take "reasonable and appropriate security measures" to protect personal information. Yesterday, in its 27th case challenging inadequate data security practices by organizations that handle sensitive consumer information, the FTC announced settlement of its complaint against Dave & Buster's, the restaurant chain. The FTC alleged in its complaint that, from April 30, 2007 to August 28, 2007, a hacker exploited vulnerabilities in Dave & Buster's systems to install unauthorized software and access approximately 130,000 credit and debit cards.