Posts in Information Security

Blumethal, Breach, data security, InfoLawGroup, information law group, information security, Personal Data Protection and Breach Accountability Act, privacy, privacy legislation, Segalis

We Discuss Benefits of Federal Information Security Legislation on Fox

By InfoLawGroup LLP on September 14, 2011

Earlier this week we blogged about Senator Blumenthal's (D-CT) proposed Personal Data Protection and Breach Accountability Act of 2011. Today, InfoLawGroup partner Boris Segalis spoke on Fox Live about the advantages of federal information security legislation.

Breach, data protection, FTC, InfoLawGroup, information law group, information security, information security breach, information security law, information security program, InformationLawGroup, privacy, privacy law, SAFE Data Act, security breach, Segalis, state breach law

Federal Information Security and Breach Notification Law Approved by House Trade Subcommittee

By InfoLawGroup LLP on July 25, 2011

On July 20, 2011, the U.S. House of Representatives Energy and Commerce Committee's Trade Subcommittee approved the Secure and Fortify Electronic Data Act (the "SAFE Data Act"). The Act would require any business that maintains personal information to implement an information security program and notify affected individuals in the event of an information security breach. The SAFE Data Act would preempt the over 45 existing state information security and breach notification laws and task the Federal Trade Commission with developing information security rules implementing the Act.

consent, data protection, InfoLawGroup, information law group, information security, Legislation, privacy enforcement, Russia, Segalis

Russia Amends Federal Data Protection Law; Privacy Enforcement on the Rise

By InfoLawGroup LLP on July 19, 2011

Last week, the upper house of Russia's federal legislature approved amendments to the country's federal data protection law. The amendments impose detailed information security requirements on businesses that process personal data and revise some of the statute's data subject consent provisions.The amended law will come into force when it is published in the official newsletter.

Boris Segalis, broker, data protection, dealer, financial privacy, InfoLawGroup, information law group, information security, Nicole Friess, privacy, privacy assessment, privacy enforcement, privacy rule, Regulation S-P, Regulation SP, Safeguards Rule, SEC, Securities and Exchange Commission

Federal Privacy Enforcement Update: SEC Fines Executives for Privacy and Security Violations

By InfoLawGroup LLP on April 13, 2011

As we have reported previously on our blog, federal agencies, including the FTC, NLRB and EEOC have been very active in taking action against privacy and information security violations. This trend continues with the Securities and Exchange Commission's (SEC's) recent announcement of a settlement with three former executives a brokerage firm (GunnAllen Financial, Inc.). The SEC alleged that the former executives violated the Commission's Privacy Rule and Safeguards Rule (Regulation S-P) and aided and abetted the firm in violating these rules. This enforcement action marks the first time the SEC assessed financial penalties against individuals charged solely with violating Regulation S-P.

Boris Segalis, Buzz, Consent Order, Consumer Protection, data protection, data security, Federal Trade Commission, FTC, FTC Act, Google, Google settlement, InfoLawGroup, information law group, information security, personal information, privacy, privacy assessment, privacy by design, privacy enforcement, risk assessment, Safe Harbor, social media, social network

FTC Takes a Big Step in Privacy Enforcement with Google Buzz Settlement

By InfoLawGroup LLP on April 06, 2011

The Google Buzz settlement that the Federal Trade Commission announced on March 30, 2011 is the latest in the line of the Commission's numerous Section 5 actions related to privacy and data security violations. The Google Buzz settlement, however, is unique in several important ways. The settlement represents (i) the first FTC settlement order has requires a company to implement a comprehensive privacy program to protect the privacy of consumers' information, and (ii) the Commission's first substantive U.S.-EU Safe Harbor framework enforcement action. Let's dive in (make sure to read the "Action Item" at the conclusion of the post!).

behavioral advertising, behavioral marketing, chitika, deceptive practices, Federal Trade Commission, FIPPs, FTC Act, FTC consent, InfoLawGroup, information law group, information security, InformationLawGroup, opt-out, privacy enforcement, Section 5, Segalis, tracking, twitter

Privacy Enforcement Update: FTC Settles with Twitter and Chitika

By InfoLawGroup LLP on March 18, 2011

As we have previously reported on our blog, 2011 has seen a whirlwind of privacy enforcement activity. The FTC, NLRB, EEOC, HHS and FINRA have all taken privacy enforcement actions this year. This March, the FTC has announced privacy settlements with Chitika and Twitter.

ABA, data protection, InfoLawGroup, information law group, personal information, privacy, Security, smart grid

ABA Information Security Committee Launches Smart Grid Working Group

By InfoLawGroup LLP on February 23, 2011

On February 12, 2011, the American Bar Association Information Security Committee established the Smart Grid Privacy and Security Working Group. The working group's mission is to increase awareness regarding privacy and information security legal issues arising in connection with the Smart Grid among consumers, regulators, utilities, service provider and other stakeholders. Gib Sorebo, Chief Cybersecurity Technologist at SAIC, and Boris Segalis, partner at InfoLawGroup, will co-chair the group.

NIST Issues Two New Draft Cloud Computing Documents, A Call for Public Comment and a Cloud Wiki

By InfoLawGroup LLP on February 07, 2011

The National Institute of Standards and Technology (NIST) has released for public comment two "new" draft documents centered on cloud computing. The first is a NIST-codified Definition of Cloud Computing (Draft SP 800-145), and the second document is what NIST calls "the first set of guidelines for managing security and privacy issues in cloud computing," titled Guidelines on Security and Privacy in Public Cloud Computing (Draft SP 800-144). In conjunction with the release NIST has also unveiled a new NIST Cloud Computing Collaboration site, which includes various working group listservs and Wikis, to "enable two-way communication among the cloud community and NIST cloud research working groups."

cyber security, data security, Department of the Energy, InfoLawGroup, information law group, information security, personal information, privacy, smart grid

U.S. Department of Energy Takes on Smart Grid Security

By InfoLawGroup LLP on February 03, 2011

On February 1, 2011, the Department of Energy announced the launch of the Cyber Security Initiative to develop cyber security risk management process guidelines for the electric grid. The Department's Office of Electricity Delivery and Energy Reliability will lead the effort in collaboration with the National Institute of Standards and Technology and the North American Electric Reliability Corporation.

Boris Segalis, creditor, FACTA, FCRA, FTC, FTC Red Flags Rule, identity theft, identity theft prevention program, Info Law Group, InfoLawGroup, information security, Red Flags

House and Senate Enact Amendment of FCRA, Limit Scope of Red Flags Rule

By InfoLawGroup LLP on December 07, 2010

The Blog of Legal Times is reporting that late on December 7, 2010 the House of Representatives passed a bill on a voice vote that amends the definition of "creditor" in the Fair and Accurate Credit Reporting Act (FCRA) and, as a result, dramatically limits the scope of the Red Flags Rule. The House bill is identical to the legislation enacted by the Senate last week. We previously covered in detail on our blog both the House bill and the Senate bill.The legislation has the effect of largely limiting the applicability of the Red Flags Rule to financial institutions and entities commonly understood to be "creditors". It will generally exclude from the Rule's scope organizations whose "credit" activities are limited to providing a product or service and allowing customers to pay for the product or service at a later time. The legislation leaves open the possibility that the FTC would bring various types of creditors within the scope of the Rule through rulemaking. However, it sets a procedural threshold for expanding the scope of the Rule and appears to require the determination to be specific to the type of creditor. "When I think of the word 'creditor,' dentists, accounting firms and law firms do not come to mind," said Rep. John Adler (D-N.J.), speaking on the House floor.

compliance, Federal Trade Commission, FTC, guidance, information management, information security, privacy

FTC Launches Privacy Portal

By InfoLawGroup LLP on November 05, 2010

Today, the Federal Trade Commission announced the launch of a business center portal to help businesses understand and comply with privacy and information security requirements that the FTC enforces. The new portal provides centralized access to the FTC's privacy and information security regulations, enforcement actions and guides. The main portal also offers information about compliance with advertising, credit, telemarketing and myriad other requirements. A series of short videos explain what businesses need to know to comply, and the business center blog offers latest compliance tips and information.

20/20, ABA, client confidentiality, COPRAC, encrypt, encryption, ethics, Formal Opinion Interim No- 08-0002, lawyers, New York State Bar Association, online storage, Opinion 842, professional responsibility, State Bar of California, technology, wifi

Legal Implications of Cloud Computing -- Part Five (Ethics or Why All Lawyers-Not Just Technogeek Lawyers Like Me-Should Care About Data Security)

By InfoLawGroup LLP on October 19, 2010

So, you thought our cloud series was over? Wishful thinking. It is time to talk about ethics. Yes, ethics. Historically, lawyers and technologists lived in different worlds. The lawyers were over here, and IT was over there. Here's the reality: Technology - whether we are talking cloud computing, ediscovery or data security generally - IS very much the business of lawyers. This post focuses on three recent documents, ranging from formal opinions to draft issue papers, issued by three very prominent Bar associations -- the American Bar Association (ABA), the New York State Bar Association (NYSBA), and the State Bar of California (CA Bar). These opinions and papers all drive home the following points: as succinctly stated by the ABA, "[l]awyers must take reasonable precautions to ensure that their clients' confidential information remains secure"; AND lawyers must keep themselves educated on changes in technology and in the law relating to technology. The question, as always, is what is "reasonable"? Also, what role should Bar associations play in providing guidelines/best practices and/or mandating compliance with particular data security rules? Technology, and lawyer use of technology, is evolving at a pace that no Bar association can hope to meet. At the end of the day, do the realities of the modern business world render moot any effort by the Bar(s) to provide guidance or impose restrictions? Read on and tell us - and the ABA - what you think.

Cloud, cloud computing, EU, EU Data Protection Directive, EU Directive, European Union, Germany, international data transfers, Safe Harbor, transborder data flows

European Reservations?

By W. Scott Blackmer on August 25, 2010

German state data protection authorities have recently criticized both cloud computing and the EU-US Safe Harbor Framework. From some of the reactions, you would think that both are in imminent danger of a European crackdown. That's not likely, but the comments reflect some concerns with recent trends in outsourcing and transborder data flows that multinationals would be well advised to address in their planning and operations.