Canada, PIPEDA, Personal Information and Electronic Documents Act, Digital Privacy Act, consent, notice, breach notification, privacy policies, children, cross-border, transborder, extraterritorial jurisdiction
CANADA: Meaningful Consent, Inappropriate Data Practices, and Breach Notification
By W. Scott Blackmer on November 30, 2018
breach notification, California, data breach, Do Not Call Regulations, social security number, SSN
California Amends Data Breach Notification Law, Does Not Require Mandatory Offering of Credit Monitoring
By InfoLawGroup LLP on October 01, 2014
Breach, breach notification, California, data protection, data security, heartbleed, HIPAA, hipaa hitech, OpenSSL, passwords, Security, vulnerability
FAQs Concerning the Legal Implications of the Heartbleed Vulnerability
By InfoLawGroup LLP on April 14, 2014
Breach, breach notification, cyber insurance, cyberinsurance, heartland payment processor, litigation, PCI DSS, point of sale breach, Target, TJX
Payment Card Breaches: Time to Spread the Risk with Mandatory Cyber Insurance
By InfoLawGroup LLP on February 24, 2014
Breach, breach notification, California, Lawsuit
California Attorney General Files Lawsuit Based on Late Breach Notification
By InfoLawGroup LLP on January 29, 2014
anonymization, Big Data, breach notification, data breach, de-identification, Fair Information Practice Principles, FCRA, FTC, privacy
The Privacy Legal Implications of Big Data: A Primer
By InfoLawGroup LLP on February 12, 2013
Binding Corporate Rules, Canada, Cloud, data protection, EU Data Protection Directive, international, outsourcing, PCI DSS, privacy, privacy impact assessment, security measures
A Privacy Checklist for Global Enterprises
By W. Scott Blackmer on October 21, 2010
Scott Blackmer provides a "discovery" checklist for global enterprises handling personal data from multiple jurisdictions, as well as advice on a global approach to privacy compliance and risk management.
Act, breach notification, CUTPA, data, HITECH, HIPAA
Health Net Agrees to $250,000 Fine and "Corrective Action Plan" to Settle Loss of PHI
By InfoLawGroup LLP on July 21, 2010
Binding Corporate Rules, clauses, cloud computing, consent, contract, controller, EU, EU Data Protection Directive, EU Directive, European Union, offshoring, outsourcing, processor, Safe Harbor, sstandard, standard contractual clauses
Do the New EU Processing Clauses Apply to You?
By W. Scott Blackmer on June 10, 2010
A new set of EU standard contract clauses ("SCCs" or "model contracts") for processing European personal data abroad came into effect on May 15, 2010. Taken together with a recent opinion by the official EU "Article 29" working group on the concepts of "controller" and "processor" under the EU Data Protection Directive, this development suggests that it is time to review arrangements for business process outsourcing, software as a service (SaaS), cloud computing, and even interaffiliate support services, when they involve storing or processing personal data from Europe in the United States, India, and other common outsourcing locations.
Accountability, Act, and, Breach, breach notification, brokers, Congress, data, Data Accountability and Trust Act, Data Privacy Law or Regulation, data security, H-R-2221, information, information brokers, Law, notification, or, privacy, Regulation, Security, Trust
The Breach Notification Obligations in the Data Accountability and Trust Act
By InfoLawGroup LLP on February 22, 2010
201 CMR 17-00, AES, anonymity, behavioral advertising, breach notification, California, cloud computing, contracts, DPA, Eavesdropping, encryption, EU Data Protection Directive, GLBA, HIPAA, HITECH, IAPP, Kearney, Massachusetts, personally identifiable information, pii, RFID, social networking, spam, SSN, TCPA, telemarketing, text messages, UK ICO, VPPA
Celebrating Data Privacy from A to Z
By InfoLawGroup LLP on January 28, 2010
In honor of Data Privacy Day and its spirit of education, I thought it might be appropriate (and fun) to celebrate some (but certainly not all) of the A, B, Cs of Data Privacy. Would love to see your contributions, too!
breach notification, Congress, Data Accountability and Trust Act, data brokers, data security, H-R-2221, information brokers, Security, WISP
House Passes Data Accountability and Trust Act (DATA)
By InfoLawGroup LLP on December 10, 2009
210 CMR 17-00, breach notification, creditors, driver's license, FACTA, Fair Credit Reporting Act, FCRA, financial account, FIPS, FTC, generally accepted, health information, HIPAA, HITECH, key management, laptops, Massachusetts, medical data, Nevada, payment card, Payment Card Industry Digital Security Standard, PCI DSS, portable devices, public networks, Red Flags, Red Flags Rule, Security, social security number, SSN, wireless
Code or Clear? Encryption Requirements (Part 2)
By W. Scott Blackmer on October 01, 2009
In the last post, I talked about the role of encryption in fashioning a "reasonable" security plan for sensitive personal information and other protected data routinely collected, stored, and used by an enterprise. But lawmakers and regulators are getting more specific about using encryption and managing data that is risky from an ID-theft perspective. Here are some leading examples of this trend.
Binding Corporate Rules, breach notification, EU Data Protection Directive, Gramm-Leach-Bliley, HIPAA, model contracts, privacy, Safe Harbor
Legal Implications of Cloud Computing -- Part Two (Privacy and the Cloud)
By InfoLawGroup LLP on September 30, 2009
Last month we posted some basics on cloud computing designed to provide some context and identify the legal issues. What is the cloud? Why is everyone in the tech community talking about it? Why do we as lawyers even care? Dave provided a few things for our readers to think about -- privacy, security, e-discovery. Now let's dig a little deeper. I am going to start with privacy and cross-border data transfers. Is there privacy in the cloud? What are the privacy laws to keep in mind? What are an organization's compliance obligations? As with so many issues in the privacy space, the answer begins with one key principle -- location, location, location.
