Children’s Privacy, COPPA, Data Privacy, Regulation, E-Commerce, In The News, Information Security
2018 leaves us with the largest COPPA settlement to date, so what may be in store for 2019?
By Mindy Abern on December 31, 2018
California, CCPA, Children’s Privacy, consumer, De-Identified Information, personal information, privacy, Regulation
The New CA Consumer Privacy Act: Don’t Panic (Yet)
By Justine Young Gottshall on July 02, 2018
Colorado, data privacy, Hearing, Info Law Group, InfoLawGroup, information law group, InformationLawGroup, Nicole Friess, personal information, privacy, privacy legislation, privacy rule, public utilities commission, smart grid, SmartGrid
Colorado PUC Holds Hearing on Smart Grid Privacy Rules
By InfoLawGroup LLP on October 18, 2011
Blumethal, Breach, data security, InfoLawGroup, information law group, information security, Personal Data Protection and Breach Accountability Act, privacy, privacy legislation, Segalis
We Discuss Benefits of Federal Information Security Legislation on Fox
By InfoLawGroup LLP on September 14, 2011
Earlier this week we blogged about Senator Blumenthal's (D-CT) proposed Personal Data Protection and Breach Accountability Act of 2011. Today, InfoLawGroup partner Boris Segalis spoke on Fox Live about the advantages of federal information security legislation.
California, children, data mining, First Amendment, health information, Info Law Group, InfoLawGroup, information law group, InformationLawGroup, Nicole Friess, pharmaceutical companies, privacy, privacy legislation, Supreme Court, Vermont, video games
Supreme Court Pro-Business and First Amendment - Targeted Regulations in Trouble
By InfoLawGroup LLP on June 28, 2011
access, Boris Segalis, Health Care, health information, HHS, HITECH, InfoLawGroup, information law group, InformationLawGroup, Nicole Friess, NPRM, privacy, privacy rule, protected health information, Regulation, Security, security rule
Changes to HIPAA Privacy Rule Proposed by HHS - Find Out Who Has Accessed Your Health Records
By InfoLawGroup LLP on June 01, 2011
Boris Segalis, data protection, data security, FIPPs, InfoLawGroup, information law group, Korea, personal information, Personal Information Protection Act, PIPA, privacy, privacy legislation
Personal Data Protections Expand in Korea
By InfoLawGroup LLP on May 18, 2011
Mr. Kwang Hyun Ryoo, a partner at the Korean law firm of Bae, Kim & Lee LLC, is reporting in the firm's newsletter that on March 29, 2011, Korea enacted a comprehensive personal data protection law, entitled Personal Information Protection Act (PIPA). Most of the act's provisions will come into force on September 30, 2011.
Apple, Apps, Commission, data, Data Privacy Law or Regulation, Department, Department of Justice, Devices, DOJ, Federal, Federal Trade Commission, Franken, FTC, Google, group, Hearing, InfoLawGroup, information, information law group, InformationLawGroup, Justice, Law, Leahy, Legislation, location, location data, location tracking, Mobile, Mobile Devices, of, or, privacy, privacy legislation, Regulation, Senate, smartphones, tracking, Trade, wifi
Senate Subcommittee Holds Hearing on Mobile Privacy
By InfoLawGroup LLP on May 09, 2011
2011, Act, advertising, Behavioral, behavioral advertising, bill, Commercial, Commercial Privacy Bill of Rights Act of 2011, data, Data Privacy Law or Regulation, FTC, group, identifiable, InfoLawGroup, information, information law group, InformationLawGroup, Kerry, Law, Legislation, McCain, of, or, personally, personally identifiable information, pii, privacy, privacy bill of rights, privacy enforcement, privacy legislation, Regulation, rights, Senate
Kerry Releases Draft of "Privacy Bill of Rights"
By InfoLawGroup LLP on March 25, 2011
Boris Segalis, data protection, Electric Utility Data Protection Act, InfoLawGroup, information law group, InformationLawGroup, Oklahoma, personal information, privacy law, privacy legislation, smart grid, SmartGrid
Oklahoma State House Passes Smart Grid Privacy Bill
By InfoLawGroup LLP on March 23, 2011
On March 18, 2011, the Oklahoma State House passed the Electric Utility Data Protection Act (House Bill 1079). The state's Senate will consider the bill next.The Act seeks to establish standards to govern the use and disclosure of electric utility usage data (including personal information) by electric utilities, customers of electric utilities and third parties. The Act also requires electric utility companies to maintain the confidentiality of customer data and allow customers to access the data. State Rep. Scott Martin noted that customers will see energy savings from the Smart Grid, but are vulnerable to potential access of their data by third parties. "This legislation should ensure customers can reap the many benefits of this new system without having to fear someone getting access to their data without permission," said Martin. The legislation is said to have the support of the Oklahoma Gas & Electric Company, which has already converted 100,000 standard meters to smart meters in the state and plans to install 800,000 smart meters in the next two years.
behavioral advertising, Department of Commerce, Do Not Track, FTC, Hearing, InfoLawGroup, information law group, InformationLawGroup, Leibowitz, privacy, privacy enforcement, privacy legislation, Senate
Senate Committee Holds Hearing on the State of Online Consumer Privacy
By InfoLawGroup LLP on March 16, 2011
best practices, bill, Colorado, Gross Negligence, HB 11-1225, negligence, Pabon, Regulation, Security
A Novel Data Security Law Proposed in Colorado
By InfoLawGroup LLP on February 24, 2011
Over the past couple years, many predicted that new state laws would follow the lead of states like Nevada and Massachusetts, and some anticipated we could see a situation where 50 different privacy/security laws across the country. Now it looks like we are beginning to see some renewed activity on the state level. In Hawaii we have a proposed bill that would require breached entities to provide credit monitoring and call center services to impacted individuals. In my home state, Colorado, a legislator (Dan Pabon) has proposed a novel bill that takes a new approach to incentivizing companies to implement good security. In this post, we take a look at the highlights of the Colorado bill.
bill, consent, data accuracy, data integrity, data security, notice, privacy, privacy notice, Regulation, Security, security measures
FAQ on the "BEST PRACTICES Act" - Part One
By InfoLawGroup LLP on July 22, 2010
Congressman Bobby Rush has introduced a new data privacy bill to Congress known as the "Building Effective Strategies to Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards" Act (a.k.a. "BEST PRACTICES Act" or "Act").We have put together a summary of the Act in "FAQ" format. In Part One we look at some of the key definitions, requirements concerning transparency, notice and individual choice, mandates around accuracy, access and dispute resolution, and finally data security and data minimization requirements under the Act. Part Two will focus on the "Safe Harbor" outlined in the Act, various exemptions for deidentified information, and provisions concerning the application and enforcement of the Act.
health information, HHS, HIPAA, HITECH, privacy, Regulation, Security
InfoLaw Alert: HHS Issues Proposed Mofications to HIPAA Security and Privacy Rules
By InfoLawGroup LLP on July 08, 2010
banking, fraud, HIPAA, Mexico, privacy, reasonable, reasonable security, Regulation, Security
Quickhits: Dog Days of Summer Edition
By InfoLawGroup LLP on July 08, 2010
assessment, audit, Breach, breach notice, Cloud, cloud computing, Computing, contracting, contracts, Contracts Breach, forensics, incident, incident response, liability, notice, privacy, provider, Regulation, response, schedule, Security, security assessment, security breach, security schedule, service, service provider, service provider liability
What's in Google's SaaS Contract with the City of Los Angeles? Part Three.
By InfoLawGroup LLP on June 23, 2010
This blogpost is the third (and final) in our series analyzing the terms of Google's and Computer Science Corporation's ("CSC") cloud contracts with the City of Los Angeles. In Part One, we looked at the information security, privacy and confidentiality obligations Google and CSC agreed to. In Part Two, the focus was on terms related to compliance with privacy and security laws, audit and enforcement of security obligations, incident response, and geographic processing limitations, and termination rights under the contracts. In Part Three, we analyze what might be the most important data security/privacy-related terms of a Cloud contract (or any contract for that matter), the risk of loss terms. This is a very long post looking at very complex and interrelated contract terms. If you have any questions feel free to email me at dnavetta@infolawgroup.com
Breach, breach notice, California, fines and penalties, legal defensibility, medical data, notification, Regulation
California Department of Public Health Breach Fines and Legally Defensible Security
By InfoLawGroup LLP on June 17, 2010
audit, Breach, breach notice, Cloud, contracting, contracts, forensics, incident response, privacy, Regulation, Security, security assessment, security breach, security schedule, service provider, service provider liability
What's in Google's SaaS Contract with the City of Los Angeles? Part Two.
By InfoLawGroup LLP on June 03, 2010
Cloud, Department of Commerce, jurisdiction, PET, privacy, privacy enhancing technologies, Regulation, self-regulatory, standards, transborder data flows
Observations on the Dept. of Commerce's Privacy Inquiry
By InfoLawGroup LLP on April 29, 2010
Breach, data security, HB 1149, notification, PCI DSS, plastic card security act, Regulation
FAQ on Washington State's PCI Law
By InfoLawGroup LLP on March 24, 2010
