Category: Cybersecurity Law

May 8, 2018

FTC Focuses on Kids’ Geo-Location Devices in Latest COPPA Warnings

A public service announcement of yesteryear posed the following question to parents: “It’s 8:00. Do you know where your children are?” Today’s technology allows parents to answer that question regardless of the time of day. That technology, however, has recently drawn scrutiny for violating the parental notice and consent provisions of the Federal Trade Commission’s… Read More

March 2, 2018

SEC’s Updated Cybersecurity Disclosure Guidelines Leave Questions Unanswered

As previewed in our previous post, the United States Securities and Exchange Commission (“SEC”) unanimously approved new cybersecurity interpretive guidance—a format used to clarify the SEC’s views on security laws and regulations—on Wednesday of last week. The guidelines make no mention of how they affect and interplay with other regulators’ data privacy requirements, so whether… Read More

October 4, 2017

Customer Data Collection: GDPR Changes Everything.

Beginning on May 25, 2018, companies which process the personal data of European Union residents will be expected to comply with the General Data Protection Regulation, or GDPR. Even companies located in the United States are subject to this regulation, and violating its terms may result in class actions and hefty fines. If your company… Read More

January 4, 2017

Can Your Pacemaker Be Hacked?

Tom Kellermann, CEO of Strategic Cyber Ventures guest co-authored this post. A famous Homeland episode involved a terrorist gaining access to the Vice-President’s pacemaker.  Accessing medical devices to wreak havoc was one of the motivations behind certain provisions of the Digital Millennium Copyright Act (aka the DMCA).  The DMCA makes it “illegal to circumvent technological… Read More

November 10, 2016

How The FTC Guides Businesses Through Data Breaches

The Federal Trade Commission (“FTC”) recently released a data breach guide for businesses, along with a video and blog to help companies following the immediate aftermath of a data breach.  The FTC also provides a model data breach letter to notify individuals of a breach.  The agency – which views itself as the nation’s primary… Read More

May 19, 2016

Data Breach Lawsuits: Challenges Persist After Spokeo v. Robins

Data breaches are as common as the common cold—unfortunately, just as incurable. Run a news search on “data breaches” and you’ll find that all kinds of institutions—major retailers, tech companies, universities, even government agencies—have been vulnerable at some point. Now run a search on “data breaches,” but include the word “lawsuit.” You’ll find that many… Read More

April 20, 2016

Judge Flunks Case Against LabMD, FTC Appeals

In March 2015, I wrote about the ongoing dispute between the FTC and LabMD, an Atlanta-based cancer screening laboratory, and looked at whether the FTC has the authority to take enforcement action over data-security practices alleged to be insufficient and therefore “unfair” under section 5(n) of the Federal Trade Commission Act (“FTCA”). On November 13,… Read More

July 9, 2015

State Attorneys General Tell Congress: “Back-Off Our Data Breach Authority”

  Every week, we learn about new data breaches affecting consumers across the country. Federal government workers and retirees recently received the unsettling news that a breach compromised their personal information, including social security numbers, job history, pay, race, and benefits. Amid a host of other public relations issues, the Trump organization recently discovered a potential… Read More