Insights < BACK TO ALL INSIGHTS
Data Privacy and Cybersecurity Posts
Basic Data Privacy Hygiene and AI: Do What You Say and Say What You Do
Apr 10, 2023
Basic Data Privacy Hygiene and AI: Do What You Say and Say What You Do
Our Privacy Team has been saying this for years –Do What You Say and Say What You Do.[1] It’s an enduring maxim and an important basic step that companies need to embrace in their data collection practices. It also fits in neatly with the concepts of Notice and Consent, which are the hallmarks of almost…
Former Uber Security Chief Convicted of Federal Charges Stemming From 2016 Extortionate Data Breach
Oct 28, 2022
Former Uber Security Chief Convicted of Federal Charges Stemming From 2016 Extortionate Data Breach
Uber’s former Chief Security Officer, Joe Sullivan, was convicted of two federal charges—obstruction of justice and misprision of a felony—for his role in covering up an extortionate data breach in 2016, which compromised more than 50 million personal records of Uber drivers and passengers, while the Federal Trade Commission (“FTC”) was probing Uber’s privacy protections. …
Schrems II Screams: CJEU Decision Puts Companies in Tailspin Over EU-US Data Transfers
Jul 17, 2020
Schrems II Screams: CJEU Decision Puts Companies in Tailspin Over EU-US Data Transfers
The privacy world is abuzz about the European Court of Justice’s July 16, 2020 decision in Schrems II: Europe’s highest court invalidated the EU-US Privacy Shield framework. The Privacy Shield provides a streamlined mechanism to facilitate personal data transfers from Europe to the U.S. It was implemented in 2016 following the invalidation of an earlier…
Failure to Certify: Companies That Falsely Claim They Are Privacy Shield Certified or Let Their Certification Lapse Face Enforcement Action.
Apr 8, 2020
Failure to Certify: Companies That Falsely Claim They Are Privacy Shield Certified or Let Their Certification Lapse Face Enforcement Action.
Does your company’s privacy policy include a claim that it is Privacy-Shield certified? If so, you should ensure that it is, in fact, certified and that the certification has not lapsed. Failures in this area are low-hanging fruit for government enforcement actions. A little background on the Privacy Shield Framework. The U.S. Privacy Shield framework…
Privacy Pointers for Employees of the Teleworking World
Mar 26, 2020
Privacy Pointers for Employees of the Teleworking World
Work got a lot more personal when it moved in with my family. For people used to keeping a healthy divide between their business and personal lives, the new telework dynamic can be particularly stressful. That “healthy divide” can crumble under the weight of quarantine as tiny voices (kids and pets) infiltrate teleconference and video…
Telework: Businesses Need Smart Practices ASAP to Reduce the Threat of Data Security Incidents. Here’s the Quick and Dirty of Smart Practices
Mar 25, 2020
Telework: Businesses Need Smart Practices ASAP to Reduce the Threat of Data Security Incidents. Here’s the Quick and Dirty of Smart Practices
COVID19 is not the only viral threat we face these days. Malware is a very real vulnerability for businesses large and small, among a host of other data security threats. We have rapidly transitioned to telework. For many (perhaps most) businesses, that transition took place without a clear inventory of hardware leaving the office and…
Allowances Made for COVID-19 Don’t Mean Telehealth Providers and Employers Can Share Protected Information Without Consequences
Mar 23, 2020
Allowances Made for COVID-19 Don’t Mean Telehealth Providers and Employers Can Share Protected Information Without Consequences
COVID-19 has become a pervasive concern for everyone. Older Americans are particularly susceptible to contracting COVID-19. On March 17th, the Trump Administration and the Department of Health and Human Services (HHS) announced the expansion of Medicare beneficiaries’ access to telehealth services during the COVID-19 outbreak. Importantly, the HHS Office for Civil Rights (OCR) announced it…
Data Control of the People, by the People, for the People…
Nov 22, 2019
Data Control of the People, by the People, for the People…
Can the free market weigh in on data privacy and further data privacy rights in way that the law cannot? Can the free market put control over people’s data back in individuals’ hands? Many of us have been waiting for a market solution to address the privacy of personal data. As attorneys, we know from…
Equifax Settlement Teaches The Dos and Dont’s About Data Security
Jul 22, 2019
Equifax Settlement Teaches The Dos and Dont’s About Data Security
It’s been a busy summer for the FTC and the federal agency is dominating the headlines. There is the $5 billion settlement with Facebook for failing to better protect user privacy, which was announced earlier this month. Then there is the multimillion dollar settlement with Google for failing to adequately protect children’s privacy. That was…
The Data Breach Legal Limbo on Consumers’ Ability to Sue Hacked Companies
Jan 16, 2018
The Data Breach Legal Limbo on Consumers’ Ability to Sue Hacked Companies
The first of the year is a good time to make assessments, resolutions and predictions. We have some recommendations for companies that store and process consumer data: It is a good time to assess the strength of your data security measures and resolve to meet industry standards where you fall behind, because we predict continued…