Author Archives: Data Privacy and Security

At FTC’s ransomware workshop, FBI says: Don’t pay

IAPP New Logo 1209 FINAL The first in its fall technology series, the FTC held a public workshop [September 7, 2016] on ransomware. According to experts on hand for the event, ransomware is the most profitable malware type in history. FTC Chairwoman Edith Ramirez said not only is it prevalent and dangerous, there are challenges associated with thwarting it, including its rapid proliferation, the many vectors of attack and the vast array of harms. It’s an issue of interest to the FTC in its pursuit to protect consumers, but also …

Continue Reading....

Connecticut Supreme Court Makes Significant Ruling in Data Breach Case

The Connecticut Supreme Court made a very significant ruling yesterday in Recall Total Information Management, Inc. v. Federal Insurance Co., adopting wholesale the Appellate Court’s well-reasoned ruling that an insured’s loss of sensitive records, without more, does not constitute a “publication” of material that violates a person’s right of privacy. Notably, the Appellate Court held that absent proof of an unauthorized third party’s access to the personal identification information, the “publication” element of the Privacy Offense (under the definition of “personal and advertising injury”…

Continue Reading....

“Anatomy of a Data Breach”

Blog contributor James M. Paulino II recently co-authored an article in DRI’s For the Defense. The article, “Anatomy of a Data Breach,” takes a look at fundamental concepts on both the technical and legal sides of the issue of cybersecurity to help companies and their counsel face the growing threat of data breaches head-on. “As the stage is set for the first major debate over federal legislation, two basic issues emerge for attorneys and clients alike. First and foremost, what exactly is a data…

Continue Reading....

NY Dept. of Financial Services Requests Detailed Cyber Security Reports From Insurers

Cyber security is clearly one of the highest priorities — if not the top concern — for regulators in 2015. Late last month, the New York Department of Financial Services (DFS) sent more than 160 licensed insurers a New York Insurance Law Section 308 Letter seeking a detailed report regarding their cyber security practices and procedures. The Section 308 Letter — to which there is now less than three weeks to respond — also provides greater insight into the scope of cyber security examinations that…

Continue Reading....

Lawsuits Follow College’s Untimely Notifications – Can’t Blame the Dog…

Last year, the Maricopa County Community College District suffered a data breach in April, but waited until November before advising former students and employees that their academic and/or personal data may have been compromised.  Approximately 2.4 million people were impacted by this breach, or roughly the population of Pittsburgh, Pennsylvania.  Among the data that may have been breached were social security numbers, dates of birth, and bank account numbers. Recently, a current student of Phoenix College sued the College District in Maricopa County Court, making…

Continue Reading....

More Credit Card Security On the Way

There has been a spike in the number of reported credit card breaches in recent days, including the most well-known of them all, Target, which led to the eventual resignation of its Chief Information Officer. Now, the California Department of Motor Vehicles has reportedly experienced a possible breach of its online payment system. It has become clear that the current security measures are insufficient to protect consumers and the corporate entities catering to the credit card consumer. In this regard, both Visa and MasterCard have…

Continue Reading....