There is Still Hope for Federal Privacy Legislation, but it May be Delayed

Highly-publicized data breaches and frequent scandals involving the collection and sale of personal data have made online privacy a bipartisan issue. Lawmakers have proposed a number of solutions. One of those proposals is a bill to create rules governing online privacy, headed by Democratic Senators Richard Blumenthal, Brian Schatz, and Maria Cantwell, and Republican Senators Jerry Moran, Roger Wicker, and John Thune. Republicans evidently hope to complete a draft of the bill by the end of May so it can be introduced, debated, and voted… Continue Reading

Citrix Falls Victim to Password Spraying Attack

On March 6, the FBI alerted Citrix that cyber criminals accessed at least six terabytes of data stored on its servers. The data theft is particularly concerning because Citrix’s products and services are used by the vast majority of Fortune 500 companies, as well as by governments and militaries. The company, however, states that there is no indication that the security of any Citrix product or service was compromised in the attack. The hackers likely used a technique called password spraying to gain access. Password spraying is the… Continue Reading

Data Privacy Best Practices on Data Privacy Day

Data Privacy Day is the perfect time to make sure that you – and your company’s employees – are practices data privacy best practices.  We’ve put together a list if best practices to keep your data secure:
  • Develop a data protection plan, including privacy policies, terms of use for online devices, data breach plans, and an assessment of your company’s current cybersecurity practices and weaknesses. 
  • Keep software up to date.  This might seem obvious, but it’s a surprisingly common pratfall.  This includes not
Continue Reading

TSA Releases Cybersecurity Roadmap to Guard Against Evolving Cyber Threats

The Transportation Security Agency (TSA) has released its first Cybersecurity Roadmap to prioritize cybersecurity measures within the TSA and the nation’s transportation system, the Transportation Systems Sector (TSS). The TSA’ Cybersecurity Roadmap closely aligns with the more general DHS Cybersecurity Strategy published earlier this year. The roadmap notes that TSA’s mission responsibilities include: (1) securing its own networks, and (2) working with its partners and TSS stakeholders, in coordination with the Department of Homeland Security (DHS), to secure its cyberspace. In order to ensure cybersecurity… Continue Reading

Congress Continues to Grapple with Election Interference

The Secure Elections Act may be back on the table once again. The bipartisan bill was introduced “to protect the administration of Federal elections against cybersecurity Threats.” In large part, the bill was intended to combat concerns that Russia and other state and private actors could exploit vulnerabilities in backend election systems, including voter registration databases, ballot creation systems, voting machine configuration systems, absentee processing and reporting and tabulation software. The bill’s sponsors hope to pass a version of the bill in time to… Continue Reading

Embracing Data Security Can Avoid Penalties, and Gain Consumer Trust

The European Union’s (EU) General Data Protection Regulation (GDPR) is now in force, governing data protection and privacy for all individuals within the EU. Attorneys in Goldberg Segalla’s Cybersecurity and Data Privacy Group compiled a white paper to answer frequently asked questions and offer practical guidance related to the GDPR, which can be found here. Multinational firms based in the US with a presence in the EU, including restaurant chains, have (or should have) implemented policies to comply with the GDPR, and avoid the… Continue Reading

Should American Companies Be Worried About Security Risks Posed By Chinese Telecoms?

Members of Congress from both sides of the aisle recently wrote a letter to Google to express “concerns” about its strategic partnership with Chinese telecommunications companies such as Huawei Technologies, based on security risks related to state-sponsored espionage. As noted by the lawmakers, the heads of the CIA, NSA, FBI, and Defense Intelligence Agency have voiced similar concerns that smartphones made by China’s two largest manufacturers, Hauwei and ZTE., pose a security threat to American customers.  Moreover, the UK’s National Cyber Security Centre found that… Continue Reading

FTC Settles False Representation Claim Against Mobile Phone Manufacturer

The Federal Trade Commission (FTC) has settled with BLU Products, Inc. over allegations that the unlocked mobile phone manufacturer allowed a third-party provider to collect detailed personal information about its consumers without their knowledge or consent. In 2016, BLU Products admitted that a third-party app called “Wireless Update” has been “collecting unauthorized personal data in the form of text messages, call logs and contacts from customers” on some devices. The FTC alleged that BLU Products, its co-owner, and president falsely claimed that only information needed… Continue Reading

Facebook Faces a Bombardment of Lawsuits Over Handling of Personal Information

Facebook is facing yet another class action lawsuit in the wake of the well-publicized Cambridge Analytica scandal. The lawsuit, filed in the Northern District of California near the company’s Menlo Park headquarters, follows close on the heels of Facebook’s admission that the personal information of a large number of its users was collected via a personality quiz app named “This is Your Digital Life” and shared with Cambridge Analytica. The app harvested the personal information of not only those who used it, but also millions… Continue Reading