Archives: Information Security

Subscribe to Information Security RSS Feed

FCC Cites Lyft Inc. and First National Bank Corp. for TCPA Violations

On September 11, 2015, the Federal Communications Commission (“FCC”) announced that Lyft Inc. (“Lyft”) and First National Bank Corporation (“FNB”) violated the Telephone Consumer Protection Act (“TCPA”) by forcing their users to consent to receive automated text messages as a condition of using their services. The FCC warned that these violations could result in fines … Continue Reading

SEC Announces Settlement Order and Publishes Investor Alert

On September 22, 2015, the Securities and Exchange Commission announced a settlement order with an investment adviser for failing to establish cybersecurity policies and procedures, and published an investor alert entitled Identity Theft, Data Breaches, and Your Investment Accounts.… Continue Reading

ICO to Investigate Data Sharing for Marketing by UK Charities

On September 2, 2015, the Information Commissioner’s Office announced an investigation into the data sharing practices of charities in the United Kingdom. The announcement follows the publication of an article in a UK newspaper highlighting the data sharing and marketing practices of certain charities.… Continue Reading

Neiman Marcus Seeks En Banc Review

On August 3, 2015, Neiman Marcus requested en banc review of the Seventh Circuit’s recent decision in Remijas v. Neiman Marcus Group, LLC. The Seventh Circuit found that members of a putative class alleged sufficient facts to establish standing to sue Neiman Marcus following a 2013 data breach.… Continue Reading

States Writing Biometric-Capture Laws May Look to Illinois

Recent class actions filed against Facebook and Shutterfly are the first cases to test an Illinois law that requires consent before biometric information may be captured for commercial purposes. Although the cases focus on biometric capture activities primarily in the social-media realm, these cases and the Illinois law at issue have ramifications for any business … Continue Reading

Connecticut Passes New Data Protection Measures into Law

On July 1, 2015, Connecticut's governor signed into law Public Act No. 15-142, An Act Improving Data Security and Agency Effectiveness, that amends and updates the state's data breach notification law and imposes certain data security requirements on health insurers and state contractors.… Continue Reading

Indonesia Publishes Proposed Data Protection Rule

On July 14, 2015, pursuant to an implementation requirement of Government Regulation 82 of 2012, the Indonesian government published the Draft Regulation of the Minister of Communication and Information (RPM) of the Protection of Personal Data in Electronic Systems. The government provided a 10-day comment period for the proposal.… Continue Reading

NTIA Announces Cybersecurity Stakeholder Meeting

On July 9, 2015, the National Telecommunications and Information Administration announced the launch of its first cybersecurity multistakeholder process, in which representatives from across the security and technology industries will meet in September to discuss vulnerability research disclosure.… Continue Reading

Article 29 Working Party Issues Opinion on Drones

On June 16, 2015, the Article 29 Working Party adopted an Opinion on Privacy and Data Protection Issues relating to the Utilization of Drones. This blog entry contains highlights of the Opinion, which provides guidance on the application of data protection rules to the manufacture and use of drones.… Continue Reading

FTC Launches Data Security Initiative

On June 30, 2015, the Federal Trade Commission announced its new "Start With Security" initiative, which will provide businesses with information on data security and how to protect consumer information.… Continue Reading

PCI Security Standards Council Releases Enhanced Validation Requirements for Designated Entities as PCI DSS Version 3.0 Set to Retire

The PCI Security Standards Council recently published a set of enhanced validation procedures designed to provide greater assurance that certain entities are maintaining compliance with the PCI Data Security Standard effectively and on a continuing basis. In addition, on July 1, 2015, PCI Data Security Standard Version 3.0 is being retired and the controls previously designated by Version 3.0 as best practices will become mandatory.… Continue Reading

Florida Passes Drone Surveillance Bill Requiring Individual Consent

On April 28, 2015, the Florida House of Representatives passed a bill (SB 766) that prohibits businesses and government agencies from using drones to conduct surveillance by capturing images of private real property or individuals on such property without valid written consent under circumstances where a reasonable expectation of privacy exists.… Continue Reading

Data Security Act Introduced in New York State Assembly

On April 8, 2015, a New York Assemblyman introduced the Data Security Act in the New York State Assembly that would require New York businesses to implement and maintain information security safeguards. The Data Security Act also expands the scope of New York’s breach notification law.… Continue Reading

Privacy Group Requests D.C. Circuit Review Regarding Lack of Privacy Rules in the FAA’s Proposed Drone Regulations

On March 31, 2015, the Electronic Privacy Information Center (“EPIC”) filed a petition (the “Petition”) with the U.S. Court of Appeals for the District of Columbia Circuit accusing the Department of Transportation’s Federal Aviation Administration (“FAA”) of unlawfully failing to include privacy rules in the FAA’s proposed framework of regulations for unmanned aircraft systems (“UAS”), … Continue Reading