Archives: Information Security

Subscribe to Information Security RSS Feed

Neiman Marcus Seeks En Banc Review

On August 3, 2015, Neiman Marcus requested en banc review of the Seventh Circuit’s recent decision in Remijas v. Neiman Marcus Group, LLC. The Seventh Circuit found that members of a putative class alleged sufficient facts to establish standing to sue Neiman Marcus following a 2013 data breach.… Continue Reading

States Writing Biometric-Capture Laws May Look to Illinois

Recent class actions filed against Facebook and Shutterfly are the first cases to test an Illinois law that requires consent before biometric information may be captured for commercial purposes. Although the cases focus on biometric capture activities primarily in the social-media realm, these cases and the Illinois law at issue have ramifications for any business … Continue Reading

Connecticut Passes New Data Protection Measures into Law

On July 1, 2015, Connecticut's governor signed into law Public Act No. 15-142, An Act Improving Data Security and Agency Effectiveness, that amends and updates the state's data breach notification law and imposes certain data security requirements on health insurers and state contractors.… Continue Reading

Indonesia Publishes Proposed Data Protection Rule

On July 14, 2015, pursuant to an implementation requirement of Government Regulation 82 of 2012, the Indonesian government published the Draft Regulation of the Minister of Communication and Information (RPM) of the Protection of Personal Data in Electronic Systems. The government provided a 10-day comment period for the proposal.… Continue Reading

NTIA Announces Cybersecurity Stakeholder Meeting

On July 9, 2015, the National Telecommunications and Information Administration announced the launch of its first cybersecurity multistakeholder process, in which representatives from across the security and technology industries will meet in September to discuss vulnerability research disclosure.… Continue Reading

Article 29 Working Party Issues Opinion on Drones

On June 16, 2015, the Article 29 Working Party adopted an Opinion on Privacy and Data Protection Issues relating to the Utilization of Drones. This blog entry contains highlights of the Opinion, which provides guidance on the application of data protection rules to the manufacture and use of drones.… Continue Reading

FTC Launches Data Security Initiative

On June 30, 2015, the Federal Trade Commission announced its new "Start With Security" initiative, which will provide businesses with information on data security and how to protect consumer information.… Continue Reading

PCI Security Standards Council Releases Enhanced Validation Requirements for Designated Entities as PCI DSS Version 3.0 Set to Retire

The PCI Security Standards Council recently published a set of enhanced validation procedures designed to provide greater assurance that certain entities are maintaining compliance with the PCI Data Security Standard effectively and on a continuing basis. In addition, on July 1, 2015, PCI Data Security Standard Version 3.0 is being retired and the controls previously designated by Version 3.0 as best practices will become mandatory.… Continue Reading

Florida Passes Drone Surveillance Bill Requiring Individual Consent

On April 28, 2015, the Florida House of Representatives passed a bill (SB 766) that prohibits businesses and government agencies from using drones to conduct surveillance by capturing images of private real property or individuals on such property without valid written consent under circumstances where a reasonable expectation of privacy exists.… Continue Reading

Data Security Act Introduced in New York State Assembly

On April 8, 2015, a New York Assemblyman introduced the Data Security Act in the New York State Assembly that would require New York businesses to implement and maintain information security safeguards. The Data Security Act also expands the scope of New York’s breach notification law.… Continue Reading

Privacy Group Requests D.C. Circuit Review Regarding Lack of Privacy Rules in the FAA’s Proposed Drone Regulations

On March 31, 2015, the Electronic Privacy Information Center (“EPIC”) filed a petition (the “Petition”) with the U.S. Court of Appeals for the District of Columbia Circuit accusing the Department of Transportation’s Federal Aviation Administration (“FAA”) of unlawfully failing to include privacy rules in the FAA’s proposed framework of regulations for unmanned aircraft systems (“UAS”), … Continue Reading

FTC Reaches Settlement in First Enforcement Action Against a Retail Tracking Company

On April 23, 2015, the Federal Trade Commission announced that Nomi Technologies has agreed to settle charges stemming from allegations that the company misled consumers with respect to their ability to opt out of the company's mobile device tracking service at retail locations. The settlement marks the FTC's first Section 5 enforcement action against a company that provides tracking services at retailers.… Continue Reading

FCC Joins Asia Pacific Privacy Forum

On April 15, 2015, the Federal Communications Commission announced that it has joined the Asia Pacific Privacy Authorities, the principal forum for privacy authorities in the Asia-Pacific Region.… Continue Reading
LexBlog