Archives: Security Breaches

Subscribe to Security Breaches RSS Feed

New Data Breach Notification Law in Nebraska

Written by Anne Kierig An amendment to Nebraska’s data breach notification law, signed by the Governor earlier this month and effective July 20, 2016, makes key changes to the state’s notification regime.  First, the law expands the definition of “personal information” to include “a user name or email address, in combination with a password or … Continue Reading

Seventh Circuit: victims of data breaches have Article III standing to litigate class action lawsuits

By Amanda Fitzsimmons, Jim Halpert and Chelsea Mutual To date, an overwhelming majority of courts have dismissed data breach consumer class actions at the outset due to a lack of cognizable injury-in-fact, an essential element for standing under Article III of the US Constitution. In Remijas v. Neiman Marcus Group, a decision issued Monday, a … Continue Reading

FTC Announces “Start with Security” Business Education Initiative; Issues Security Guidelines to Businesses

The Federal Trade Commission (“FTC”) has launched a new initiative, dubbed “Start with Security,” which is focused on assisting businesses in developing greater security to protect consumers’ personal information. To kick off the initiative, the FTC issued Protecting Personal Information:  A Guide for Business, which is based on the lessons learned from the approximately fifty (50) … Continue Reading

BlackEnergy Malware Highlights Special Confidentiality Considerations in Critical Infrastructure Breach Investigations

Written by Aravind Swaminathan and Stephen Hsieh On October 29, 2014, Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (“ICS-CERT”) published an important alert regarding a particularly destructive advanced persistent threat (“APT”) malware called BlackEnergy that can be used to damage, modify, or disrupt industrial control systems (https://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-281-01A).  BlackEnergy is a malware … Continue Reading

BELGIUM: Belgian government’s new focus on privacy and technology laws

By Patrick Van Eecke and Antoon Dierick Almost five months after federal parliamentary elections took place, the negotiators from the four political parties around the negotiating table (Flemish parties NVA, CD&V and Open VLD and Walloon party MR) reached a coalition agreement which contains quite a few interesting policy initiatives from a privacy and IT … Continue Reading

So You Think You Have a Point of Sale Terminal Problem?

Written by Tara Swaminatha and Aravind Swaminathan If your company has a Point of Sale (POS) terminal anywhere in its infrastructure, you are no doubt aware from the active media coverage that malware attacks have been plaguing POS systems across the country. Just within the past week, the New York Times has reported that: Companies … Continue Reading

HACKERS STEAL 1.2 BILLION PASSWORDS – 4 STEPS TO TAKE NOW

Written by Aravind Swaminathan and Tara McGraw Swaminatha The New York Times reported this week that an organized Russian criminal group stole approximately 1.2 billion user name and password credentials associated with more than 500 million email addresses from hundreds of thousands of websites around the world. The article notes that the hackers used a … Continue Reading

FCA guidance for firms thinking of using third-party technology (off-the-shelf) banking solutions

Written by Nichola Prescott, Associate, London The Financial Conduct Authority has published a document setting out a list of points for financial services firms to consider when preparing for and evaluating third-party technology banking solutions. Where a third-party provides services which are critical to a regulated firm’s business operation, it will be considered an outsource … Continue Reading

Florida Information Protection Act of 2014 Goes Into Effect; Regulator Notification Required

Effective July 1, 2014, Florida has repealed its existing data breach law in favor of a new, more stringent, law. Florida has joined the list of states requiring notice to regulators:  specifically, an entity must notify the Department of Legal Affairs of any breach affecting 500 or more Florida residents as soon as possible, but no later … Continue Reading

Fraudulent use of a service by hackers – a lesson for service providers

A recent case contains some salutary lessons for service providers concerning liability for fraudulent use of their services. It appears that unless the contract has clear terms to the contrary then the service provider, not the end user, will pay for fraudulent use of a service by hackers even if the end user has not properly … Continue Reading

Belgium: Beware of the barking Privacy Watchdog, she’s biting

MORE ENFORCEMENT POWERS FOR BELGIAN PRIVACY COMMISSION By Patrick Van Eecke and Julie De Bruyn (DLA Piper – Brussels) The quietness in the privacy landscape in Belgium is about to drastically change. Reason for the change of pace are the recent major data breaches that were published by the media. The Privacy Commission announced it … Continue Reading

DLA Launches New Edition of Data Protection Laws of the World Handbook

DLA Piper’s Data Protection & Privacy group are delighted to announce the launch of the third edition of the Data Protection Laws of the World Handbook – a great way to celebrate Data Protection Day! This edition is particularly exciting as it is available via our new online site, which has a number of new … Continue Reading

DATA PROTECTION LAWS OF THE WORLD

DLA Piper has published the second edition of its Data Protection Laws of the World reference guide, expanding the handbook’s scope to cover 12 key features of the privacy laws of 63 countries that affect our clients. Data Protection Laws of the World is searchable by country and by subject matter. View or download the handbook here.… Continue Reading

2013 Off to a Busy Start: State Lawmakers Introduce Numerous Privacy-Related Bills

Barely six weeks into the new year and already we are seeing numerous bills introduced in the state legislatures. These bills are wide ranging, and address topics such as data breach notification, written information security policies, privacy policies, and use of social security numbers, among others.  Perhaps one of the more intriguing bills is California Assembly … Continue Reading

Senate Failed to Move on Cybersecurity Bill — Is an Executive Order on the Horizon?

Late last week, in a vote of 51-47, the Senate blocked consideration of Senator Lieberman’s cybersecurity legislation, voting down Sen. Liberman (I.-Conn.) and Sen. Collins (R.-Maine) procedural motion to move forward on the Cybersecurity Act of 2012. Among other components of the bill, the would have directed various federal agencies to address cybersecurity risks to conduct an assessment of cybersecurity risks to … Continue Reading

States Amend Security Breach Laws: Adopt Stringent Attorney General Notification Requirements

Both Vermont and Connecticut recently have amended their data breach security laws, imposing more stringent requirements on entities that experience a data breach.  Effective July 1, 2012, under Vermont’s revised data breach law, entities that experience a data breach affecting Vermont consumers now must notify the Attorney General within 14 business days of discovery of … Continue Reading

FTC Issues Final Privacy Report — Sets forth Best Practices, Calls for Legislation

On March 26, 2012, the Federal Trade Commission (FTC) issued a report, “Protecting Consumer Privacy in an Era of Rapid Change:  A Proposed Framework for Business and Policymakers,” in which it sets forth best practice recommendations for businesses that obtain consumer data–both online and online–and sketches out an active legislative and FTC workshop agenda on … Continue Reading
LexBlog