Cyber News – Page 5 – Cyber Law News and Bytes

The FTC Provides Additional Guidelines on COPPA Compliance

November 10, 2017 / Data Breach, Privacy, Regulation

On October 23, 2017, the FTC provided additional guidance on the COPPA Rule regarding the collection of audio voice recordings by organizations covered by the law. The FTC advised that the collection of an audio file from a child, even when such a file is being used solely as replacement for written words, falls within the first prong of the definition of collection. As a result, as soon as an operator obtains a recording, the operator has collected the recording for purposes of the COPPA Rule regardless of how long it maintains possession of the file. The FTC advised that it understood the value of using voice as a replacement for written words in performing search and other functions on internet-connected devices, especially for certain consumers such as children who have not yet learned to write. As such, the FTC advises that it will not take any enforcement action in certain circumstances where an operator collects an audio file from a child without parental consent. …

The FTC Provides Additional Guidelines on COPPA ComplianceRead More »

The FTC Provides Additional Guidelines on COPPA Compliance Read More »

Federal Judge Issues Opinion Concerning the Viability of Data Breach Claims

October 20, 2017 / Court Rulings, Data Breach

A federal judge in the Southern District of New York recently issued an opinion providing guidance concerning the viability of data breach claims, particularly in the context of a breach of employee information. Sackin v. Transperfect Global, Inc. involves a purported class action filed on behalf of Transperfect employees whose personally identifiable information (PII) was disclosed as a result of a cyber attack. In January 2017, a targeted phishing email was sent to a Transperfect employee designed to look like it had come from the company’s CEO, requesting payroll information regarding Transperfect employees. The Transperfect employee fell for the scheme and sent unencrypted PII to the attacker including names, addresses, Social Security Numbers, and bank account numbers for Transperfect employees. According to the complaint, the disclosure involved thousands of employees.

…

Federal Judge Issues Opinion Concerning the Viability of Data Breach ClaimsRead More »

Federal Judge Issues Opinion Concerning the Viability of Data Breach Claims Read More »

Internet of Medical Things Resilience Partnership Act of 2017

October 16, 2017 / Cybersecurity, Data, Healthcare, Uncategorized

A new bill called the “Internet of Medical Things Resilience Partnership Act of 2017,” H.R. 3985, was recently introduced in the House of Representatives. If passed as drafted, the bill will establish a working group of public and private entities led by the Food and Drug Administration (FDA) and National Institute of Standards and Technology (NIST) to recommend voluntary frameworks and guidelines to increase the security and resilience of Internet of Medical Things devices. Specifically, the working group will develop “recommendations for voluntary frameworks and guidelines to increase the security and resilience of networked medical devices sold in the U.S. that store, receive, access or transmit information to an external recipient or system for which unauthorized access, modification, misuse, or denial of use may result in patient harm.”

…

Internet of Medical Things Resilience Partnership Act of 2017Read More »

Internet of Medical Things Resilience Partnership Act of 2017 Read More »

Two Significant Data Breach Cases Moving to Higher Courts

September 20, 2017 / Data Breach

Two significant data breach cases have been appealed, and this past week, it was announced that one will be heard by the Supreme Court of Pennsylvania. The other has been stayed while plaintiffs move for certiorari before the United States Supreme Court. …

Two Significant Data Breach Cases Moving to Higher CourtsRead More »

Two Significant Data Breach Cases Moving to Higher Courts Read More »

Comment Deadline Approaching for NIST Information Security Framework

September 6, 2017 / Cybersecurity

The public comment period, which began on August 15th, for The National Institute of Standards and Technology’s (NIST) draft, Revision 5, of Special Publication 800-53 “Security and Privacy Controls for Information Systems,” ends on Tuesday, September 12. The newest draft of SP 800-53 is part of a continuing drive to create a “unified information security framework for the federal government.” Though specifically geared towards creating a framework for the government, the draft also has useful and practical implications for organizations across all sectors. In order to deemphasize a focus on specifically the federal government, this revision removes the word “federal” from the draft. …

Comment Deadline Approaching for NIST Information Security FrameworkRead More »

Comment Deadline Approaching for NIST Information Security Framework Read More »

Delaware Amends Data Breach Notification Law

August 21, 2017 / Data Breach, Regulation

Delaware has joined the list of states amending their data breach notification laws, expanding the definition of Personal Information (PI) and adding requirements for credit monitoring, among other items. The changes will be effective on April 14, 2018.

The Delaware amendments contain a hard deadline for providing notice, required notice to the state AG’s office, and credit monitoring. …

Delaware Amends Data Breach Notification LawRead More »

Delaware Amends Data Breach Notification Law Read More »

Are Smart Contracts the Next Target for Hackers?

August 2, 2017 / Data, Privacy

Smart contracts are poised to revolutionize the way transactions are handled in industries ranging from insurance and healthcare to financial services and even gambling. However, smart contracts can be vulnerable to hacking. …

Are Smart Contracts the Next Target for Hackers?Read More »

Are Smart Contracts the Next Target for Hackers? Read More »

FTC Publishes Updated COPPA Compliance Plan for Businesses

July 11, 2017 / Business, Privacy, Regulation

In June, the FTC updated its guidelines for businesses complying with the Children’s Online Privacy Protection Rule (COPPA) to address new products and toys that are connected to the internet. …

FTC Publishes Updated COPPA Compliance Plan for BusinessesRead More »

FTC Publishes Updated COPPA Compliance Plan for Businesses Read More »

NotPetya – What Should You Do?

June 30, 2017 / Cybercrime, Cybersecurity

It’s been three days since the outbreak of NotPetya, and we are beginning to learn more about it. Here are some quick things to know and some steps each company should take to help protect itself. …

NotPetya – What Should You Do?Read More »

NotPetya – What Should You Do? Read More »

Anthem Settles Data Breach Class Action

June 26, 2017 / Court Rulings, Data, Data Breach, Uncategorized

Anthem, Inc., the nation’s largest health insurance company, has agreed to settle the class action litigation arising from its 2015 data breach for $115 million, eclipsing the amount of any previous data breach settlement. The lawsuit, filed in federal court in California, had survived two motions to dismiss. After extensive discovery, plaintiffs moved for class certification on March 10, 2017. …

Anthem Settles Data Breach Class ActionRead More »

Anthem Settles Data Breach Class Action Read More »