Archives: Data Privacy

Subscribe to Data Privacy RSS Feed

Compliance With New York’s Cybersecurity Regulation 23 NYCRR Part 500

On March 1, 2017, New York’s Cybersecurity Regulation (23 NYCRR Part 500)[1] became effective.  The regulation is the first of its kind in the nation and requires certain companies, including banks, insurance companies and other financial services institutions regulated by the Department of Financial Services (“Covered Entities”), to have: a cybersecurity program designed to protect … Continue Reading

US Supreme Court Evaluates Privacy of Cell Phone Data

Last Thursday, the United States Supreme Court heard arguments in Carpenter v. United States.  At issue was whether the FBI violated the Fourth Amendment when it obtained the cellphone location records of Timothy Carpenter.  The FBI used these records to establish Mr. Carpenter’s whereabouts during time periods in which certain armed robberies occurred.  The government … Continue Reading

The Reversal of Net Neutrality on Privacy 101

The Federal Communications Commission’s (FCC) potential reversal of the Obama Administration’s ‘Net Neutrality’ rules have been a constant headline lately. Most media coverage goes to the core principals of net neutrality, including blocking, throttling and pay for priority of internet content; however, privacy is also a factor. Primarily, the FCC issued broadband privacy rules in … Continue Reading

Big Data and Antitrust: Rethinking Competition Law in the Data Economy

As we approach calendar year end, traditionally the busiest period of the year for mergers and acquisitions, it is worth revisiting whether our existing competition law framework can and does properly assess the market power of big data. This spring, The Economist magazine joined the ranks of some antitrust regulators, particularly from the EU, in … Continue Reading

Do You Have “Security Fatigue”?

Every day it seems a new data security breach has occurred, a new “cyber hack” is in the news…making us run to our phones, computers, bank accounts, you name it, to see if we could be the “one” affected. As a result, more and more online transactions, websites, financial institutions, for work or personal, require … Continue Reading

Empowerment or Intrusion? The College Transparency Act of 2017

Stating the obvious, college is one of the most important and expensive investments Americans make. In addition to tuition costs, from a consumer perspective, other factors should be important in deciding on a college, including graduate employment prospects, average student loan debt, and average number of semesters taken to complete a degree. If you were … Continue Reading

State of Connecticut Provides Guidance on Changes to Education Records of Transgender Students

The Connecticut State Department of Education (DOE) recently published guidance on implementing civil rights protections for transgender students. The guidance, in part, provides information on issues related to requests that a school change a student’s education records to be consistent with their chosen name and gender identity. Notably, the guidance recognized tension that may arise … Continue Reading

Federal Tax Treatment of Employer-Provided Identity Protection Services

In the wake of several recent high-profile security breaches, employers are increasingly viewing identity theft protection as an essential employee benefit for employees. According to Willis Towers Watson’s 2016 voluntary benefits and services (VBS) survey, identity theft protection, offered by 35 percent of employers in 2015, could double to nearly 70 percent by 2018. Recognizing … Continue Reading

To Travel With My Laptop …or Not!

Tricky decision to make if you are among the millions that travel for work…. how safe is it? Will the new “laptop travel ban” affect me? What airports am I connecting through that are of concern?  Is public Wi-Fi secure? Did that person just look over my shoulder (a.k.a. Shoulder Surfing) while I was opening … Continue Reading

Twitter Updates its Privacy Policy

Twitter recently announced updates to its Privacy Policy. The updates are effective on June 18, 2017. By using the social media platform on or after that date, Twitter users will be deemed to have agreed to these updates. The updates enable Twitter to collect more user data, including about a user’s visits from Twitter to … Continue Reading

Misconfigured Backup Server Exposes 7,000+ Medical Records

A misconfigured backup server hosted by medical records technology vendor iHealth Solutions resulted in exposure of over 7,000 medical records, some containing sensitive information. The records, involving patients seen at Bronx-Lebanon Hospital Center in New York, New York, between 2014 – 2017, include patients’ names, addresses, HIV status, mental health diagnoses and addiction histories, as … Continue Reading

Repeal of FCC Privacy Rules Sparks Concern in U.S. and Europe

The Federal Communications Commission (FCC) privacy rules required providers such as Comcast Corp. and AT&T Inc. to get subscribers’ permission before collecting and sharing their personal data. On April 4, 2017, President Donald Trump signed a congressional resolution rescinding those rules and sparking major concern both in the U.S. and Europe. Indeed, according to a … Continue Reading

Virtual Private Network (VPN) Providers: How Private Are They?

By Executive Order, the Trump Administration recently reversed an Obama Administration order aimed at protecting consumer’s personal information from use by their Internet Service Provider (ISP). ISPrior to the Trump’s EO, ISPs were required to get customer’s consent before using or selling their browsing habits, online shopping habits, financial information, etc. The reversal of Obama’s … Continue Reading

FCC Broadband Privacy Regulations Rescinded; States Consider Adopting Measures

As was expected, President Trump signed into law the rescinding of the broadband privacy regulations adopted in 2016 by the Obama administration’s Federal Communications Commission (FCC). The now rescinded regulations would have required internet service providers (ISPs) to obtain consent from a customer before using or selling the customer’s Web browsing history, app usage history, … Continue Reading

Congress, FCC Weigh Measures to Repeal ISP Privacy Rules

Last October, the Federal Communications Commission (FCC) approved new privacy rules governing how Internet Service Providers (ISPs) are permitted to use and share its customers’ personal information. The rules have been fiercely contested by telecom companies that contend they are being unfairly held to more stringent regulations than so-called edge providers (Google, Facebook, etc.), which … Continue Reading

House Bill Would Allow Employers to Require and Access Genetic Testing Results

House bill HR 1313, introduced by Representative Virginia Foxx (R-N.C.), proposes to allow companies to require employees to undergo genetic testing, then allow employers to see the results, and impose financial penalties on any employees who request to opt out of the requirement. The bill, which was before the House Committee on Education and the … Continue Reading

DOE and DOJ Withdrawl of “Dear Colleague” Letter Leaves FERPA’s Guidance Unresolved

On February 22, 2017, the Department of Justice (DOJ) and Department of Education (DOE) withdrew their May 13, 2016 “Dear Colleague” letter that provided guidance on steps to protect transgender students under Title IX of the Educational Amendments of 1972 (Title IX) as well as the Family Educational Rights and Privacy Act (FERPA). Although the … Continue Reading

Supreme Court Nominee Neil Gorsuch on Data Privacy

Last month, the President announced his nomination of Judge Neil M. Gorsuch—a federal appeals court judge—to the Supreme Court. Gorsuch must still go through Senate confirmation hearings before officially becoming the ninth justice in our nation’s highest court, but some are already discussing Gorsuch’s potential impact on cybersecurity, technology and privacy law. Gorsuch is better … Continue Reading

Los Angeles Community College Pays Ransomware to Retrieve Data

On December 30, 2016, the Los Angeles Community College computer network was kidnapped by cyber criminals requesting a ransom for its return. The ransomware encrypted the college’s entire network system, including email and voice mail systems. Rather than attempt to restore all of the data days before classes were to resume, on January 4, 2017, … Continue Reading
LexBlog