Security researchers at Radboud University in the Netherlands have discovered a flaw in several manufacturers’ solid state hard drive firmware that can be exploited to read data from self-encrypting drives (SED). The researchers published their findings in a paper on November 5th. The authors identified several methods they were able to use to bypass hardware … Continue Reading
Tim Cook, Apple CEO, recently delivered the keynote address for a privacy conference, attended by policy experts and European Union (EU) lawmakers in Brussels, Belgium, where he advocated for new data privacy laws in the United States, similar to the EU’s General Data Protection Regulation (GDPR). Cook said that modern technology has led to the … Continue Reading
We all know that it is important to protect our Social Security number. But sometimes companies still try to use the last four digits of our Social Security numbers as identifiers or to verify identity in some way. The use of Social Security numbers began in 1936 long before computers, the internet, and identity theft … Continue Reading
We have previously reported on the anticipated impact of the new California Privacy Law—the California Consumer Privacy Act (“the Act”) [view related post]. The first amendment to the Act, (most likely be the first of many amendments) recently obtained approval from state lawmakers and is on its way to Governor Jerry Brown for signature. The … Continue Reading
As previously detailed, the California Consumer Privacy Act of 2018 was hastily passed by the California legislature as a compromise designed to avoid a more far-reaching ballot initiative. Recognizing the need to clarify various drafting errors, the drafters are currently working on Senate Bill 1121, intended to clarify certain provisions of the Act and to … Continue Reading
Traditional tickets (paper, that is) have already been replaced with mobile tickets for many Major League Baseball (MLB) stadiums across the country, but now, MLB has teamed up with CLEAR, which provides biometric authentication, to implement biometric ticketing at select stadiums. CLEAR will allow baseball fans to use their fingerprints, and eventually facial recognition, to … Continue Reading
We have frequently reported about how devastating and widespread tax fraud is in the U.S.—in the past affecting hundreds of thousands of U.S. taxpayers [view related privacy tip]. Income tax preparers are at risk for cyber intrusions because they hold highly sensitive personal information of their clients, which can be used by criminals to commit … Continue Reading
On June 28, 2018, the California State Legislature passed, and Governor Jerry Brown signed, the California Consumer Privacy Act of 2018, bringing to the United States many of the rights and compliance obligations currently being applied by the European Union through its General Data Protection Regulation (GDPR). Effective January 1, 2020, the Act gives California … Continue Reading
Cell phones are a ubiquitous part of our modern life. It’s easy to forget that they are constantly tapping into the wireless networks around us several times a minute, even when we’re not using them. Each time a cell phone connects to a cell tower or cell site, it generates a time-stamped record known as … Continue Reading
In the age of web-connected vehicles, the consumer’s relationship with the vehicle’s manufacturer takes on a whole new meaning. Not only does the relationship exist for the purpose of vehicle maintenance or future repairs, but the consumer also serves as a rolling information bank to the manufacturer. Indeed, nearly every new vehicle is by default … Continue Reading
As the myriad of Family Educational Rights and Privacy Act (FERPA) interpretation issues continues to cloud many educators’ understanding of what is permissible and not permissible under the statute, some assistance was recently provided by the U.S. Department of Education. The Family Policy Compliance Office (FPCO) advises that as with any other “education record,” a photo or video of a student … Continue Reading
Businesses are understandably focused this week on the looming effective date for the European Union’s General Data Protection Regulation (GDPR). For U.S. businesses, however, a proposed law closer to home would raise similar compliance burdens and create potential litigation risks. This November, voters in California will likely vote on whether to pass a ballot initiative, … Continue Reading
Facebook and the English data analytics firm Cambridge Analytica (CA) are facing intense scrutiny in response to numerous reports about the possible misuse of data of 50 million Facebook accounts. The data was originally collected through a third party personality test app and later reportedly improperly transferred to CA and/or its parent company Strategic Communications … Continue Reading
On March 16, David Carroll, a New York based American professor sued Cambridge Analytica (CA) in the U.K. courts, after the data analytics firm allegedly failed to respond to his request made pursuant to the U.K. Data Protection Act for his file of personal data held by CA, CA’s purpose for processing his data, and … Continue Reading
All privacy professionals, whether in the EU or the U.S., need to have an understanding of the implications of General Data Privacy Regulation (GDPR) compliance, particularly since the fines and penalties that could be imposed for non-compliance are intimidating. GDPR goes into effect on May 25, 2018, and many companies are struggling to become compliant … Continue Reading
The Federal Trade Commission (FTC) has approved its proposed settlement with Lenovo, Inc. over the installation of pre-installed advertising software called VisualDiscovery onto Lenovo laptops. According to the FTC, the pre-installed software “interfered with how a user’s browser interacted with websites and created serious security vulnerabilities.” The settlement requires Lenovo to not misrepresent the features … Continue Reading
On March 1, 2017, New York’s Cybersecurity Regulation (23 NYCRR Part 500)[1] became effective. The regulation is the first of its kind in the nation and requires certain companies, including banks, insurance companies and other financial services institutions regulated by the Department of Financial Services (“Covered Entities”), to have: a cybersecurity program designed to protect … Continue Reading
Last Thursday, the United States Supreme Court heard arguments in Carpenter v. United States. At issue was whether the FBI violated the Fourth Amendment when it obtained the cellphone location records of Timothy Carpenter. The FBI used these records to establish Mr. Carpenter’s whereabouts during time periods in which certain armed robberies occurred. The government … Continue Reading
The Federal Communications Commission’s (FCC) potential reversal of the Obama Administration’s ‘Net Neutrality’ rules have been a constant headline lately. Most media coverage goes to the core principals of net neutrality, including blocking, throttling and pay for priority of internet content; however, privacy is also a factor. Primarily, the FCC issued broadband privacy rules in … Continue Reading
As we approach calendar year end, traditionally the busiest period of the year for mergers and acquisitions, it is worth revisiting whether our existing competition law framework can and does properly assess the market power of big data. This spring, The Economist magazine joined the ranks of some antitrust regulators, particularly from the EU, in … Continue Reading
Every day it seems a new data security breach has occurred, a new “cyber hack” is in the news…making us run to our phones, computers, bank accounts, you name it, to see if we could be the “one” affected. As a result, more and more online transactions, websites, financial institutions, for work or personal, require … Continue Reading
Stating the obvious, college is one of the most important and expensive investments Americans make. In addition to tuition costs, from a consumer perspective, other factors should be important in deciding on a college, including graduate employment prospects, average student loan debt, and average number of semesters taken to complete a degree. If you were … Continue Reading
The Connecticut State Department of Education (DOE) recently published guidance on implementing civil rights protections for transgender students. The guidance, in part, provides information on issues related to requests that a school change a student’s education records to be consistent with their chosen name and gender identity. Notably, the guidance recognized tension that may arise … Continue Reading
On August 1, 2017, 32M, located in Wisconsin, is offering its employees the ability to have RFID chips implanted into their hands to make purchases at the company break rooms, open doors, use the copy machine and log on to their company computer. On top of that, the employer issued chip can store medical and … Continue Reading
