RSS Print Email

This blog is a service of Alston & Bird's Privacy & Data Security team and focuses on key data privacy and data security issues.


WP29 Announces a Common “Tool-Box” Approach to Handling of Complaints under the Right to be Forgotten

September 18, 2014 | Posted by Maki DePalo | Topic(s): European Union (EU), International, Privacy, Data Protection

On September 18, 2014, the Article 29 Working Party (the “WP29”) issued a press release, announcing that the European data protection authorities agreed on a common “tool-box” approach to handling complaints lodged due to search engines’ refusal to remove complainant’s entries from their search results.

Read More

HIPAA Audit Program Phase 2: Delayed

A representative of the U.S. Department of Health and Human Services’s Office for Civil Rights (OCR) has recently revealed that OCR has delayed the start of phase 2 of its HIPAA Audit Program – and has revised its plans for phase 2.

Read More

FTC Announces Final Agenda for September Big Data Workshop

September 10, 2014 | Posted by Barringer, Ty | Topic(s): Events, Federal Trade Commission (FTC), Big Data

The Federal Trade Commission has released a final program for its September workshop, “Big Data: A Tool for Inclusion or Exclusion?” During the workshop, speakers with a wide range of experience and expertise in the privacy field will present on the various issues and opportunities that arise from the relationship between big data and consumers.

Read More

HHS OIG Releases Report Regarding ONC’s Oversight of Testing and Certification of Electronic Health Records

The HHS Office of Inspector General (OIG) recently issued a report regarding the Office of the National Coordinator for Health Information Technology’s (ONC) oversight of electronic health record (EHR) testing and certification, “The Office of the National Coordinator for Health Information Technology’s Oversight of the Testing and Certification of Electronic Health Records."

Read More

Kim Peretti authors Bloomberg BNA article on Cyber Threat Intelligence and Information Sharing

September 5, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Data Security, Cybersecurity, Privacy

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, authored (with contributions from associate Lou Dennig) the Bloomberg BNA article, “Cyber Threat Intelligence: To Share or Not to Share—What Are the Real Concerns?” In the article, Peretti discusses the importance of exchanging cyberthreat information and the concerns relating to information sharing, as well as provides guidance for companies in mitigating potential risks regarding this information sharing.

Posted by Security Incident Management & Response Team | Alston & Bird LLP

Inside Counsel Talks Cybersecurity with Kim Peretti Ahead of WIPL Conference

September 5, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Events, Cybersecurity, Cybercrime

Kim Peretti, a partner in the firm’s White Collar Crime Group, discussed cybersecurity and the upcoming Women, Influence & Power in Law Conference with Inside Counsel.

“From a legal standpoint, the risk exposure for a cyberattack has continued to rapidly increase,” and senior executives and board members play an important role in their company’s cybersecurity, said Peretti. “Senior management should know it’s not just an IT issue, it’s an enterprise risk and needs to be handled as all other enterprise risks. The board and senior executives should be involved in a company strategy before and after a breach in an oversight role.”

Peretti will be leading a panel on enterprise risk management at this year’s WIPL Conference in Washington, D.C. “In cybercrime, women are outnumbered by men, though more and more are entering the field,” she said. “It was a remarkable event last year, like no other event I know. It really brings everything together.”

Posted by Security Incident Management & Response Team | Alston & Bird LLP

Alston & Bird Hosting Event: The Evolving Cyber Insurance Market: Key Issues and Challenges

September 3, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Events, Data Security, Cybersecurity, Privacy, Department of Homeland Security (DHS)

Kim Peretti, partner and co-chair of the firm’s Security Incident Management and Response Team, will moderate a panel discussion during this September 11 event. The featured speakers are Tom Finan, Senior Cybersecurity Strategist and Counsel with the U.S. Department of Homeland Security, and Sean Hyatt, counsel in the firm’s Litigation & Trial Practice Group and a member of the Insurance Litigation & Regulation Team.

Read More

FTC seeks public comment on AgeCheq Inc.’s application for approval of proposed verifiable parental consent method

On August 25, 2014, the Federal Trade Commission (“FTC”) issued a Federal Register notice to be published, announcing the FTC’s request for public comment on a proposed verifiable parental consent method. The method has been submitted for approval by AgeCheq, Inc. under the Children's Online Privacy Protection Act and the rules promulgated thereunder.

Read More

Kim Peretti Interviewed by BankInfoSecurity

August 28, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Data Security, Cybersecurity, Privacy, Data Breach, Privacy Policy

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, was interviewed on by BankInfoSecurity about what boards must know about security issues and how to keep directors risk-aware.

In the interview, titled “Cybersecurity: What Boards Must Know,” Peretti discusses what directors don't know about security, the pre- and post-breach responsibilities of boards, and how to educate the board - and when. "[Boards] have an awareness of the threat out there," Peretti said. "But what they're struggling with - what they don't know - is what is the risk that the [threat] has to any particular organization, how do you mitigate that risk, and how do you respond to it?"

Read More

Delaware Passes Fiduciary Access to Digital Assets and Digital Accounts Act

August 26, 2014 | Posted by Bruce Sarkisian | Topic(s): Online Privacy, Legislation, US State Law

On August 12, Delaware Governor Jack Markell enacted the nation’s first law that covers access to digital accounts of the deceased. The Delaware statute, which is modeled after the Uniform Fiduciary Access to Digital Assets Act, gives the deceased’s executors, or fiduciaries, “control over any and all rights in digital assets and digital accounts of an account holder, to the extent permitted under applicable state or federal law or regulations or any end user license agreement.”

Read More

Secret Service Estimates in Follow-Up Advisory that "Backoff" Malware Affected 1,000 U.S. Businesses

August 25, 2014 | Posted by Lou Dennig | Topic(s): Advisories, Security Breach, Data Security, Cybersecurity, Data Breach, Cybercrime

On Friday, August 22 the Department of Homeland Security (“DHS”) and U.S. Secret Service released an advisory warning that a family of malware known as “Backoff” may have infiltrated the Point of Sale (“PoS”) systems of over 1,000 U.S. businesses. The malware was injected into some systems as far as back as October 2013, and DHS warns that it “has likely infected many victims who are unaware that they have been compromised.” “Backoff” allows cybercriminals to remotely exfiltrate consumer credit card information by exploiting an organization’s administrator accounts. The advisory strongly encourages businesses to take immediate action and contact their IT personnel, PoS and antivirus vendors as well as other service providers to assess whether their systems have been compromised by the malware.

Read More

CDD Urges FTC to Investigate 30 Companies for Alleged Safe Harbor Violations

The Center for Digital Democracy (“CDD”), a private consumer privacy advocate, recently filed a complaint and “request for investigation” before the Federal Trade Commission (“FTC”) accusing 30 U.S. companies of violating provisions of the Safe Harbor framework. The 118-page complaint, filed August 14th, urges the FTC to take legal action against the companies, including Adobe Systems, AOL, and Salesforce.

Read More

FTC Issues Study on Mobile Shopping Apps Reviewing Pre-download Disclosures

On August 1, 2014, the Federal Trade Commission (“FTC”) issued a study called “What’s the Deal? An FTC Study on Mobile Shopping Apps,” with recommendations concerning pre-download disclosures. FTC staff surveyed and reviewed 121 mobile shopping apps that fell into three categories: price comparison apps, deal apps, and in-store purchase apps. FTC staff focused their analysis on (1) the in-store purchase apps’ pre-download disclosures concerning payment disputes, and (2) all of the surveyed apps’ pre-download disclosures concerning how the apps collect and handle consumer data.

Read More

Agenda Released for FTC’s September Big Data Workshop

August 12, 2014 | Posted by Matthias Barringer | Topic(s): Events, Federal Trade Commission (FTC), Big Data

The Federal Trade Commission recently released an initial program for the agency’s latest data privacy workshop, “Big Data: A Tool for Inclusion or Exclusion?” The workshop will consist of four panel discussions and is scheduled to take place at 8 a.m. on September 15, 2014 at the Constitution Center, located at 400 7th St SW, Washington, DC 20024.

Read More

PCI Security Standards Council Publishes Third-Party Security Assurance Guidance

The Payment Card Industry Security Standards Council (PCI-SSC) today released recommendations for meeting the PCI Data Security Standard (PCI-DSS) when sharing cardholder data with third party service providers. PCI-DSS requires a merchant or other entity in entrusted with cardholder data to ensure that cardholder data continues to be protected when it is provided to a third party.

Read More