RSS Print Email

This blog is a service of Alston & Bird's Privacy & Data Security team and focuses on key data privacy and data security issues.


Kim Peretti Interviewed by BankInfoSecurity

August 28, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Data Security, Cybersecurity, Privacy, Data Breach, Privacy Policy

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, was interviewed on by BankInfoSecurity about what boards must know about security issues and how to keep directors risk-aware.

In the interview, titled “Cybersecurity: What Boards Must Know,” Peretti discusses what directors don't know about security, the pre- and post-breach responsibilities of boards, and how to educate the board - and when. "[Boards] have an awareness of the threat out there," Peretti said. "But what they're struggling with - what they don't know - is what is the risk that the [threat] has to any particular organization, how do you mitigate that risk, and how do you respond to it?"

Read More

Delaware Passes Fiduciary Access to Digital Assets and Digital Accounts Act

August 26, 2014 | Posted by Bruce Sarkisian | Topic(s): Online Privacy, Legislation, US State Law

On August 12, Delaware Governor Jack Markell enacted the nation’s first law that covers access to digital accounts of the deceased. The Delaware statute, which is modeled after the Uniform Fiduciary Access to Digital Assets Act, gives the deceased’s executors, or fiduciaries, “control over any and all rights in digital assets and digital accounts of an account holder, to the extent permitted under applicable state or federal law or regulations or any end user license agreement.”

Read More

Secret Service Estimates in Follow-Up Advisory that "Backoff" Malware Affected 1,000 U.S. Businesses

August 25, 2014 | Posted by Lou Dennig | Topic(s): Advisories, Security Breach, Data Security, Cybersecurity, Data Breach, Cybercrime

On Friday, August 22 the Department of Homeland Security (“DHS”) and U.S. Secret Service released an advisory warning that a family of malware known as “Backoff” may have infiltrated the Point of Sale (“PoS”) systems of over 1,000 U.S. businesses. The malware was injected into some systems as far as back as October 2013, and DHS warns that it “has likely infected many victims who are unaware that they have been compromised.” “Backoff” allows cybercriminals to remotely exfiltrate consumer credit card information by exploiting an organization’s administrator accounts. The advisory strongly encourages businesses to take immediate action and contact their IT personnel, PoS and antivirus vendors as well as other service providers to assess whether their systems have been compromised by the malware.

Read More

CDD Urges FTC to Investigate 30 Companies for Alleged Safe Harbor Violations

The Center for Digital Democracy (“CDD”), a private consumer privacy advocate, recently filed a complaint and “request for investigation” before the Federal Trade Commission (“FTC”) accusing 30 U.S. companies of violating provisions of the Safe Harbor framework. The 118-page complaint, filed August 14th, urges the FTC to take legal action against the companies, including Adobe Systems, AOL, and Salesforce.

Read More

FTC Issues Study on Mobile Shopping Apps Reviewing Pre-download Disclosures

On August 1, 2014, the Federal Trade Commission (“FTC”) issued a study called “What’s the Deal? An FTC Study on Mobile Shopping Apps,” with recommendations concerning pre-download disclosures. FTC staff surveyed and reviewed 121 mobile shopping apps that fell into three categories: price comparison apps, deal apps, and in-store purchase apps. FTC staff focused their analysis on (1) the in-store purchase apps’ pre-download disclosures concerning payment disputes, and (2) all of the surveyed apps’ pre-download disclosures concerning how the apps collect and handle consumer data.

Read More

Agenda Released for FTC’s September Big Data Workshop

August 12, 2014 | Posted by Matthias Barringer | Topic(s): Events, Federal Trade Commission (FTC), Big Data

The Federal Trade Commission recently released an initial program for the agency’s latest data privacy workshop, “Big Data: A Tool for Inclusion or Exclusion?” The workshop will consist of four panel discussions and is scheduled to take place at 8 a.m. on September 15, 2014 at the Constitution Center, located at 400 7th St SW, Washington, DC 20024.

Read More

PCI Security Standards Council Publishes Third-Party Security Assurance Guidance

The Payment Card Industry Security Standards Council (PCI-SSC) today released recommendations for meeting the PCI Data Security Standard (PCI-DSS) when sharing cardholder data with third party service providers. PCI-DSS requires a merchant or other entity in entrusted with cardholder data to ensure that cardholder data continues to be protected when it is provided to a third party.

Read More

FTC approves iKeepSafe COPPA Safe Harbor Oversight Program

The Federal Trade Commission today announced its approval of the Internet Keep Safe Coalition (“iKeepSafe”) Children’s Online Privacy Protection Act (“COPPA”) safe harbor oversight program. iKeepSafe’s program is the seventh COPPA safe harbor program approved by the FTC.

Read More

District Judge Upholds Decision Requiring Microsoft to Provide Irish Data to U.S. Investigators

August 4, 2014 | Posted by Michael Young | Topic(s): Enforcement, European Union (EU), Litigation

On July 31, Federal District Judge Loretta A. Preska (Southern District of New York) upheld the decision of a magistrate judge requiring Microsoft to turn over the contents of customer email stored in Ireland to U.S. investigators. The magistrate’s April decision was previously discussed on this blog.

Read More

Dominique Shelton Named Most Influential Lawyer in Digital Media and E-Commerce Law by Los Angeles Business Journal

July 31, 2014 | Posted by Privacy & Data Security Team | Topic(s): Data Security, Privacy

Dominique Shelton, partner in the firm’s Litigation & Trial Practice and Privacy & Data Security Groups was recently included by the Los Angeles Business Journal in their inaugural, “Most Influential Lawyers: Digital Media and E-Commerce.”

The list recognizes 30 Los Angeles attorneys who have demonstrated outstanding achievements in digital media and e-commerce law. Shelton is noted as one of the top practitioners in her field, advising clients on “cutting-edge” legal issues and “representing companies in a variety of industries and service sectors, including digital sales and marketing, advertising, wireless/mobile Internet, lead generation, manufacturing and electrical, software, telecommunications and television.”

Posted by Privacy & Data Security Team | Alston & Bird LLP

U.S. Treasury Secretary Lew Emphasizes Cyber-Risks for Financial Institutions

In remarks delivered earlier this month, U.S. Treasury Secretary Jacob Lew highlighted the dangers of “cyber intrusions” to financial institutions. Secretary Lew cited more than 250 cyber attacks against U.S. banks and credit unions since 2011, as well as recent hacks and credit card thefts against major retailers. “Cyber attacks on our financial system represent a real threat to our economic and national security,” said Secretary Lew.

Read More

FTC Updates Guidelines for Obtaining Parental Consent Applicable to Website Operators and Developers of Children’s Apps

On July 16, 2014, the Federal Trade Commission (“FTC”) issued revised guidance regarding compliance with the Children's Online Privacy Protection Act (“COPPA”). COPPA and the rules promulgated thereunder regulate the collection, use, and disclosure of personal information from children under age 13 by operators of commercial websites and online services, including mobile apps. The recent changes to the FTC’s Complying with COPPA: Frequently Asked Questions document clarify parental consent requirements with respect to such websites and services.

Read More

Kim Peretti and Jessica Corley co-author Bloomberg BNA article on Director Liability for Cybersecurity

July 29, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Data Security, Cybersecurity, Privacy, Data Breach, Privacy Policy

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, co-authored with Jessica Corley, chair of the firm’s Securities Litigation Group, the Bloomberg BNA article, “Cybersecurity: What Directors Need to Know in an Era of Increased Scrutiny.” In the article, Peretti and Corley discuss the cybersecurity issues that directors and officers face due to the fact that most companies’ assets are stored digitally and, therefore, at risk of cyberattacks. Because of these risks, well-designed policies and procedures to ensure data security are crucial to companies of all sizes, both in the public and private sectors. Directors and officers are under increased scrutiny and expected to be fully aware and engaged in their companies’ cybersecurity measures. Peretti and Corley’s article addresses the risks and impacts of data breaches, as well as practical pre- and post-breach guidance.

To read the full article, click here.

Posted by Security Incident Management & Response Team | Alston & Bird LLP

Kim Peretti to Speak on AllClear ID Webinar

July 28, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Events, Cybersecurity, Data Breach

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, will be a featured speaker on a webinar addressing the cyber risk landscape and best practices on breach preparation and response. The webinar, titled “Confidence in the Breach Age: Risks, Preparation, Response & Recovery,” will feature a panel of industry professionals who will share their perspectives on:

  • Understanding the reality of cyber risk to your organization
  • Legal practices in preparedness and response
  • Managing the forensics investigation with confidence
  • Restoring trust with notification, call center & consumer protection

This webinar will be held on Wednesday, August 20 at 12pm EST. For more information about this webinar and to register, please click here.

Written by Security Incident Management & Response TeamAlston & Bird LLP

Florida Enacts One of Nation’s Most Stringent Data Breach Notification Laws; Includes 30-Day Notice Requirement

June 24, 2014 | Posted by Bruce Sarkisian | Topic(s): Legislation, Security Breach, US State Law, Data Breach

On June 20, Florida Governor Rick Scott signed the Florida Information Protection Act of 2014, which updates Florida’s data breach notification law. The changes will take effect on July 1 of this year.

Read More