Support Data Privacy Day on January 28, 2015

Written by
Did you know January 28 is Data Privacy Day (DPD)?  DPD commemorates Convention 108, the first legally binding international treaty dealing with privacy and data protection, signed on January 28, 1981.  DPD began in the United States and Canada in January 2008 as an extension of the DPD celebrated in Europe.  On January, 27, 2014, the 113th U.S. Congress adopted a nonbinding resolution expressing support for the designation of January 28 as “National Data Privacy Day.” National Cyber Security Alliance (NCSA), a non-profit organization dedicated to cyber-security education and awareness, [...] Read more

New York AG Schneiderman to Propose Revised Data Security Laws

Written by
New York’s Attorney General Eric T. Schneiderman announced on January 15 that he would propose legislation to New York State lawmakers to revise New York’s data security laws and to require new safeguards for personal data of New Yorkers. The legislation to be introduced by Mr. Schneiderman will broaden the scope of information that would require protection, impose stronger technical security measures for protecting information and create a safe harbor for companies who meet the required security standards. “With some of the largest-ever data breaches occurring in just the last year, [...] Read more

President Obama Proposes Strict National Data Breach Notification Law Ahead of State of the Union

Written by
On January 12, 2015, during a speech before the Federal Trade Commission (FTC), President Barack Obama announced that he would propose legislation to create a national, uniform data breach notification law.  The White House later released the full text of the proposed bill.  The President highlighted that a national breach notification law would benefit both consumers and notifying companies by pre-empting and streamlining the current system:  “right now almost every state has a different law on this and it’s confusing for consumers and it’s confusing for companies – and it’s costly [...] Read more

President Obama Proposes New Privacy Protections for Student Data

Written by
On January 12, 2015, President Barack Obama unveiled a series of comprehensive proposals aimed at protecting Americans’ personal and financial information, combating online fraud, and safeguarding digital privacy. As part of his speech at the Federal Trade Commission, President Obama highlighted certain initiatives related to student privacy that he will discuss in greater detail at the State of the Union address next week. The President proposed a new federal law: the Student Digital Privacy Act. According to the White House, the Student Digital Privacy Act is “designed to provide teachers [...] Read more

New Jersey Enacts Health Information Encryption Requirement

Written by and
New Jersey Governor Chris Christie has signed a new law requiring health insurance companies to protect client health information by encrypting the data. The law applies to any insurance company, health service corporation, hospital service corporation, medical service corporation, or health maintenance organization authorized to issue health benefits plans in New Jersey. These entities must take steps to protect “individually identifiable health information” that they compile through encryption or “by any other method or technology rendering it unreadable, undecipherable, or otherwise unusable [...] Read more

Alston & Bird Welcomes Peter Swire

Written by
Alston & Bird is pleased to announce that Peter Swire has joined the firm's Privacy and Security practice as Senior Counsel. Peter was President Clinton’s Chief Counselor for Privacy in the U.S. Office of Management and Budget. He also served as one of five members of President Obama’s Review Group on Intelligence and Communications Technology, formed in the wake of Edward Snowden’s revelations regarding surveillance activities by the U.S. National Security Agency. Peter has long been a thought and action leader in the privacy and security space. During his time in the Clinton administration, [...] Read more

NIST releases “Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans.”

Written by
On December 12, 2014, the National Institute for Standards and Technology (“NIST”) announced the release of Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans (“SP 800-53A”). SP 800-53A is a companion guideline to Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations (“SP 800-53”) and discusses how to build effective assessment plans and how to analyze and manage assessment results. NIST’s announcement highlights [...] Read more

TD Bank NA Settles Data Breach Lawsuit with Mass. AG

Written by
TD Bank North America (“TD Bank”) and the Massachusetts Attorney General announced an agreement on December 8 to end a data breach lawsuit brought against TD Bank by the Massachusetts Attorney General. The lawsuit alleged that TD Bank failed to properly protect and encrypt personal customer information contained on two server backup tapes that it lost. The suit also alleged that TD Bank did not promptly notify the Attorney General of the breach as required by Massachusetts law. The data breach in question occurred after a set of unencrypted server backup tapes containing the personal information [...] Read more

23 Privacy Enforcement Authorities Issue a Joint Open Letter to App Marketplaces

Written by
On December 9, 2014, a joint open letter (“Letter”) was issued to the operators of seven (7) app marketplaces, urging them to “make the basic commitment to require each app that can access or collect personal information, to provide users with timely access to the app’s privacy policy.” Although the Letter was sent to Apple, Google, Samsung, Microsoft, Nokia, BlackBerry and Amazon.com, the Office of the Privacy Commissioner of Canada (“OPC”) explains that it is intended for all companies that operate app marketplaces. The Letter was issued by twenty-three (23) privacy enforcement [...] Read more

CFPB’s Final Rule Allows Online Privacy Notice Posting In Certain Circumstances

Written by
The Consumer Financial Protection Bureau (CFPB) recently published a final rule regarding annual privacy notices from financial institutions to their customers. The rule allows financial institutions that limit their consumer data-sharing and meet other requirements to post their annual privacy notices online rather than delivering them individually. Under the Gramm-Leach-Bliley Act (GLBA), financial institutions generally must send annual privacy notices to customers. These notices must describe whether and how the financial institution shares consumers’ nonpublic personal information. If [...] Read more