AUTHOR ARCHIVES: Nameir Abbas


Nameir Abbas

Nameir's international relations background gives him a breadth of experience in detailed review of his clients' technology and privacy initiatives and issues. Read more→

South Carolina Enacts Insurance Data Security Act

Posted on: 20 Aug 2018

South Carolina recently enacted a prescriptive data security law for insurers. The law bears resemblance to the New York Department of Financial Services (NYDFS) cybersecurity rules that entered into force last year. In short, the South Carolina law requires licensees (defined below) to develop and implement a comprehensive written information security program (a “WISP”) and to notify the South Carolina Department of Insurance of certain cybersecurity events. Effective on January 1, 2019, the law includes extended deadlines for compliance with the requirement to implement a WISP (July 1, 2019) […] Read more

Supreme Court Recognizes Reasonable Expectation of Privacy in Historical Cell-Site Location Information

Posted on: 27 Jun 2018

The Supreme Court recently held in Carpenter v. United States that an individual has a reasonable expectation of privacy in historical cell-site location information (CSLI) that provides a comprehensive view of the individual’s movement. A 5-4 decision, Carpenter marks a significant development for both the third-party doctrine and in the privacy space more generally. Carpenter signals a change in the Court’s traditional view of the third-party doctrine and highlights the ubiquity and all-encompassing nature of CSLI in the process. The petitioner, Timothy Carpenter, was convicted for his […] Read more

Oregon and Arizona Amend Breach Notification Laws

Posted on: 25 Jun 2018

Amended breach notification laws recently took effect in Oregon or will soon take effect in Arizona. In both cases, the amended laws heighten existing requirements and reflect broader trends in the breach notification landscape at the state level, including by expanding the scope of “personal information” that triggers notification and requiring notification within a specified timeframe. In Oregon’s case, the amendments supplement already-existing data security requirements for companies the handle the personal data of Oregon residents. Oregon Broadened Definition of Personal Information Like […] Read more

Chicago City Council Considers Data Collection and Protection Legislation

Posted on: 21 Jun 2018

Unique and detailed data protection legislation is currently under consideration by the Chicago City Council. If passed in its current form, the Data Collection and Protection Ordinance (the “Ordinance”) would impose consent, notification, and registration obligations on regulated companies, as well as require a prescribed notice to users of location services on mobile devices and express consent for use of geolocation data by mobile applications. Consent requirements The consent provisions would apply to “operators,” defined to include any entity that (1) “owns a website on the […] Read more

Article 29 Working Party Issues Guidance on Administrative Fines

Posted on: 02 Nov 2017

The Article 29 Working Party (“WP29”) recently issued much-anticipated guidance on administrative sanctions under the General Data Protection Regulation (the “GDPR”). This guidance focuses on the holistic factors which Supervisory Authorities (the “SAs”) are to use in issuing assessments for violations of the GDPR. These factors make clear that WP29 views sanctions issued under the GDPR as a key deterrent and enforcement mechanism. Context Article 83 of the GDPR states the general conditions for imposing fines for non-compliance. These fines must be “effective, proportionate […] Read more

Data Monetization and State Privacy Laws

Posted on: 15 Jun 2017

On June 8, magazine publisher Trusted Media Brands, Inc. settled a class action lawsuit for $8.2 million after purportedly disclosing the personal information and magazine choices of customers to third parties.  The lawsuit, Taylor v. Trusted Media Brands, Inc., No. 7:16-cv-01812 (S.D.N.Y. June 8, 2017), alleged that the publisher’s actions violated Michigan’s Video Rental Privacy Act (VRPA), demonstrating the sometimes hidden legal risks of data monetization. VRPA, inspired by the federal Video Privacy Protection Act, was passed in 1988 and applies to the purchase, rental, or borrowing […] Read more

President Trump Signs Long-Awaited Cyber Executive Order

Posted on: 17 May 2017

On May 11, 2017, President Trump signed a long-awaited executive order on cybersecurity (the “Order”).  The Order directs executive agencies to complete a risk management report based on the NIST Cybersecurity Framework (the “Framework”) and also requires the Department of Homeland Security (DHS) and other agencies to undertake activities in support of effective cybersecurity risk management for operators of critical infrastructure.  More generally, the Order directs several agencies to submit reports to the President on a varied set of cybersecurity-related topics.  These measures demonstrate […] Read more

Outbreak of “WannaCry” and “Wanna Decryptor” Ransomware Affects Companies Across the Globe

Posted on: 14 May 2017

On Friday, May 12, companies in countries across the globe witnessed an unprecedented malware outbreak as ransomware labeled “WannaCry” and “Wanna Decryptor” infected a large range of critical systems. The malware exploits a vulnerability in older versions of Microsoft’s Windows, locks the systems it infects, and threatens to delete files unless a bitcoin ransom is paid. What happened? An attacker or group of attackers unleashed a wave of ransomware infections beginning on Friday, May 12. More so than previous attacks, this outbreak resulted in substantial disruption to regular […] Read more

New Mexico Data Breach Legislation Passes

Posted on: 11 Apr 2017

New Mexico recently became the 48th state to pass some form of data breach notification legislation, leaving Alabama and South Dakota as the lone holdouts.  The Data Breach Notification Act was signed by New Mexico Governor Susana Martinez on April 6, 2017.  The law applies to persons that own or license personal identifying information of New Mexico residents, defined as an individual’s first name or first initial and last name in combination with a social security number, driver’s license number, government-issued ID number, account number plus security or access code or password, or biometric […] Read more