IAPP, International Association of Privacy Professionals, Red Flags Rule
Live from the IAPP Global Privacy Summit in Washington, DC, It's Monday Afternoon
By InfoLawGroup LLP on April 19, 2010
This week, I will be providing short updates from the IAPP Global Privacy Summit in Washington, DC. The conference will be in full swing tomorrow, and I will report on various panels and topics of interest. In the meantime, as I prepare to see old and new friends at the Welcome Reception this evening, a few thoughts on what I expect to see and hear a lot over the next few days.
HB 583, House Bill 583, Mississippi, personal information, pii, risk of harm
Last State Without a Breach Notice Law? Not Mississippi
By InfoLawGroup LLP on April 08, 2010
Yesterday, Mississippi Governor Haley Barbour approved Mississippi's first breach notification law, House Bill 583, leaving only four states without a notification law (Alabama, Kentucky, New Mexico, and South Dakota). Here are the most important basics of the Mississippi law.
Breach, breach notice, HIPAA, HITECH, medical data, notification, Virginia
Virginia Adds Medical Information Breach Notice Law
By InfoLawGroup LLP on April 07, 2010
Alberta, breach notice, British Columbia, Canada, Ontario, Quebec
Security Breach Notices for Canadian Data
By W. Scott Blackmer on March 19, 2010
Notice of significant security breaches involving personal information is recommended under federal Privacy Commissioner guidelines and legally required for custodians of personal health information in Ontario. Albert's new Bill 54, not yet in force, sets a new standard for mandatory notification to the provincial Privacy Commissioner, who can determine whether and how individuals must be notified.
agility, best practices, compliance, IAPP, information governance, IT, Law, legal defensibility, outsourcing, privacy professionals, risk, Security, security breach, technology, whitepaper
Privacy's Trajectory
By InfoLawGroup LLP on March 14, 2010
As many of our readers know, the International Association of Privacy Professionals (IAPP) will celebrate 10 years this Tuesday, March 16. In connection with that anniversary, the IAPP is releasing a whitepaper, "A Call For Agility: The Next-Generation Privacy Professional," tomorrow, March 15. I am honored that the IAPP has given me the opportunity to read and blog about the whitepaper in advance of its official release.
agreements, breach notice, certification, compliance, confidentiality, contracts, incident response, indemnification, information security, insurance, liability, risk management, standards
Information Security Clauses and Certifications - Part 1
By W. Scott Blackmer on January 17, 2010
Service contracts that involve protected personal information should include provisions allocating responsibility for protecting that information and responding to security breaches. Increasingly, this means incorporating specific references to applicable laws and information security standards, and often certifications of conformance.
bills-, Data Breach Notification Act, data brokers, Federal, Personal Data Privacy and Security Act, S- 139, S- 1490, Senate Judiciary Committee
Will 2010 See the Enactment of a Comprehensive Federal Data Security Law?
By InfoLawGroup LLP on November 05, 2009
Today the Senate Judiciary Committee approved two federal data security bills, Senator Leahy's S. 1490, the Personal Data Privacy and Security Act, and Senator Feinstein's S. 139, the Data Breach Notification Act. Of course, there have been dozens of proposed federal breach notification bills over the past several years, from both sides of the aisle. Senator Leahy's office issued this statement earlier today. While we cannot predict the fate of S. 1490 and S. 139, and we will have future occasion to comment on the bills in more detail, Tanya and I wanted to highlight a few notable provisions now.
Binding Corporate Rules, breach notification, EU Data Protection Directive, Gramm-Leach-Bliley, HIPAA, model contracts, privacy, Safe Harbor
Legal Implications of Cloud Computing -- Part Two (Privacy and the Cloud)
By InfoLawGroup LLP on September 30, 2009
Last month we posted some basics on cloud computing designed to provide some context and identify the legal issues. What is the cloud? Why is everyone in the tech community talking about it? Why do we as lawyers even care? Dave provided a few things for our readers to think about -- privacy, security, e-discovery. Now let's dig a little deeper. I am going to start with privacy and cross-border data transfers. Is there privacy in the cloud? What are the privacy laws to keep in mind? What are an organization's compliance obligations? As with so many issues in the privacy space, the answer begins with one key principle -- location, location, location.
Nevada, reasonable, security measures
Nevada's Security of Personal Information Law Post Two: The Breach Notice Requirements
By InfoLawGroup LLP on July 22, 2009
credit cards
FAQ on Nevada's Security of Personal Information Law (NRS 603A)
By InfoLawGroup LLP on July 21, 2009
credit cards
PCI DSS Incident Response: The Legal Perspective
By InfoLawGroup LLP on July 08, 2009
Breach, consumer fraud, information security law
TJX Settles with State Attorneys General for $9.75 Million
By InfoLawGroup LLP on July 03, 2009
information security law, Legislation, negligence
Nevada Law Incorporates PCI and Provides a Liability Safe Harbor
By InfoLawGroup LLP on June 22, 2009
consumer fraud
Hannaford's Motion to Dismiss: Victory for Merchants (Part 2)
By InfoLawGroup LLP on May 28, 2009
Security Assessor Sued in CardSystems Breach: Merrick Bank v. Savvis
By InfoLawGroup LLP on May 27, 2009
Breach, credit cards, Security
Credit Card Theives So Good They Have Too Much Data...
By InfoLawGroup LLP on April 15, 2009
Breach, Security
The New Path to PCI Liability: 3rd Party Beneficiary Theory
By InfoLawGroup LLP on September 30, 2008
Breach
Forever 21 -- Breached and PCI Compliant
By InfoLawGroup LLP on September 18, 2008
Hannaford
More Evidence of Hannaford-like Exploits?
By InfoLawGroup LLP on April 03, 2008
Hannaford, information security law
Article Exploring PCI-related Risks in the Hannaford Breach
By InfoLawGroup LLP on March 21, 2008
