Privacy & Data Security

NIST Releases Updated Version of Its Cybersecurity Framework On April 17th, the National Institute of Standards and Technology (“NIST”), a component of the U.S. Commerce Department, released Version 1.1 of the Framework for Improving Critical Infrastructure Cybersecurity (“Cybersecurity Framework Version 1.1”), which incorporates feedback from NIST-led workshops, public comments, and questions received by NIST team members over the last two years. View Full Post
Oil States Energy Services, LLC v. Greene’s Energy Group, LLC, et al.:  The Magic Happens Around the Word “Franchise” In Oil States Energy Services, LLC v. Greene’s Energy Group, LLC, et al  the Supreme Court found that inter partes review is constitutional under Article III and the Seventh Amendment of the Constitution in a 7-2 opinion delivered by Justice Thomas. View Full Post
Continuing our series, we look today at what a company should think about when collecting biometric data. Three U.S. states—Illinois, Texas, and Washington—have laws on-point. The Illinois statute is the most specific requiring written notice disclosing the purpose of collection and the length of time biometric information will be stored. View Full Post
On April 11, 2018, the Seventh Circuit reversed a district court’s dismissal, for failure to state a claim, of plaintiffs’ proposed class action arising out of a 2012 data breach affecting Barnes & Noble.[1]  In so holding, the court reaffirmed its view that allegations of data theft with a substantial risk of future harm are sufficient to assert an “injury” under Article III, even in the absence of allegations that the risk actually materialized. View Full Post
Technologies which use permanent physical characteristics for identification are increasingly popular. These “biometric” identifiers offer clear advantages over traditional passwords and keys: they can’t be lost or forgotten, and they are much more difficult to steal. No longer only the stuff of spy thrillers and science fiction, fingerprint and facial geometry scans are now commonly used to ensure that only authorized employees can access restricted facilities and computers. View Full Post
A company’s ability to quickly and effectively conduct a forensic investigation is often critical to limiting the impacts of a data security incident, determining the scope of the incident and developing an effective communications plan. In BakerHostetler’s 2018 Data Security Incident Response Report, we analyzed over 560 data security incidents that we worked on in 2017. View Full Post
In a recent letter to leaders of the House Financial Services Committee, 31 state attorneys general urged Congress not to move forward with the Data Acquisition and Technology Accountability and Security Act, a federal breach notification bill, which aims to create a uniform set of reporting requirements for businesses nationwide.  View Full Post