Data Privacy + Security Insider

Leveraging Knowledge to Manage Your Data Risks

Latest from Data Privacy + Security Insider - Page 2

Hotel chain Fillmore Hospitality, LLC is the latest target of a proposed class action complaint filed this week, alleging violation of the Illinois Biometric Information Privacy Act (BIPA). We don’t usually discuss the specific allegations in BIPA cases, but since they continue to populate the litigation landscape, we thought it would be instructive to take a deeper dive so companies are aware of the minefield these cases present and how they really are a roadmap…
Another city, another ransomware attack. Cities and municipalities continue to be targeted with ransomware campaigns. Fortunately, in this case, essential services such as fire, police, Emergency Medical Services and 311 service were still operational despite the attack. According to a tweet by Mayor Bernard Young, Baltimore shut down its servers in response to the ransomware attack, and preliminarily, it does not appear that any “personal data has left the system.” City hall personnel were instructed…
We continue to see clients hit with notifications from vendors about security incidents caused by either the vendor or the vendor’s downstream supply chain. Often, the client didn’t even know that its vendor was outsourcing part or all of the work to another vendor. When a security incident occurs down the line, the entity that experienced the security incident or data breach usually has contractual obligations to tell its customer, and its customer then has…
Last month, a University of Maryland unmanned aerial system (UAS or drone) delivered a donor kidney to surgeons at the University of Maryland Medical Center (UMMC) in Baltimore for an ultimately successful transplant to a patient with kidney failure. The drone flew 2.6 miles in approximately 10 minutes. This University of Maryland project is important to determine whether this process of delivery works; if it is a proven system of delivery, unmanned organ transport can…
In the Federal Aviation Administration’s (FAA) latest aerospace forecast, it noted the “phenomenal growth” of the small unmanned aerial system (UAS or drone) industry. The FAA reported that at the end of 2018 there were 277,000 UAS registered with the FAA. In the FAA’s 2017 report and predictions, that number was expected to be only 158,900. The FAA further said in its report that the UAS sector “will be much larger than what [the FAA…
As someone who has been married a long time (longer than the Internet has existed), I never experienced the online dating scene.  Everyone has their own opinion on the topic, and without getting into the merits of online dating, there is risk for children, which is the subject of this privacy tip. The Federal Trade Commission (FTC) issued a warning this week called Parental Advisory: Dating Apps. The advisory warns parents that there are dating…
The Office of Civil Rights (OCR), the enforcement arm of the Department of Health & Human Services (HHS), announced that a Tennessee diagnostic medical imaging services company has agreed to pay $3 million to settle potential HIPAA violations arising from a data breach that exposed over 300,000 patients’ protected health information. As part of the settlement, the company—Touchstone Medical Imaging (Touchstone)—must also adopt a corrective action plan to address problems uncovered during OCR’s investigation. In…
According to a recent survey of cybersecurity professionals by AT&T Cybersecurity entitled “Confidence: the perception and reality of cybersecurity threats,” phishing and cloud security threats are keeping them up at night. The survey polled 733 cybersecurity professionals attending the RSA conference and asked the respondents about what they perceive to be the biggest internal and external threats to security. When it came to internal threats, almost one-third of the respondents listed phishing attacks as the…
I continuously confront vendors who say I am “the only” lawyer who objects to limitation of liability provisions that attempt to limit the liability of a security incident to the amount of the contract. That is very hard for me to believe. The value of the contract has no relevance to the actual damages and losses that are sustained in the event of a data breach. Companies are attempting to limit liability and argue that…
We recently posted about the status of delivery by drone. Now, the Federal Aviation Administration (FAA) has awarded the first air carrier certification to a drone delivery company, Wing Aviation. Wing Aviation will begin commercial package delivery in Blacksburg, Virginia. U.S. Secretary of Transportation, Elaine L. Chao, said, “This is an important step forward for the safe testing and integration of drones into our economy. Safety continues to be our number one priority as…