Eye On Privacy

Timely Updates and Analysis on Privacy and Cybersecurity Issues

Subscribe
Visit Blog
By: Sheppard, Mullin, Richter & Hampton LLP

Blog Authors

Aaron George
Anna McLean
Andrea Ramos*
Alyssa Shauer
Amber Thomson
Brian Anderson
Craig Cardon
Christine Couvillon
Curtis Dombek
Christopher Bosch
Carrie Ross
David Cannon
David Myers
David Poell
Drew Svor
Dave Thomas
Elizabeth Balfour
Elizabeth Barcohana
Fatema Merchant
Greg Berk
Genevieve Perez
James Chadwick
John Chierichella
James Gatto
Jeff Kern
Jonathan E. Meyer
Jay Ramsey
Kristi Kung
Kayla Page
Kari Rollins
Lindsay Colvin Stone
Liisa Thomas
Liên Payne
Lai Yip
Mercedes Cook
Megan Grant
Melinda Biancuzzo
Matthew Shatzkes
Matthew Turetzky
Pavel Sternberg
Paul Werner
Robert Friedman
Rachel Tarko Hudson
Raymond Marshall
Reid Whitten
Sarah Aberg
Sheppard Mullin
Snehal Desai
Shanna Pearce
Shannon Petersen
Townsend Bourne
Ted Max
Yaniss Aiche

Latest from Eye On Privacy

The UK Information Commissioner’s Office recently released helpful encryption guidance. Although released to address the GDPR security requirements, this document may be helpful more broadly because of the detail around encryption the ICO provides. In the guidance, the ICO points to certain types of encryption (symmetric and asymmetric) and when to use the different methods. The ICO also clarifies that “hashing” is not encryption, two things that are often confused. The ICO also gives information…
The Food & Drug Administration has recently released for comment a draft expansion of guidance regarding Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. Although the FDA issued existing guidance in 2014, the new guidance reflects concerns about the rapidly-changing nature of cybersecurity threats, and the potentially grave consequences of cybersecurity incidents involving healthcare and medical devices—particularly medical devices which connect to the internet, networks, or other devices. The draft guidance gives…
On Election Day 2018, in the State that boasts the official motto of “Live Free or Die,” over 80% of New Hampshire voters overwhelmingly approved an amendment to the State Constitution enshrining an explicit “right to privacy” to New Hampshire residents. Question 2 on New Hampshire ballots asked voters to approve (or reject) the following language to the New Hampshire Constitution: An individual’s right to live free from governmental intrusion in private or personal information…
Companies doing business in China may see an increase in enforcement actions with the enactment of a new cybersecurity regulation and the enforcement powers of the Public Security Bureaus (PSBs) officially codified. The regulation – Provisions on Internet Security Supervision and Inspection by Public Security Organs – is now in effect, more than a year after the enactment of the country’s Cybersecurity Law.…
In the recent case of Marks v. Crunch San Diego, LLC, 904 F.3d 1041 (9th Cir. 2018) the Ninth Circuit broadly interpreted the TCPA’s definition of automatic telephone dialing system (often referred to as ATDS) to include devices with the capacity to dial stored numbers automatically. The device at issue in Marks is called the “Textmunication” system, which the Court described as “a web-based marketing platform designed to send promotional text messages to a list…
UK supermarket chain Morrisons has been held vicariously liable for the acts of a malicious employee in the UK’s first data leak class action. The issue began in 2014, when a disgruntled Morrison’s internal IT auditor posted to a public file-sharing website the payroll data of nearly 100,000 employees (including names, addresses, dates of birth, national insurance numbers and bank details). The employee was found criminally liable in 2015 and jailed for eight years. A…
The Federal Trade Commission recently issued a cyber guide that, while intended for small businesses, can be of help for all businesses. The purpose of the guide, which includes various modules, is to help smaller businesses address data security threats. These modules follow guidance the FTC issued in April, stressing the importance of cyber security preparedness and the help the FTC intended to give to small businesses on that front.…
ohio welcome
Effective November 2, 2018, companies that suffer a breach may have certain defenses in Ohio if they have a written cybersecurity program in place. Under this new law, companies can use as an affirmative defense the existence of a cyber program in rebuttal to an argument that they failed to implement reasonable information security controls, and that failure resulted in a breach. The definition of breach (and personal information that if impacted gives rise…
The New Jersey attorney general recently announced its settlement with software company LightYear Dealer Technologies, LLC- doing business as DealerBuilt- over a 2016 data breach. The company provides its clients, car dealerships, software to organize and manage both customer and employee information. That information includes drivers’ license numbers, Social Security numbers, and financial account information. According to the AG’s order, the company misconfigured a file synchronizing program. As a result, sensitive information was available…