Security, Privacy and the Law

Legal Perspectives on the Expanding Universe of Information Security & Privacy Issues.

Latest from Security, Privacy and the Law

WATCH NOW: Data Breach Response: Discovery and Investigation

September 24, 2020

What are best practices for handling a data security incident? Every phase of a data security incident requires thoughtful and measured action – from discovery, to investigation, to post-investigation compliance. Even planning for an incident before it happens is important to lay the groundwork for the most effective response. Foley Hoag partners Chris Hart and Veronica Jennings talk through best practices in responding to, investigating, and complying with your legal obligations arising out of a…

Security, Privacy and the Law

Massachusetts AG Creates “Data Privacy and Security Division”; What Enforcement Changes Will Follow?

By Colin Zick

August 16, 2020

Massachusetts Attorney General Maura Healey recently announced the creation of the Data Privacy and Security Division within her office, with the stated goal of “protect[ing] consumers from the surge of threats to the privacy and security of their data in an ever-changing digital economy.” The leadership of the Office of the Attorney General’s (OAG’s) privacy and security efforts will not change: Sara Cable, who has served as the Director of Data Privacy and Security…

Security, Privacy and the Law

Privacy Shield: We’ve Lost the EU but We’ve Still Got Switzerland!

By Colin Zick

August 3, 2020

In the wake of the Schrems II decision invalidating the the EU-US Privacy Shield, the US Department of Commerce has decided it should make lemonade out of the Schrems lemons. The Department recently issued a set of FAQs, which go on at length about how the Swiss-US Privacy Shield is still in place and the steps that businesses can take to participate: The Swiss-U.S. Privacy Shield Framework remains a valid mechanism to comply with…

Security, Privacy and the Law

A “Time of Heightened Tensions”: Homeland Security and National Security Agency Issue Joint Cybersecurity Alert

By Carol Holahan

July 29, 2020

On July 23, 2020, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), joined by the National Security Agency (NSA), issued a cybersecurity alert to operators of critical infrastructure. This cybersecurity alert outlines a series of “immediate actions” companies should take to reduce the risk of operational interference resulting from cyberattack. Unlike the bulletin issued by the Department of Homeland Security in January of 2020, which warned of potential attacks by Iran in…

Security, Privacy and the Law

FERC NOI Considers Expansion of Cybersecurity Rules to Distributed Generation

By Foley Hoag

July 24, 2020

https-www-energycleantechcounsel-com-wp-content-uploads-sites-3-2020-07-ferc-jpg

On Wednesday, June 24, 2020, the Federal Energy Regulatory Commission (FERC or “the Commission”) published a Notice of Inquiry (NOI) in the Federal Register soliciting comments on potential enhancements to the Critical Infrastructure Protection (CIP) Reliability Standards [1] that currently exist to help our energy infrastructure protect itself from attack. (Initial Comments are due by August 24, 2020, and Reply Comments are due by September 22, 2020.). While this NOI speaks mostly of cybersecurity protection…

Security, Privacy and the Law

Privacy Shield No Longer Viable Basis for EU-US Data Transfers

By Stephen Stich

July 16, 2020

On July 16, 2020, the European Court of Justice issued one of its most important decisions on data privacy law (Schrems II), holding that the EU-US Privacy Shield is no longer a viable mechanism for EU-US data transfers under the European General Data Protection Regulation (GDPR). Entities that relied on the Privacy Shield will immediately need to find another basis for their EU-US personal data transfers. Background Under the GDPR, international transfers of European Union…

Security, Privacy and the Law

A Game of ‘Cat and Mouse’: Hacking Attacks on Hospitals for Patient Data Increase During Coronavirus Pandemic

By Foley Hoag

July 13, 2020

Colin Zick, co-chair of Foley Hoag’s Healthcare and Privacy and Data Security Practice Groups, was recently quoted in USA Today about cyberattacks against health care providers. This is a particularly timely issue in the time of COVID-19. Click here to read the full article.…

Security, Privacy and the Law

Watch Now: Maintaining Privacy and Data Security in the Remote Workplace

By Foley Hoag

June 24, 2020

The coronavirus pandemic has required a rapid and dramatic shift to remote work, raising important implications for workplace privacy and information security. Some of these concerns are new; others are the same concerns that employers have always held, now amplified by the increasingly blurred lines between work and home. All of these concerns will remain as the workplace travels from the office to the home and, in the near future, back again. Some are compliance-related:…

Security, Privacy and the Law

Watch Now: CCPA Enactment: What Stays the Same and New Privacy Concerns After COVID-19

By Foley Hoag

May 12, 2020

Chris Hart and Colin Zick, both Partners at Foley Hoag and Co-Chairs of the Privacy and Data Security Practice joined Mass Technology Leadership Council for their regular update on CCPA and other global and state privacy regulations. This program, which was planned prior to the COVID-19 outbreak in the US, did provide an update on what California is currently enforcing and who is leading the charge. CCPA came into effect on January 1, 2020…

Security, Privacy and the Law

Privacy v. Speech? Supreme Court to Weigh in on TCPA Restrictions on Automated Calls

By Jeremy Meisinger

May 6, 2020

The Supreme Court on May 6, 2020 heard oral argument on a widely-watched First Amendment case that may have broad ramifications for the Telephone Consumer Protection Act and, potentially, government restrictions on telecommunications more broadly. Originally passed in 1991, the Telephone Consumer Protection Act is enforced by the Federal Communications Commission and contains various restrictions on telemarketing, including the use of auto-dialers (sometimes called “robocallers”). The FCC has strengthened the law’s restrictions over time and…

Security, Privacy and the Law

Blog Authors

WATCH NOW: Data Breach Response: Discovery and Investigation

Massachusetts AG Creates “Data Privacy and Security Division”; What Enforcement Changes Will Follow?

Privacy Shield: We’ve Lost the EU but We’ve Still Got Switzerland!

A “Time of Heightened Tensions”: Homeland Security and National Security Agency Issue Joint Cybersecurity Alert

FERC NOI Considers Expansion of Cybersecurity Rules to Distributed Generation

Privacy Shield No Longer Viable Basis for EU-US Data Transfers

A Game of ‘Cat and Mouse’: Hacking Attacks on Hospitals for Patient Data Increase During Coronavirus Pandemic

Watch Now: Maintaining Privacy and Data Security in the Remote Workplace

Watch Now: CCPA Enactment: What Stays the Same and New Privacy Concerns After COVID-19

Privacy v. Speech? Supreme Court to Weigh in on TCPA Restrictions on Automated Calls

Stay Connected

Company

Products

Support

New to the Network