Security, Privacy and the Law

Start-up companies know that, when potential investors kick the tires, they will look carefully at the company’s business model and IP portfolio.  These days, investors are also likely to look at whether the company is in compliance with privacy and data security laws.  Cybersecurity has become increasingly important for business of all sizes.  While identity thieves may focus on the target rich environments of large-scale enterprises, any company that stores personal data or sensitive business…
On 21 January 2019, the French Data Protection Authority (the “French DPA”) fined Google LLC 50 million euros for breach of the GDPR. As we reported on this blog, just after GDPR became applicable, noyb.eu (None of Your Business), the non-profit privacy organization set up by Max Schrems, the Austrian lawyer who initiated the action against Facebook that led to the invalidation of the Safe Harbor, and a French organization called “…
Can a fingerprint alone provide “testimony” about a person?  Earlier this month, a federal court in California said yes.  But the court was not engaging in a highly-localized form of palm-reading; rather, the question arose in the ever-evolving field of how to balance law enforcement needs and individual citizens’ privacy interests as new technologies emerge. The United States District Court for the Northern District of California has been a hotspot for privacy-related litigation, but this…
On January 10, 2019, Advocate General Szpunar issued his much awaited opinion in the Google case that was referred to the European Court of Justice by the French “Conseil d’Etat”, the highest administrative court of the country.  The Conseil d’Etat basically asked the European Court of Justice to follow-up on its Google Spain decision: is the right to be forgotten – i.e., the right of individuals to request an operator of a search engine…
Data breaches – always critically important to those with responsibility for storing, transporting and protecting electronic information – have become an all-consuming topic of late. Stories about data theft dominate political headlines, boardroom discussions, and family meetings around the dinner table.  They, of course, have also been the subject of government investigations and private litigation. The current environment is not unlike other moments in our recent past that seemed to have captured the attention of…
On January 10, 2019, Massachusetts Governor Charlie Baker signed a new law that amends its data breach reporting law, and requires credit reporting agencies such as Equifax to provide a free credit freeze to consumers.  The new law, “An Act Relative to Consumer Protection from Security Breaches,” also requires companies to offer up to three years of free credit monitoring to victims of a security breach, and force companies to disclose breaches in…
Editors’ Note:  This is the seventh and last in our third annual series examining important trends in data privacy and cybersecurity during the new year.  Our previous entries were on political advertisingcryptocurrencyemerging threatsstate law trends, comparing the GDPR with COPPA, and energy and security. HIPAA was signed into law on August 21, 1996, over 22 years ago.  As a 22 year-old, HIPAA is no longer a child,…
Editors’ Note:  This is the sixth in our third annual series examining important trends in data privacy and cybersecurity during the new year.  Our previous entries were on cryptocurrencyemerging threatsstate law trends, comparing the GDPR with COPPA, and energy and security.  Up next:  HIPAA. Social media companies’ and search engines’ revenue models are based on creating valuable advertising platforms for marketers.  These platforms allow advertisers to reach a broad and…
Many companies share personal information they gather directly from individuals with “business partners” who use the information for their own direct marketing purposes. It is the case, for example, of companies that provide services on the internet free of charge but gather and sell the data related to their users to business partners. As the Washington Post recently learned, companies with this business model may find it challenging to comply with the European requirements,…
Editors’ Note:  This is the fifth in our third annual series examining important trends in data privacy and cybersecurity during the new year.  Our previous entries were on emerging threatsstate law trends, comparing the GDPR with COPPA, and energy and security.  Up next:  political advertising. In our 2018 SEC year in preview post, we called attention to an expected increase in SEC cybersecurity enforcement action.  The SEC has certainly lived up…