Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: Data Security

Subscribe to Data Security RSS Feed

Florida Enacts Stringent Breach Notice Law

Posted in Data Breaches, Data Security, State Legislatures, United States

Last Friday, Florida’s governor signed into law the Florida Information Protection Act of 2014 (“FIPA”), a bill repealing Florida’s existing data security breach notice law and replacing it with what will be one of the nation’s most stringent breach notice laws.  This post summarizes the key aspects of the new law, which becomes effective July… Continue Reading

Senate Subcommittee Examines Online Advertising and Security

Posted in Congress, Cybersecurity, Data Security, United States

Yesterday, the U.S. Senate Permanent Subcommittee on Investigations held a hearing on “Online Advertising and Hidden Hazards to Consumer Security and Data Privacy.”  The hearing was based on a year-long investigation into a broader set of issues related to consumer privacy and security on the Internet, which narrowed over time to focus specifically on the… Continue Reading

When are Public Companies Required to Disclose that They Have Experienced a Material Data Security Breach?

Posted in Cybersecurity, Data Breaches, Data Security, United States

Recent discoveries of data security breaches have raised a perennial question for public companies:  are public companies required by law or practice to provide material updates to their investors when bad things happen?  The answer can be quite surprising.  Disclosure at the Time of the Event As a threshold matter, federal securities law does not… Continue Reading

Snapchat Settles FTC Charges

Posted in Advertising & Marketing, Data Security, Federal Trade Commission, Mobile, Social Media

On Thursday, mobile messaging application Snapchat agreed to settle Federal Trade Commission (“FTC”) charges that it made false or misleading representations about the ephemeral nature of its messages, the collection of user information, and the nature of its security practices. The FTC Complaint alleges six counts, many of which demonstrate the Commission’s aggressive enforcement of… Continue Reading

Data Breaches on the Rise in 2014

Posted in Cybersecurity, Data Breaches, Data Security, International, United States

More than 200 million records were lost in digital breaches during the first three months of 2014, according to a new report that parses publicly available information on data breaches.   The records were lost in connection with at least 254 publicized breaches, according to SafeNet, a data security company that published the report. Those numbers… Continue Reading

European Regulators Set Out Data Anonymization Standards

Posted in Data Security, European Union

By Kristof van Quathem and Dan Cooper On April 10, 2014, the Article 29 Working Party adopted an Opinion on anonymization techniques.  The Working Party accepts that anonymization techniques can help individuals and society reap the benefits of “open data” initiatives – initiatives intended to make various types of data more freely available – while… Continue Reading

Ten Things You Should Know About the SEC’s New Cybersecurity Examinations

Posted in Cybersecurity, Data Breaches, Data Security, Financial Institutions, Financial Privacy

Last week, the Securities and Exchange Commission announced that it will conduct more than 50 cybersecurity examinations to identify risks and ensure that broker-dealers and investment advisers are adequately protecting customer information.  Below are some key takeaways from the Risk Alert that the SEC’s Office of Compliance Inspections and Examinations released with its announcement:

DHS Announces Reconsideration Process for “Critical Infrastructure at Greatest Risk”

Posted in Cybersecurity, United States

Executive Order 13,636 on Improving Critical Infrastructure Cybersecurity directed the Secretary of Homeland Security to identify “critical infrastructure at greatest risk” within 150 days after issuance of the Order on February 12, 2013.  Section 9 of the Order specified that the Secretary, in consultation with sector-specific agencies, should “use a risk-based approach to identify critical… Continue Reading

Kentucky Enacts Data Breach Notification Law

Posted in Data Breaches, Data Security, United States

Last week, Kentucky governor Steve Beshear signed H.B. 232 into law, making Kentucky the 47th state to enact data breach notification legislation.  The law requires companies that suffer a data breach to provide notice of the breach to Kentucky residents “whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.”… Continue Reading

Breaking Down the Court’s Decision in FTC v. Wyndham Worldwide Corp.

Posted in Cybersecurity, Data Security, Federal Trade Commission, Litigation, United States

Last week, a federal judge in the District of New Jersey denied Wyndham Hotels and Resorts’ motion to dismiss the FTC’s complaint alleging Wyndham violated the FTC Act by failing to provide reasonable security for its customers’ personal information.  This Covington E-Alert provides a detailed look at the parties’ arguments and the court’s holdings in… Continue Reading

DOJ and FTC Issue Antitrust Policy Statement on Sharing of Cybersecurity Information

Posted in Cybersecurity, United States

On April 10, 2014, the U.S. Department of Justice (“DOJ”) and the Federal Trade Commission (“FTC”) issued a joint “Antitrust Policy Statement on Sharing of Cybersecurity Information.” Information sharing between the government and the private sector and among private sector entities has been a major consideration in ongoing legislative and executive branch efforts to address… Continue Reading

Iowa Amends Breach Notice Law to Require Notice to State AG

Posted in Data Breaches, Data Security, United States

Iowa’s governor recently signed into law S.F. 2259, which amends Iowa’s data breach notification law.  Under the amendment, entities that suffer breaches of personal information that are required to notify more than 500 state residents will also be required to notify the state’s attorney general.  The notice to the attorney general must be provided within… Continue Reading

Judge Denies Wyndham’s Motion to Dismiss, Allowing FTC’s Case to Proceed

Posted in Data Security, Federal Trade Commission, Litigation, United States

Earlier today, in a long-awaited decision, Judge Salas of the District of New Jersey denied Wyndham Hotels and Resorts’ motion to dismiss a Federal Trade Commission (“FTC”) lawsuit alleging Wyndham violated Section 5 of the FTC Act by failing to provide “reasonable” security for the personal information of its customers.  The case has been closely watched… Continue Reading

EU Article 29 Working Party Publishes Guidance on Data Breach Notification

Posted in Data Breaches, Data Security

By Philippe Bradley and Ezra Steinhardt Last week, the Article 29 Data Protection Working Party published a non-binding Opinion on data breach notifications, titled Opinion 03/2014 on Personal Data Breach Notification (the Opinion).  The Opinion provides helpful new guidance to companies seeking to understand whether or not notifications about a breach must be made to… Continue Reading

GSA Seeks Comments on Implementation of GSA/DOD Cybersecurity Joint Report Recommendations

Posted in Cybersecurity

By Susan B. Cassidy On March 12, 2014, General Services Administration (“GSA”) issued a Request for Information (“RFI”) to obtain stakeholder input on implementing the recommendations contained in the joint GSA and Department of Defense (“DOD”) report, Improving Cybersecurity and Resilience through Acquisition (“Joint Report”), issued on January 23, 2014. The Joint Report and, in… Continue Reading

Senate Commerce Committee Discusses Data Breaches

Posted in Congress, Cybersecurity, Data Breaches, Data Security, Federal Trade Commission, United States

On Wednesday, the Senate Commerce Committee held a hearing on “Protecting Personal Consumer Information from Cyber Attacks and Data Breaches.”  With recent high-profile breaches, and White House officials just this week telling industry executives that federal authorities notified more than 3,000 companies of cyber attacks last year, data security continues to attract the attention of… Continue Reading

Senate Commerce Committee To Examine Data Breaches and Cyber Attacks

Posted in Cybersecurity, Uncategorized

Continuing a spate of recent legislative activity, the Senate Commerce Committee is bringing the hot topic of data breach back to the Hill.  This Wednesday, the Commerce Committee will hold a hearing entitled, “Protecting Personal Consumer Information from Cyber Attacks and Data Breaches.”  According to the Committee, recent data breaches at Target, Neiman Marcus, White… Continue Reading

European Parliament Votes to Ensure that the Proposed Network and Information Security Directive Focuses on Protecting Critical Infrastructure

Posted in Cybersecurity, European Union, International

It has been an eventful week in the European Parliament in relation to data privacy and security matters.  Having already voted in favor of the General Data Protection Regulation (“GDPR”) and endorsed a controversial report into allegations of mass surveillance, the European Parliament voted yesterday on the proposed Network and Information Security (“NIS”) Directive.  In… Continue Reading

Covington to Discuss Cyber Warfare at #SXSW 2014

Posted in Cybersecurity, International, Uncategorized

Kristen Eichensehr, a member of Covington’s Global Privacy and Data Security Practice Group, will be speaking at a panel entitled “Intangible Weapons, Invisible Enemies” at the South By Southwest (“SXSW”) Interactive conference this Sunday, March 9.  Joined by University of Texas Law School Professor Derek Jinks, Kristen will discuss the nature of cyber warfare, if… Continue Reading

A Conversation with State and Federal Privacy Regulators Turns to State Data Breach Enforcement

Posted in Data Breaches, Data Security, Federal Trade Commission, State Legislatures

On Monday, the International Association of Privacy Professionals (IAPP) hosted a discussion that featured state and federal privacy regulators.  The panel included Maneesha Mithal, Associate Director for the Division of Privacy and Identity Theft at the Federal Trade Commission; Marty Jackley, Attorney General of South Dakota; and Bill Sorrell, Attorney General of Vermont.  The panel… Continue Reading

Comparison of Five Data-Breach Bills Currently Pending in the Senate

Posted in Congress, Data Breaches, Data Security, Federal Trade Commission, Financial Institutions, United States

Data security continues to be a hot issue on Capitol Hill, and just yesterday Attorney General Eric Holder urged Congress to create a “strong, national standard” for quickly reporting data breaches to consumers.  Democratic and Republican senators have been busy drafting legislation that would establish national requirements for data security and breach notice.  The following… Continue Reading

Data Broker Accountability and Transparency Act Introduced By Senate Democrats

Posted in Congress, Data Security, Federal Trade Commission

Last Wednesday, Senators John D. Rockefeller IV (D-WV) and Ed Markey (D-MA) introduced the Data Broker Accountability and Transparency Act, which primarily would require greater transparency from data brokers about consumer information they collect and sell.  At a Senate Commerce Committee hearing held on the data broker industry in December, Rockefeller expressed concern that data… Continue Reading

Senate Democrats Introduce Data Security and Breach Notification Act of 2014

Posted in Congress, Data Security, Uncategorized

In the wake of the high profile retailer data breaches involving Target and Neiman Marcus, among others, Capitol Hill is re-engaging on data security breach legislation.  Among other activity in Congress, Senators John D. Rockefeller IV (D-West Virginia), Dianne Feinstein (D-California), Bill Nelson (D-Florida), and Mark Pryor (D-Arkansas) recently introduced the Data Security and Breach… Continue Reading

Senate Bill Would Create ‘Stringent’ Penalties to Deter Data Breaches

Posted in Congress, Data Breaches, Data Security, United States

By Meena Harris Data collection and security was a big topic on the Hill last week, where five congressional committees examined the issue over several days.  On the topic of data breaches specifically, the Senate Judiciary Committee held a hearing on “Privacy in the Digital Age: Preventing Data Breaches and Combating Cybercrime” and the House… Continue Reading