Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: Data Security

Subscribe to Data Security RSS Feed

FTC Highlights Importance of Post-Breach Cooperation with Law Enforcement

Posted in Cybersecurity, Data Breaches, Data Security, Federal Trade Commission

Yesterday, the FTC published a blog post outlining what companies should expect if they find themselves as the subject of an FTC data security investigation.  In addition to highlighting the different phases of the FTC’s investigative process, the FTC’s discussed the types of information that it seeks as well as the questions it wants answered. … Continue Reading

Department of Justice’s Cybersecurity Unit Provides New Guidance and Best Practices for Cyber Incident Response

Posted in Cybersecurity

The Department of Justice (“DoJ”) recently issued new guidance for organizations on what it believes are best practices for managing cyber security incidents. As described further below, the guidance provides a broad overview on recommended steps to take to minimize the risk of an incident, as well as actions to take and avoid in the… Continue Reading

House Committees Approve Information Sharing and Data Breach Notice Bills, Setting Stage for Floor Vote

Posted in Congress, Cybersecurity, Data Breaches, Data Security, United States

Earlier this week, an information-sharing bill and a data breach bill passed through committee votes in the House, setting the stage for potentially significant legislative action on key cybersecurity issues in the near future.  On Tuesday, the House Homeland Security Committee approved the National Cybersecurity Protection Advancement Act by a unanimous voice vote, following a… Continue Reading

Study Shows Increase in Medical Identity Theft

Posted in Data Security

This week, the Medical Identity Fraud Alliance (“MIFA”) released its 2014 Fifth Annual Study on Medical Identity Theft, finding that in the last year, medical identity theft incidents increased by 21.7% from 2013.  The study is annually conducted to determine the pervasiveness of medical identity theft in the United States, how it affects the lives… Continue Reading

President Obama Signs Executive Order to Encourage Information Sharing

Posted in Cybersecurity, United States

By Caleb Skeath During the White House’s inaugural Summit on Cybersecurity and Consumer Protection last Friday, President Obama signed an executive order designed to facilitate increased information sharing between the private sector and the federal government.  The order follows the introduction of the Cyber Threat Sharing Act of 2015 in the Senate, an information-sharing bill… Continue Reading

Senate Hearing Addresses White House Information-Sharing Proposal

Posted in Cybersecurity

By Caleb Skeath Earlier this week, the Senate Committee on Homeland Security and Governmental Affairs held its first hearing of the new Congress, entitled “Protecting America from Cyber Attacks: The Importance of Information Sharing.”  The hearing focused in large part on the White House’s recent information sharing proposal, which would protect private entities from civil… Continue Reading

New York Attorney General Unveils Data Breach Proposal

Posted in Data Breaches, Data Security, Uncategorized

On the heels of a number of well-publicized data security breaches, a White House data breach proposal, and California’s recent changes to its data breach notification statute, New York Attorney General Eric Schneiderman has announced that he will propose legislation to strengthen New York’s data breach notification law.   The legislation had not been made public… Continue Reading

Analysis of President Obama’s Information Sharing Legislation

Posted in Cybersecurity

On Tuesday, President Obama announced his proposal for legislation that would encourage sharing of cyber threat information between the public and private sector by shielding private entities from liability for sharing information on cyber threats. The White House has since released the text of the proposed bill, which includes limitations on liability for private entities… Continue Reading

Department of Energy, Federal Smart Grid Task Force Release Smart Grid Voluntary Code of Conduct to Address Data Privacy Concerns

Posted in Cybersecurity

The Department of Energy and the Federal Smart Grid Task Force released the final version of a Voluntary Code of Conduct (VCC) for smart grid data privacy on Monday, several hours after President Obama heralded the release of the VCC as part of his speech on privacy and cybersecurity at the Federal Trade Commission.  The… Continue Reading

President Obama to Release Cybersecurity Proposal

Posted in Cybersecurity

President Obama plans to continue his focus on privacy and data security today with an announcement of cybersecurity-related proposals. In remarks scheduled for later today at the National Cybersecurity Communications Integration Center (NCCIC), President Obama will announce an updated cybersecurity legislative proposal, which would encourage the private sector to quickly share cyberthreat information with NCCIC. … Continue Reading

President Obama Announces Privacy Proposals Today

Posted in Data Breaches, Data Security

At a speech to the Federal Trade Commission today, President Obama will announce a number of cybersecurity and privacy proposals.  In a statement released this morning, the White House noted that consumer concerns about cybersecurity threats and identity theft “can lead to less interaction with technology, less innovation, and a less productive economy.”

Ten Ways the 2014 Election May Affect Privacy and Data Security Law

Posted in Congress, Cybersecurity, Data Breaches, Data Security, Federal Communications Commission, Federal Trade Commission, United States

When Republicans take over the Senate in January, new leaders will control key committees that oversee privacy and data security issues, and their priorities will differ significantly from those of their predecessors.  Privacy issues, however, generally tend not to break neatly along party lines and there will remain bipartisan support – and bipartisan opposition –… Continue Reading

Cybersecurity Regulators (Renew) Focus on Outside Vendors of Financial Institutions

Posted in Cybersecurity, Data Security, Financial Institutions

By David Fagan and Sumon Dantiki Recently several media outlets reported that the New York State Department of Financial Services (“NYDFS”) sent a letter to many of the nation’s banks, regarding the “level of insight financial institutions have into the sufficiency of cybersecurity controls of their third-party service providers.”  The letter requested financial institutions to… Continue Reading

President Obama Signs Executive Order Aimed at Protecting the Security of Consumer Financial Transactions

Posted in Cybersecurity, Data Security

By Ashden Fein and Randall Friedland On Friday, President Obama signed an Executive Order directed at securing consumer transactions and sensitive data, improving consumer identify theft remediation, and better securing personal information on federally run websites.  Among the security measures, the President ordered all federal government-issued credit cards be equipped, as soon as possible, with… Continue Reading

FDA Releases Final Guidance on Cybersecurity in Medical Devices, Public Workshop to Follow on October 21-22, 2014

Posted in Cybersecurity, Data Security, United States

On October 2, 2014, the Food and Drug Administration (FDA) released a final guidance document titled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices”.  The FDA said that the “need for effective cybersecurity to assure medical device functionality and safety has become more important with the increasing use of wireless, Internet- and… Continue Reading

New Jersey Legislature Considers Additional Protections for Car “Black Box” Data

Posted in Data Security

By Caleb Skeath You’ve added a passcode to your phone, checked your social network privacy settings (twice), and kept close tabs on the cookies in your web browser. But have you ever thought closely about the information your car collects about you? New Jersey legislators are debating two identical bills that would provide additional safeguards… Continue Reading

Department of Justice Clears Cybersecurity Information Sharing Platform

Posted in Cybersecurity

By David Fagan and Sumon Dantiki Last week the Antitrust Division of the Department of Justice (“DOJ”) issued a business review letter in response to a request by CyberPoint International LLC (“CyberPoint”).   At issue in the request was whether a proposed cyber threat information sharing system among possible competitors (“the TruSTAR platform”) raised antitrust concerns. … Continue Reading

California Amends Data Breach Legislation

Posted in Data Breaches, Data Security, State Legislatures

Continuing our coverage of the flurry of bills signed into law by California Governor Jerry Brown last week, we turn now to AB 1710, an amendment to California’s data breach legislation. The data breach amendment makes three notable changes to existing laws regarding personal information privacy: 1.  Requires Companies that Maintain Personal Information to Implement… Continue Reading

Ponemon Institute Releases Second Annual Study on Data Breach Preparedness

Posted in Data Breaches, Data Security

The second annual study on data breach preparedness was released by the Ponemon Institute on September 24, and the study indicates that the number of companies that have had a data breach is on the rise. Ponemon Institute conducts independent research on privacy, data protection, and information security policy.  For the September 2014 study, Is… Continue Reading

ISO’s New Cloud Privacy Standard

Posted in Cloud Computing, Data Security, European Union, International

This summer, the International Standards Organization (ISO) adopted a new voluntary standard governing the processing of personal data in the cloud — ISO 27018.  Although this recent development has gone mostly unnoticed by the technology and media press to date, the new cloud standard provides a useful privacy compliance framework for cloud services providers that… Continue Reading

Client Event: “Data Protection & Privacy Law – 2nd Edition,” September 23, 2014

Posted in Cybersecurity, Data Breaches, Data Security, United States

Covington will be hosting a book launch for the 2014 title ‘Data Protection & Privacy Law 2nd Edition’, edited by Monika Kuschewsky, in partnership with The European Lawyer (Thomson Reuters) on September 23, 2014 in Brussels. The event will comprise a half-day workshop followed by a drinks reception. We are pleased to confirm that the… Continue Reading