Tag Archives: data breaches

Deputy Attorney General Rod Rosenstein Warns Against Warrant-Proof Encryption

In a speech delivered at the United States Naval Academy on October 10, Deputy Attorney General Rod Rosenstein waded into the public debate between data privacy and law enforcement interests.  As part of a discussion moderated by former Covington cybersecurity attorney Jeff Kosseff, Rosenstein’s remarks discussed cyber issues facing law enforcement with a particular focus … Continue Reading

D.C. Circuit: Data Breach Plaintiffs Plausibly Allege ‘Substantial Risk’ of
ID Theft Sufficient to Support Standing

Customers’ allegations that they face a substantial risk of identity theft as a result of a 2014 data breach are sufficiently plausible to allow their suit against health insurer CareFirst to proceed, the U.S. Court of Appeals for the D.C. Circuit held in an August 1 decision. CareFirst discovered in April 2015 — and announced … Continue Reading

FTC Announces “Stick With Security” Initiative

The FTC announced today a new “Stick With Security” Initiative, building on its prior “Start With Security” guide as “part of its ongoing efforts to help businesses ensure that they are taking reasonable steps to protect and secure consumer data.”  Stick With Security constitutes a series of blog posts published each Friday using “hypothetical examples … Continue Reading

Advocacy Groups Urge FCC to End Data Retention Mandate

On April 24th, the Electronic Privacy Information Center (“EPIC”) and a coalition of 37 other civil society groups sent a letter urging the Federal Communications Commission (“FCC”) to act on an August 2015 petition to repeal the FCC’s data retention mandate under 47 C.F.R. §42.6 (“Retention of Telephone Toll Records”). The mandate requires communications carriers … Continue Reading

Irish Data Protection Commissioner Releases 2016 Annual Report

By Denitsa Marinova On April 11, 2017, the Data Protection Commissioner of Ireland (DPC) published her annual report for 2016, highlighting key developments and activities for the past year and outlining priorities for 2017 and beyond.  The report will be of interest to Irish entities and multinational organizations with a base in Ireland, including companies … Continue Reading

NY Data Breaches Reached Record Levels in 2016

New York Attorney General Eric T. Schneiderman announced this week that there were a record number of data breach notices in New York in 2016, with nearly 1,300 reported data breaches exposing the personal records of 1.6 million New Yorkers.  These numbers represented a 60 percent year-over-year increase in the number of data breaches reported, … Continue Reading

Morgan Stanley to Pay $1 Million Penalty in SEC Cybersecurity Settlement

By Ciarra Chavarria and Keir Gumbs On June 8, 2016, the Securities and Exchange Commission announced that Morgan Stanley Smith Barney LLC (“Morgan Stanley”) had agreed to pay $1 million as a penalty for charges relating to its “failures to protect customer information.” Morgan Stanley’s settlement with the SEC came several months after a federal … Continue Reading

ICO Fines Insurance Company £175k for Data Security Breach, Criticising Lack of Policies

By Mark Young and Tom Jackson On February 20, 2015, the Information Commissioner’s Office (“ICO”) fined Staysure.co.uk Ltd (“Staysure”), an online travel insurer, £175,000 for failing to protect its customers’ personal data.  In addition to technical vulnerabilities, the ICO took into account Staysure’s lack of security policies and practices when levying the fine. In short, … Continue Reading

Updating Ofcom’s Guidance on Network Security – New Consultation

In light of growing concerns over cybersecurity and evolving technology and operational practices, Ofcom (the independent regulator and competition authority for the UK communications industries) is seeking views on whether its existing guidance on network security should be revised.  Interested parties have until 21 February 2014 to respond.   Depending on the responses received, Ofcom intends … Continue Reading
LexBlog