Tag Archives: Security

IoT Update: The UK publishes a final version of its Code of Practice for Consumer IoT Security

By Grace Kim and Siobhan Kahmann Following an informal consultation earlier this year – as covered by our previous IoT Update here – the UK’s Department for Digital, Culture, Media and Sport (“DCMS”) published the final version of its Code of Practice for Consumer IoT Security (“Code”) on October 14, 2018. This was developed by … Continue Reading

ICO Publishes New Guidance On Encryption

On March 3, 2016, the UK’s Information Commissioner’s Office (“ICO”) released new guidance on encryption.  The guidance aims to provide advice to organizations on protecting personal data (such as customer and employee data) through the use of encryption.  There is no legally-binding requirement under UK data protection law to encrypt data, either when static or … Continue Reading

Start With Security: Key Takeaways from the FTC’s Data Security Conference

By Lindsey Tonsager and Megan Rodgers The FTC held its “Start with Security” conference in San Francisco, California, last week, launching an initiative to provide companies with practical resources for implementing effective data security strategies. The event was targeted at tech start-ups and small- and medium-sized businesses, but the panelists included representatives from companies with … Continue Reading

What You Need to Know About Germany’s Cybersecurity Law

Whilst the discussions on the proposed Network and Information Security (NIS) Directive at European level are still ongoing (see Update on the Cybersecurity Directive − over to Luxembourg?, InsidePrivacy, June 12, 2015), less has been said about Germany new national Act to Increase the Security of Information Technology Systems (the “IT Security Law”).  The IT Security Law … Continue Reading

Texas Data Breach Amendment Takes Effect; Connecticut On Deck

This week, the much talked-about amendments to Texas’s breach notice statute took effect.  We previously blogged about these amendments, which are unprecedented in scope.  With the amendments, the Texas statute now requires entities doing business in Texas to notify “any individual” whose “sensitive personal information” is acquired in a breach (unless the information is encrypted).  … Continue Reading

UK Government prepares new legislative proposal to modernise communications data monitoring law

On 1 April, 2012, the UK press reported that the UK Home Office is preparing to propose new legislative reform of the communications data monitoring law, in the Queen’s Speech in May.  The press reports, and the response from the Home Office on 3 April 2012, provided some further details on a programme that was … Continue Reading

Upromise Settles FTC Privacy Charges

Yesterday, the FTC announced that it has settled charges against Upromise, Inc., a company that enables consumers to receive rebates when shopping at partner merchants.  (The rebates are placed in college savings accounts—hence Upromise’s name.)  According to the Commission’s complaint, Upromise offered online users a toolbar feature, which, when downloaded, would highlight Upromise’s partners in … Continue Reading

Planned Virtualized ATMs Highlight Potential Security Benefits of Cloud

Companies considering moving to the cloud sometimes are cautioned that heightened data security risks pose a potential drawback to cloud computing.  And it is certainly correct that before making a decision about whether and how to adopt cloud-based computing, companies should carefully consider the security practices of potential cloud service providers or build security into … Continue Reading

Cloud Outages Highlight Contractual Risk

By Christine Enemark To some customers of computing storage, processing and online services, the “cloud” seems no different from the traditional information technology services they have used for years.  Amazon’s cloud computing outage last week, and the associated downtime and data loss suffered by a number of Internet web sites, highlights how public cloud computing … Continue Reading

SEC Imposes Fines under Regulation S-P for the First Time

On April 7, 2011, the Securities and Exchange Commission announced a total of $55,000 in fines against three former executives of a securities broker-dealer for violations of the privacy and safeguard rules in Regulation S-P.  The fines mark the first time the SEC has imposed administrative fines for violations of these rules.  Copies of the … Continue Reading

Animation Explains National Strategy for Trusted Identities in Cyberspace

A few months ago, the Obama Administration introduced its National Strategy for Trusted Identities in Cyberspace (NSTIC), an ambitious proposal to implement public-private partnerships to implement a new mechanism for identity verification and information sharing online.  The plan has been controversial.  Although there have been many legitimate criticisms of the proposal, other objections, such as … Continue Reading

Administration Announces Office to Build “Identity Ecosystem”

The White House is establishing a new office to work with industry to develop an online “identity ecosystem” in which consumers and businesses can transact securely and privately without the need for passwords.  U.S. Commerce Secretary Gary Locke and White House Cybersecurity Coordinator Howard Schmidt recently announced plans to create the new “National Program Office,” … Continue Reading
LexBlog