Washington’s New Biometric Privacy Law: What Businesses Need to Know

By | Privacy & Security Law Blog | July 24, 2017
With the rise in hackings and data breaches, companies and government agencies are looking for ways to protect their data that offer more security than passwords. Because passwords are easily lost, stolen, guessed, and cracked by hackers, companies are shifting to the use of biological characteristics that uniquely identify you, called biometric iden… Continue Reading View Full Post
Tweet Like LinkedIn LinkedIn Google Plus

New Jersey Shopper Privacy Bill Signed into Law

On July 21, 2017, New Jersey Governor Chris Christie signed a bill that places new restrictions on the collection and use of personal information by retail establishments for certain purposes. The statute, which is called the Personal Information and Privacy Protection Act, permits retail establishments in New Jersey to scan a person’s driver’s license or other state-issued identification card only for the following eight purposes: to verify the authenticity of the identification card or to verify the identity of the person if the person pays for goods or services with a method other than cash, returns an item or requests a refund or an exchange; to verify the person’s age when providing age-restricted goods or services to the person; to prevent fraud or other criminal activity if the person returns an item or requests a refund or an exchange and the business uses a fraud prevention service company or system; to prevent fraud or other criminal activity related to a credit transaction to open or manage a credit account; to establish or maintain a contractual relationship; to record, retain or transmit information as required by state or federal law; to transmit information to a consumer reporting agency, financial institution or debt collector to be used as permitted by the Fair Credit Reporting Act or certain other relevant federal laws; or to record, retain or transmit information by a covered entity pursuant to the Health Insurance Portability and Accountability Act of 1996. View Full Post
Tweet Like LinkedIn LinkedIn Google Plus

An Ounce of Data Breach Prevention…Address Attorney-Client Privilege in Your Breach Planning

Data breach “horror” stories have become a new staple in today’s business environment. The frequency of attacks which threaten (or compromise) the security of business networks and information systems continually increases — in the health care space alone (which holds the dubious honor of Most Likely To Be Attacked), a FBI and HHS’ Office for Civil Rights report notes that ransomware attacks occur at the rate of 4,000 per day, a four-fold increase from 2015. View Full Post
Tweet Like LinkedIn LinkedIn Google Plus

EU General Data Protection Regulation: A Summary for Non-EU Businesses

The EU’s General Data Protection Regulation (679/2016/EU), the GDPR, comes into force across the EU on 25 May 2018. As it is being made by regulation the GDPR, unlike the existing Data Protection Directive (implemented into the UK by the Data Protection Act 1998), will have direct effect throughout the EU. View Full Post
Tweet Like LinkedIn LinkedIn Google Plus

Court Holds Crime Policy Covers Business Compromise Email Loss

The “business compromise email”  is what the FBI calls the “$5 billion scam,” but apparently an insurance company did not agree with an insured company that they had been the victim of a crime. A federal court recently found that a crime policy afforded coverage for a $4.8 million wire transfer that an insured company was duped into making.  View Full Post
Tweet Like LinkedIn LinkedIn Google Plus

Nevada Enacts Online Privacy Policy Law; Illinois ‘Right to Know’ Bill Dies

Effective July 1, 2017, Nevada joined California as the second state to require operators of websites and online services to post a public notice regarding their privacy practices. Like California’s law, the new Nevada legislation specifies that the posted notice must meet the following requirements: Identify the categories of personally identifiable information (PII) collected through the site (Nevada’s definition of covered PII tracks California’s almost identically). View Full Post
Tweet Like LinkedIn LinkedIn Google Plus

UK Data Protection Post-Brexit: A “cliff-edge”?

By | The Digital Watcher | July 24, 2017
Following the Government’s decision to include a revised data protection law in the Queen’s Speech last month, the House of Lords EU Home Affairs Sub-Committee reviewed the potential implications on national security, stability and public safety of the UK exiting the European Union without an agreement to ensure there is unhindered data flow between the two sides. View Full Post
Tweet Like LinkedIn LinkedIn Google Plus

Ten Tips for Actions by a Covered Entity After a HIPAA Breach by a Business Associate

  This blog recently discussed tips for a covered entity (CE) in dealing with a HIPAA business associate (BA). Now, even though you have adopted all of the tips and more, in this dangerous and ever more complex data security world, one of your BAs suffers a breach and it becomes your responsibility as the victim CE to respond. View Full Post
Tweet Like LinkedIn LinkedIn Google Plus