On April 6, 2017, New Mexico enacted a data breach notification law. The “Data Breach Notification Act” (H.B. 15) will take effect on June 16, 2017. The recent passage of this statute leaves Alabama and South Dakota as the only two remaining states with no law requiring companies to notify individuals of data breaches involving
Enforcement - Federal Agency and State AG Action
Trump Privacy Rollback Continues, States Step Up
On April 3, 2017, President Trump signed a repeal of new Federal Communications Commission (FCC) rules that would have subjected broadband internet service providers (ISPs) to more stringent consumer privacy regulations. Specifically, the FCC’s rule would have required ISPs to obtain opt-in consent from consumers before using and sharing sensitive information such as geo-location, web…
Court Confirms Right to Be Forgotten Is Not Absolute
It has been less than three years since the Court of Justice of the European Union (CJEU) decided that people have the right to have incorrect information about them removed from online search engine results. However, this so-called “right to be forgotten” is not absolute, as confirmed by the CJEU’s most…
The Validity of EU-U.S. Personal Data Export Tools: A Pending Issue
Between the cancellation of the Safe Harbor by the Court of Justice of the European Union (CJEU) and the adoption of the Privacy Shield, a number of data exporters have relied on the Standard Contractual Clauses (SCC) as the safest export tool to transfer personal data from the EU to the U.S. But as announced…
FTC Cautions Companies on Cross-Device Tracking Disclosures
On January 23, 2017, the FTC released a new report outlining its recommendations for companies using cross-device tracking. The report focused on the FTC’s continued commitment to consumer choice, transparency, and security.
What is cross-device tracking?
Cross-device tracking occurs when companies attempt to connect a consumer’s activities across multiple devices. For example, a consumer begins…
Obama’s National Cybersecurity Recommendations to Trump
On December 1, 2016, the Commission on Enhancing National Cybersecurity (Commission)—established ten months earlier by President Obama—released its Report on Securing and Growing the Digital Economy (Report). The 50-page Report includes six major imperatives with 16 recommendations and 53 associated action items to improve national cybersecurity. The Commission is a non-partisan panel comprised of 12…
International Employers in Scope of the GDPR: Are You Ready?
The GDPR harmonizes data protection laws across the EU and updates the current 20-year-old regime to take account of globalization and the ever-changing technology landscape. It will apply not only to EU companies, but to any company processing the personal data of individuals in the EU in relation to offering goods or services, or to…
Yahoo Déjà Vu – One Billion Yahoo Accounts Hacked
Yesterday afternoon Yahoo Inc. (Yahoo) announced that user information was stolen from more than one billion accounts in August 2013. Yahoo said that the stolen information includes, “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers” but does not include bank…
Don’t Forget the State Attorneys General
State attorneys general play an active role in data privacy and security matters. Their involvement is increasing as they grapple with changing technologies and threats, rapidly evolving state laws and their relatively broad consumer protection authority to engage private sector custodians of personal data such as retailers, financial institutions, technology companies, and health systems. In…
Cybersecurity Threats May Impact Your Digital Health
As the healthcare industry continues to embrace the Internet of Things, cybersecurity may present unprecedented health and privacy risks to patients. Wireless-enabled medical devices are increasingly common. For some patients, this means that their hearts are, quite literally, connected to the Internet of Things. For others, mobile medical apps and wearable products are collecting…