Following President Obama’s State of the Union address on February 12, the White House released its much-anticipated cybersecurity executive order, Improving Critical Infrastructure Cybersecurity. The EO was an opportunity for the Administration to address widely acknowledged cyber threats to domestic critical infrastructure and to clarify Executive Branch authority to respond fully to cyber-attacks by
Data Security/Privacy
Privacy Bill of Rights and Enforceable Codes of Conduct: The Evolving Privacy Landscape

The Obama Administration’s consumer data privacy framework released last month will impact companies’ data collection, use, and retention practices, and raises complex legal issues. As explained in a recent article by Keller and Heckman LLP, the notion of codes of conduct developed through a multistakeholder process, to be enforced by the Federal Trade Commission (“FTC”),…
“Do Not Track” Continues to Gain Traction

Do you know whether and how your websites use “cookies” or other technologies to collect information from users and/or target advertising? Do you know what information is being collected and how it is being used? The Federal Trade Commission has endorsed an online “Do Not Track” mechanism, and recent inquiries, investigations, and lawsuits relating to…
Privacy Lessons Learned From the Borders Group Bankruptcy

The privacy implications of the sale of the bankrupt Borders Group’s consumer database to Barnes & Noble have been a focus of the Federal Trade Commission (“FTC”), state Attorneys General, and lawmakers, and the transaction highlights the need for companies to carefully draft and periodically review their privacy notices to consumers.
Privacy notices…
General Liability Insurance Policies and Cyber Attacks: Is Your Company Covered?

Companies should not assume that their general liability policies cover cyber attacks, and they should anticipate disputes from insurers when seeking defense and/or indemnity under these policies. This is illustrated by a Complaint filed by Zurich Insurance Company in the Supreme Court of New York against various Sony entities relating to claims for coverage after…
Do You Know Your Service Providers’ Privacy and Data Security Practices?

One trend in recent months is an increase in class action lawsuits and government investigations following a major data breach that compromises personal information. This serves to remind companies not only of the repercussions of a data breach, but also the importance of taking stock in the data they collect and share and integrating privacy…
You’ve Been Hacked. What Do You Do?

Online hacking, lost or stolen laptops, and improper disposal are just some of the ways that personal information that a company collects from customers and employees can get into the wrong hands and be used to commit identity theft. There are a variety of laws that dictate how companies must respond to a data breach,…
Breaches Put Privacy and Data Security in the Spotlight

In April, we witnessed some of the largest data breaches in U.S. history, one of which reportedly affected more than 100 million consumers. Those breaches occurred as two comprehensive privacy bills- the Commercial Privacy Bill of Rights Act of 2011 and the Consumer Privacy Protection Act of 2011– were introduced in Congress, and they…