Archives: Privacy Policy

Subscribe to Privacy Policy RSS Feed

The Illinois Supreme Court Clears the Way for a Proliferation of Lawsuits Under the Illinois Biometric Information Privacy Act

Richard HuDaniel SaeediBy Richard Hu and Daniel Saeedi on Posted in Privacy Policy

On Jan. 25, 2019, the Illinois Supreme Court issued a landmark opinion in Rosenbach v. Six Flags Entertainment Corporation, a case brought under the Illinois Biometric Information Privacy Act (“BIPA”). 740 ILCS 14/1 et seq. The court reversed the decision of the Illinois appellate court and held that a plaintiff may bring a lawsuit under BIPA as an “aggrieved” party based upon a defendant’s violation of the statutory requirements of BIPA and without the plaintiff being required to show … Read More

Data Protection: Key Takeaways for Consumers and Businesses After the Facebook and Cambridge Analytica Scandal

Scot GanowBy Scot Ganow on Posted in Data Breach, Privacy Policy

In a local news interview, I was recently asked to comment on the Facebook-Cambridge Analytica story involving the unauthorized use of Facebook user profile information by Cambridge Analytica for profiling and targeting purposes. The focus of the interview was what consumers can do to better protect themselves. However, there are learning opportunities for businesses too. Here are some quick points to consider for both parties.

Consumers

  1. Your choices matter most. I beat this drum pretty heavily, but it is
Read More

What’s in a notice? Privacy notices under the GDPR

Privacy & Data Security InsightBy on Posted in data privacy, Privacy Policy

U.S. privacy law is based on the principles of notice and consent – for instance, under FTC and state consumer protection laws, consumers given fair notice and the opportunity to consent generally cannot complain about the use of their data.

But as we have noted in prior posts, the E.U.’s General Data Protection Regulation (“GDPR”), which will become effective May 25 of this year, is more comprehensive than any U.S. privacy law in most respects. It treats personal data (defined … Read More

HIPAA’S Privacy Rule: Having a Policy – But Not Enforcing It – Costs Provider $5.5 Million

Brian EatonBy Brian Eaton on Posted in HIPAA, Privacy Policy

The Office for Civil Rights (OCR) announced a settlement agreement for $5.5 million dollars with Florida’s Memorial Healthcare Systems (MHS) stemming from allegations it failed to protect patient data. The privacy violation arose out of the unauthorized access of 115,143 patients by MHS employees. The information that was compromised consisted of names, dates of birth and social security numbers. A majority of these impermissible actions occurred when a former employee’s login credentials were used from 2011-2012 which affected 80,000 individuals.… Read More

Real-Life Attacks On Business & What You Can Do To Deter A Cybercriminal – Event September 7

Caryn KaufmanBy Caryn Kaufman on Posted in Breach Detection, Cyber Security, Data Breach, data privacy, Phishing attack, Privacy Policy

To effectively guard against an enemy of any kind it’s important to know your enemy. This strategy is just as effective when fighting an online battle to protect your company’s data.

Before you can effectively defend against cyberattacks, it is important to educate yourself on potential threats and how to handle them. We invite you to join us on September 7 for part two of the Columbus Cybersecurity Series featuring FBI agent David Fine returns. During this portion of the … Read More

Corporate Boards: The Challenges and Risks of Maneuvering Through Cybersecurity

Stephen H. JettBy Stephen H. Jett on Posted in Cyber Security, Incident Response Plan, Privacy Policy

This is the first of a three-part series on the implications of cybersecurity threats on boards of directors. 

Now, more than ever, corporate boards face an immense challenge to ensure that their companies are prepared for cybersecurity threats before they occur.  It is not question of if a corporation will be hit by a cybersecurity incident or data breach, but when.

The Existing Cybersecurity Landscape and Associated Risks  

The landscape that corporate boards face has never been more treacherous, with … Read More

Regulatory Update: DOJ and SEC Issue Privacy and Cybersecurity Recommendations

Taft LawBy Taft Law on Posted in Breach Detection, Cyber Security, Data Breach, Privacy Policy

The Department of Justice Cybersecurity Unit recently issued its “best practices” for cybersecurity incidents, while the SEC recently circulated a cybersecurity “guidance update.”  These publications recommend that companies institute certain policies and procedures for cybersecurity based on each agency’s experience in the area.

The agencies’ suggestions are good ones.  More importantly, like NIST’s Cybersecurity Framework, such recommendations may become de facto standards that regulators, courts, and juries look to when they assess whether your company’s … Read More

Threat Intelligence – What You Should Be Doing

Taft LawBy Taft Law on Posted in Breach Detection, Cyber Security, Data Breach, Identity theft, Incident Response Plan, Privacy Policy, Uncategorized

Threat Intelligence is, very simply, network defense techniques that leverage knowledge (i.e. intelligence and counter intelligence) about adversaries so that organizations can build a superior information base which decreases the chances of an attacker compromising their networks. Gartner more specifically defines it as “Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to the menace or hazard.”

Vulnerability Read More

Cyber Attacks: Small/Mid Cap Companies Beware

Taft LawBy Taft Law on Posted in Anthem, Breach Detection, Cyber Insurance, Cyber Security, Data Breach, Identity theft, Privacy Policy

The marquee breaches that have occurred recently (i.e. Anthem, Home Depot, Morgan Stanley, Target, Linked In, and Sony) have helped U.S. Fortune 1000 companies understand that data security must be taken seriously.  Not only must companies invest in their data security, but they must proactively manage and protect it.  Previously, large corporations generally considered hacking attacks and general security breaches as “Force Majeure” events in that they were both unpredictable and unpreventable.  Therefore, many of the Fortune 1000 purchased cyber … Read More

The “Where” of Data Security

Taft LawBy Taft Law on Posted in Breach Detection, Cyber Security, Data Breach, Personally Identifiable Information, Privacy Policy

When we secure an asset, we usually know where it is and have a series of controls to protect it. For a house or office building, it is the address and we secure it with locks and perhaps a security service. For a car, we have the VIN and maybe a tracking device if the car is valuable as well as keys and alarms to control access. By and large, we have ingrained in our psyches how to protect physical … Read More

The Enemy Abroad: President declares cyber-espionage a national emergency; creates U.S. power to sanction

Privacy & Data Security InsightBy on Posted in Breach Detection, Cyber Security, Data Breach, Privacy Policy

Following high-profile data breaches, including North Korea’s virtual invasion of Sony Pictures, President Obama declared a national emergency related to malicious cyber-attacks from abroad. In an executive order signed April 1, 2015, Obama created expansive sanctions designed to curb, as he put it, this “unusual and extraordinary threat to the national security, foreign policy, and economy of the United States.”

The order gives the U.S. Treasury Department discretion to freeze assets of foreign persons or entities who engage in “or … Read More

How To Advise Tech Start-Ups in Practice, Not Theory

Taft LawBy Taft Law on Posted in COPPA, Cyber Security, Data Breach, HIPAA, Identity theft, Personally Identifiable Information, Privacy Policy

What career could possibly be more exciting than serving as a privacy lawyer for tech start-up companies? This is a question I asked myself a few years back, right after I finished clerking for a couple of terrific federal judges and right as I was considering starting the privacy practice I had envisioned as a law student sitting in Prof. Fred Cate’s classes at the Indiana University Maurer School of Law several years earlier. At that time, my answer was … Read More

Lawless Published in The Privacy Advisor

Taft LawBy Taft Law on Posted in COPPA, Cyber Security, Data Breach, HIPAA, Identity theft, Personally Identifiable Information, Privacy Policy

“How To Advise Tech Start-Ups in Practice, Not Theory,” an article by Taft Cincinnati attorney Matthew D. Lawless, was published in IAPP’s The Privacy Advisor on March 24.

About the IAPP
The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally.… Read More

Questions Every Tech Start-Up Should Answer Before Drafting a Privacy Policy

Taft LawBy Taft Law on Posted in Breach Detection, Cyber Security, Privacy Policy

So you know what information you will collect, how you will use it, where you will store it, how you will secure it and with whom you will share it. Put all of this information in a “privacy policy” and you’re done, right?

Wrong.

Following is our list of the top privacy law questions every tech start-up should ask itself before drafting a privacy policy.

1.  Do we receive any health information from health plans, health care clearinghouses or other Read More

LexBlog