|
New State Laws Require Extensive Data Security Plans and Encryption [Sept. 2008]
By Randy Gainer
Massachusetts adopted regulations on Sept. 22, 2008, that will require businesses, wherever located, that store or use information about Massachusetts residents, to implement comprehensive information security programs by Jan. 1, 2009. The regulations, available at 201 CMR 17.00, were issued by the commonwealth's Office of Consumer Affairs & Business Regulation. A Nevada statute will require Nevada businesses that store or use information on any individual to begin encrypting customer personal information that they send electronically, other than by fax, on Oct. 1, 2008.
Together the two laws will significantly increase the precautions that many businesses must take to protect customer information they store and use. |
|
“Red Flag” Identity Theft Programs Required by November 2008 [July 2008]
By John D. Seiver and Ronald G. London
Yesterday the Federal Trade Commission (FTC) formally reminded financial institutions and creditors of the upcoming November 2008 deadline for implementing identity theft prevention programs in compliance with the “Red Flag” Rules that were jointly adopted last year by the FTC and five other federal agencies (the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision, and the National Credit Union Administration)
As explained in this advisory, all types of financial institutions and most electronic service providers (including video, Internet and voice service providers) will have “covered accounts” governed by these new rules and therefore must have designed, implemented and begun operating an internal system to detect and combat identity theft no later than November 1, 2008.
The FTC issued a gentle reminder yesterday that companies should be well along in getting their identity theft programs in place. The FTC also launched an outreach effort to explain the rules, which included publication of a very general alert on what the rules require and what types of businesses must comply. |
|
FTC Consent Decree Suggests Expectations of Minimum Data Security Measures: Security procedures must support protection statements [Jan. 2008]
By Ronald G. London
The Federal Trade Commission (FTC) recently announced a consent decree with online retailer Life is good (www.lifeisgood.com) that offers insight into what that agency may believe are the bare minimum steps companies must take when making the kind of generic we-protect-the-information-you-give-us statements found in most privacy policies. The consent decree serves as advance notice to businesses that collect sensitive personal data, to ensure that sufficient safeguards are in place to adequately support information security statements. Such businesses should be aware of the FTC's expectations and evaluate their security procedures in light of the decree. |
|
|
|
Privacy Law
by Charlene Brownlee and Blaze D. Waleski
New Book! Are your organization's privacy safeguards legally adequate? Privacy Law by Charlene Brownlee and Blaze D. Waleski is a complete, up-to-date legal book offering detailed guidance on privacy laws, industry practices, and consumer expectations, including the duty to notify employees and customers about privacy breaches.
| List Price: $189 |
|
| Enter 219272 as the promotional code on the Checkout Page to receive your 15% discount. |
Locking Up Your Identity - A Primer on Identity Theft
by Randy Gainer
[July 2007]
Digital Privacy Blogs Keep Lawyers at Forefront of Their Industry
Featuring Randy Gainer
Posted on Real Lawyers Have Blogs [July 2007]
Current Privacy Issues Facing Marketers
By Robert J. Driscoll
Reprinted with permission by Privacy & Data Security Law Journal
Lawsuits Challenge The NSA’s Warrantless Data Mining And Surveillance Program
By Randy Gainer
Reprinted with permission by Privacy & Data Security Law Journal
Internet Search Terms: Embedded
Privacy Issues
By Thomas R. Burke
Reprinted with permission by Privacy & Data Security Law Journal
Laws are constantly changing. Fortunately, our lawyers are watching
the legal developments that can affect your business. We regularly
publish articles, advisory bulletins, and guides on legal developments
that are of interest to you. Our publications are available free
of charge by email and are posted on our website.
To sign up for our Advisory Bulletin email service, click
here.
Email us your comments and suggestions or call us toll-free at 1-877-398-8416. We'd love to hear from you! |
