Electronic Data Security

The National Security Administration issued a white paper on location data:

  • Using a mobile device — even powering it on — exposes location data.
  • Cellular providers and commercially available rogue base stations receive real-time location information.
  • Location data is stored on the mobile device.
  • Websites use browser fingerprinting to harvest location information, and WiFi access

On May 7, 2020, the New York Attorney General announced she will not sue Zoom after it agreed to adopt enhanced data security and privacy measures to protect the data of its 300 million plus users. As COVID-19 social distancing policies radically change the way individuals and industries communicate, Zoom saw a reported 3,000 percent

The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) issued an advisory to hospitals and other healthcare organizations that cybercriminals are targeting them with phishing campaigns, ransomware, and other malicious acts referencing COVID-19.  Cybercriminals are exploiting the fact that the healthcare sector is consumed with COVID-19 management and response to ramp up attacks, including ransomware

Citing a “significant increase in cybercrime” during the COVID-19 pandemic, the New York Department of Financial Services (DFS) issued guidance to all New York State regulated entities identifying areas of heightened cybersecurity risks. DFS advised regulated entities they should assess and address these areas as per cybersecurity regulation 23 NYCRR Part 500.

Heightened Risk #1:

The New York Attorney General issued a warning to health care providers, hospitals, and other organizations within the health supply chain that cyber criminals are using targeted COVID-19 phishing emails and texts to gain access to sensitive information.  Multiple reports indicate that scammers are sending emails and texts to get a recipient to click on

“Web feature developers are being warned to step up attention to privacy and security as they design contributions.

Writing in a blog post about “evolving threats” to Internet users’ privacy and security, the W3C standards body’s technical architecture group (TAG) and Privacy Interest Group (PING) set out a series of revisions to the W3C’s Security

Shortly after the recent video surveillance guidance from the EDPB, the Information Commissioner of the Isle of Man published an updated CCTV data protection guidance.

Key takeaways for controllers:

General Considerations and Governance:
  • CCTV images identify living individuals and are, therefore, personal data. This means that the use of CCTV will be covered

The Federal Trade Commission has approved a final consent order settling charges that a background screening company falsely claimed to be in compliance with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks.

SecurTest, Inc. agreed in June to settle FTC charges that its website falsely claimed that it participated in the EU-U.S. and Swiss-U.S. Privacy Shield

The $5 billion fine levied against Facebook by the Federal Trade Commission is certainly headline news, but it also contains detailed requirements for privacy and information security governance and accountability that all companies can learn from and implement.

Big Picture Takeaways:

  • Facebook faces many detailed requirements for internal and external governance and oversight with

In most of the world, anonymous data are not considered personal data — the information can be shared and sold without violating privacy laws. Market researchers are willing to pay brokers for a huge array of data, from dating preferences to political leanings, household purchases to streaming favorites.

But this anonymous information may not be