Electronic Data Security

On December 31, 2014, the Federal Trade Commission announced that it approved a final order settling charges against Snapchat.

In its complaint, the FTC charged Snapchat with deceiving consumers over the amount of personal data that it collected and the security measures in place to protect the data from disclosure and misuse.

The settlement order

On October 24, the Federal Communications Commission (FCC) threw its hat into the data security regulation ring when it announced it intends to fine two telecommunications companies $10 million for allegedly failing to safeguard the personal information of their customers.

Both TerraCom, Inc. (TerraCom) and YourTel America, Inc. (YourTel) allegedly collected customers’ personal information, including

On February 4, 2013, the California Supreme Court held that Apple Inc. is permitted to request a customer’s address and telephone number in connection with an online purchase. The Supreme Court reversed the trial court’s decision and found that the Song-Beverly Credit Card Act does not apply to online transactions.  The Supreme Court stated that "[t]he safeguards

While the undertakings of a Medicare ACO and the terminology in the Data Use Agreement for protection of patient data may differ from those of covered entities, business associates and subcontractors and their BAAs under the HIPAA/HITECH regulations, they have many striking similarities and purposes
Continue Reading HIPAA “Mega Rule”, Meet “Super BAA”: The CMS Data Use Agreement

The FBI reports that cyberattacks could overtake terrorism as the major threat to the country. According to the Department of Homeland Security, between October 2011 and February 2012, there were 86 reported attacks on U.S. computer systems that control critical infrastructure, factories and databases, compared with 11 over the same period a year ago.

The Computer Crime and Intellectual Property Section of the U.S. Department of Justice compiled a summary in August 2010 of the retention periods of major cellular service providers of data transmitted to and from users’ mobile devices. The American Civil Liberties Union (ACLU) obtained a copy of the foregoing report through a Freedom of Information Act (FOIA) request. The contents of the report are interesting, to say the least.
Continue Reading Comparison of Major Carriers’ Retention of Mobile Device Usage

Over the last two years more and more clients have requested that we assist them with moving some or all of their business to the “cloud.” Some of these clients want to use a service that would result in sensitive information being stored on the servers of a third party service provider, such as web-based email, Salesforce.com, Google Docs. As much as each of these businesses have heavily debated the pros and cons of moving to the cloud, rarely do they consider where the cloud is physically located. However, businesses do not always consider that the information that is stored in a cloud-based service may be physically located on servers not situated in the United States. Having your business information located in a foreign country can easily (very, very easily) lead to loss, unauthorized private and governmental access and the tripping of the myriad of existing laws, rules and regulations.
Continue Reading Moving to the Cloud: Making Sure You Know the Location of the Cloud

The use of “cookie” technology, which is basically a small data file that is stored in the cache on your computer when you visit many sites, is nothing new. They are used to recognize you when you return to a site, remember what your preferences, reading and/or shopping habits are, and to otherwise make your experience at the web site more enjoyable. Use of these “harmless” cookies is generally accepted. But new technologies that have emerged and, appear to be emerging, are renewing the debate. The new technology ignores user privacy settings and are difficult to detect and delete.
Continue Reading Web Sites Are Tracking Our Online Habits More Than We Realize

A study commissioned by Microsoft Corp. and RSA, the Security Division of EMC, alleges that companies place too much focus on securing personal data such as customer, medical and financial information versus corporate data (trade secrets and other proprietary information). According to the report, this can cause irreparable damage to a company’s competitive edge. The