Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Tag Archives: Information Management

Upcoming NIST Hosted DFARS Safeguarding Clause & CUI Training – October 18, 2018

By Evan D. Wolff, Maida Oringher Lerner, Peter B. Miller, CIPP/G/US, CIPP/E, CIPM, CIPT, Kate M. Growley, CIPP/G, CIPP/US and Michael G. Gruden, CIPP/G on Posted in Cybersecurity / Data Security
The National Institute of Standards and Technology (“NIST”) is hosting a cybersecurity workshop on the Defense Federal Acquisition Regulation System (“DFARS”) Safeguarding Clause and related regulations on Thursday, October 18, 2018.  The workshop, in coordination with the Department of Defense (“DoD”) and the National Archives and Records Administration (“NARA”), will provide an overview of Controlled… Continue Reading

New Jersey Restricts Retailers’ Collection and Use of Customer Information

By Paul Rosen and Stephanie Reiter on Posted in Cybersecurity / Data Security, Data Breach, Information Management, Privacy
On July 21, 2017, Governor Chris Christie signed the Personal Information Privacy and Protection Act (S-1913) (the “Act”) into law, further enhancing the protections afforded to consumers who make retail credit card purchases in New Jersey.  As technology has evolved, many retailers rely on electronic barcode scanners to review and capture information on customers’ driver’s… Continue Reading

FTC Submits Public Comment to Working Group Tasked with Developing Guidance on IoT Security, Upgradability, and Patching

By Jeffrey L. Poston and Stephanie Reiter on Posted in Cybersecurity / Data Security, Data Breach, Internet of Things
On June 19, 2017, the Federal Trade Commission (FTC) issued a public comment regarding the National Telecommunications & Information Administration’s (NTIA) draft guidance titled Communicating IoT Device Security Update Capability to Improve Transparency for Customers.  In commenting on the guidance, the FTC acknowledged the benefits of and challenges to IoT device security, and encouraged manufacturers… Continue Reading

FTC’s New Chief Technologist Speaks at Crowell & Moring

By Crowell & Moring on Posted in Cybersecurity / Data Security, Government Agencies, Information Management, Privacy
Yesterday, Crowell & Moring hosted an International Association of Privacy Professionals (IAPP) KnowledgeNet featuring the Federal Trade Commission’s (FTC) new Chief Technologist, Lorrie Cranor. In her short time at the FTC, Cranor has already made waves by encouraging companies to rethink mandatory password changes.  At the event, Cranor spoke about the focus of her work,… Continue Reading

OCR Levies Second Ever HIPAA Civil Monetary Penalty

By Crowell & Moring on Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Information Management, Privacy, Rules
For only the second time in its history (following the $4.3 million Cignet case) the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) imposed civil money penalties (CMPs) on a company for violating the Health Insurance Portability and Accountability (HIPAA) Privacy Rule. Lincare, Inc. (Lincare), a home health provider, was… Continue Reading

Interim Rule Could Expand Already Onerous DFARS Cyber Requirements

By Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff and Maida Oringher Lerner on Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Contracting, Government Regulations & FISMA, Information Management, Privacy, Public Sectors, Rules
Yesterday, the DoD published an Interim Rule that, if finalized as drafted, would expand the already onerous requirements of the DFARS Safeguarding Clause to a broader array of potentially 10,000 defense contractors.  Citing “recent high-profile breaches of federal information,” the DoD’s Interim Rule emphasizes the need for clear, effective, and consistent cybersecurity protections in its… Continue Reading

Economic Espionage: A Real Risk for Universities

By Kate M. Growley, CIPP/G, CIPP/US, Laurel Pyke Malson, Evan D. Wolff, Maida Oringher Lerner and Harvey Rishikof on Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Contracting, Government Regulations & FISMA, Information Management, Privacy, Public Sectors
The recent arrests of Chinese nationals for alleged economic espionage are raising eyebrows across American industries, who are rightfully asking how they can protect themselves from becoming the next foreign target. U.S. universities have been key figures in these headlines. The risk of economic espionage is a serious one for higher education because universities are… Continue Reading

Digital Privacy and E-Discovery in Government Investigations and Criminal Litigation

By Louisa Marion and Justin P. Murphy on Posted in Accessibility, Cloud Computing, Cooperation/Meet & Confer, Criminal Law, Cybersecurity / Data Security, Ethics, Government Agencies, Information Management, Preservation, Privacy, Privilege/Rule 502, Public Sectors, Rules, Sanctions, Social Media, Spoliation
In conjunction with the 2015 American Bar Association annual State of Criminal Justice publication, Louisa Marion and I have published a new chapter on “Digital Privacy and E-Discovery in Government Investigations and Criminal Litigation.” The article provides an in-depth look at many of the current and cutting edge issues raised by digital privacy and e-discovery… Continue Reading