The Intel Chip Weakness Should be a Red Flag for Your Business

If your business has not considered liability insurance for data breaches before now, now is the time. From small mom and pop shops to publicly traded entities, nearly all businesses are electronically storing some type of confidential information—be it employees’ social security numbers and dates of birth or customers’ credit card numbers. And while you 

Continue Reading >>

Adopting Data Security Measures Is Not Always Enough to Ensure Compliance with the Safeguards Rule

The Securities and Exchange Commission views data security as a critical part of its investor protection mandate.  Rule 30(a) of Regulation S-P, known as the “Safeguards Rule” sets out certain procedures that every SEC-registered broker-dealer, investment company and investment adviser must adopt to safeguard customer records and information.  The Safeguards Rule requires these entities to 

Continue Reading >>

The FTC’s Expansive “Watch Dog” Role in Question – How Businesses Should Respond

The Federal Trade Commission (FTC), the federal consumer protection agency created in 1914 to break up large, anticompetitive monopolies, has recently focused its efforts in regulating consumer privacy and data protection.  Although some specific kinds of data are subject to various federal legal requirements—such as medical information under HIPAA—and states have their own laws governing 

Continue Reading >>

New Ruling by U.S. Supreme Court on Standing to Pursue Litigation

Alleging a “mere statutory violation” is not sufficient to confer Article III standing for a federal cause of action according to a recent ruling of the United States Supreme Court in Spokeo, Inc. v. Robins, __ U.S. __, 136 S.Ct. 1540 (2016), in the context of an alleged violation of the Fair Credit Reporting Act 

Continue Reading >>

The GDPR and the Model Clauses for Data Transfer Processors: Transactional and Litigation Issues

Whether we like it or not, whether we adopt similar legislation in the U.S. or not, the stringent requirements of the General Data Protection Regulations (“GDPR”) are coming and the requirements are becoming boilerplate language in U.S. contracts.  This will impact businesses as it relates to their operations, contract negotiations and, eventually, exposure to liability.  

Continue Reading >>