Cyber Security, Information Governance & Privacy

The Federal Trade Commission released guidance for increasing privacy and data security while videoconferencing over the internet. The FTC is recommending that video conference users take the following steps:

  1. Make sure that only those individuals who were invited to the meeting are in attendance by securing the meeting by password or providing unique meeting and/or

As we reported in March, the COVID-19 pandemic is being leveraged by malicious cyber actors to make various cybersecurity attacks. In a joint alert issued on April 8 by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre (NCSC), the agencies provided information on exploitation

On April 6, the Federal Trade Commission announced a settlement with Tapplock, Inc. for falsely claiming in its privacy policy that its fingerprint-sensing smart locks were “unbreakable” and that it followed “industry best practices” to ensure that a user’s personal information was protected. After three security researchers identified various physical and electronic vulnerabilities with the

The Federal Bureau of Investigation warns that cyber scammers are leveraging the coronavirus (“COVID-19”) to steal money, personal information, or both through phishing emails, fake Centers for Disease Control and Prevention emails, and solicitations selling counterfeit treatment, masks, and respirator equipment. See the FBI’s March 20 alert here. Business email compromise continues

Privacy and cybersecurity should be considered as organizations think about how to tackle the effects of the coronavirus (“COVID-19”) outbreak. Questions to consider include: (1) What is considered “reasonable security procedures” when businesses are forced to abruptly shift to a remote workforce? (2) How should businesses balance employees’ privacy rights against the need to keep

In the wake of many cities issuing tighter restrictions to slow the spread of the coronavirus (“COVID-19”), the Cybersecurity and Infrastructure Security Agency (“CISA”) has issued guidance on the identification of “essential critical infrastructure workers.” It is important to ensure continuity of functions that are critical to public health and safety, as well as economic

As the coronavirus (“COVID-19”) continues to spread, businesses are pushed to make swift decisions that impact not only business operations, but also the privacy and security of employees’ personal information. In times like these, the Fair Information Practice Principles (“FIPPs”) should be every organization’s guiding light.

The FIPPs are principles that address the privacy of

Many privacy and data protection statutes require businesses to implement “reasonable security procedures” to protect personal information. See, e.g., Cal. Civ. Code § 1798.81.5 (requiring businesses that own, license, or maintain personal information about a California resident to implement and maintain reasonable security procedures and practices appropriate to the nature of the information).

In efforts to address the spread of the coronavirus in the European Union, employers and public health authorities, among others, have been processing an increased volume of personal data. In response to this, data regulators from some member states have released guidance on how to collect, share, and use personal data, especially health data, in

The Safeguards Rule of the Gramm-Leach-Bliley Act of 1999 requires financial institutions to implement security programs in order to keep customer information secure. The Safeguards Rule also extends contractually to affiliates and/or service providers of those financial institutions, including possibly “finders” (i.e., entities charging a fee to connect consumers looking for loans to lenders).