{ Banner Image }

Showing 29 posts in Privacy.

Assembling Your Company's Data Breach Response Plan

Business TeamNo matter how carefully, thoughtfully and diligently a company works to prevent it, data breaches happen. Company management, IT teams and outside consultants can do everything right and still end up dealing with a breach. That means that knowing how to best respond when (not if) a breach happens should be part of every company’s data protection strategy.

We recommend that every company assemble a security breach team, consisting of individuals inside and outside of the organization who possess different skill sets. This may include technology officers, as well as staff from IT, human resources, communications, legal departments, outside counsel, and outside vendors. The composition of the team will depend on the type and size of the organization, but each member should be in a position and have skills that enable the organization to quickly and properly respond to an incident. The team must also be equipped, authorized and empowered to evaluate and immediately react to an incident once it has occurred. Read More ›

Categories: HIPAA, News, Privacy, Technology

Identity Theft: How to Reduce the Risk and Mitigate the Harm

Identity TheftAccording to the Department of Justice (the “DOJ”), an estimated 17.6 million Americans aged 16 or older were victims of at least one attempt or incident of identity theft in 2014. Identity theft takes many forms - from stealing someone’s identity to obtain government benefits to creating new financial accounts in another person’s name. The most frequent type of identity theft - 80 percent of all cases according to the DOJ - involves someone trying to take over an existing bank or credit card account. Tax-related fraud is also on the rise.

We are all at risk of identity theft. It seems like a week never goes by without a news report about a data breach at a major retailer or bank. Unfortunately, most people who are victims of identity theft - or suspect they might be - are not aware of the steps they should take to mitigate the harm from the theft.

This article identifies the steps that a person whose social security number is compromised should immediately take upon learning of a problem, as well as actions to take to protect against the risk of identity theft in the future. Read More ›

Categories: News, Privacy, Tax

Private Companies are Watching Your Every Move Online

PrivacyThanks to the new Oliver Stone movie now in theaters, Edward Snowden has been back in the news lately. Disillusioned and alarmed by the virtual mountain of data that was being assembled by the federal government to track all forms of digital communication, Snowden became a hero to some, and traitor to others, after he leaked information about the government’s secret tracking systems to the press. Read More ›

Categories: Privacy

Filming for TV Show Results in HIPAA Violation and $2.2 Million Settlement Paid by New York Presbyterian Hospital

HospitalIt’s not uncommon for “covered entities” such as hospitals and health systems to violate the Privacy Rule under the Health Insurance Portability and Protection Act of 1996 (“HIPAA”). A stolen laptop or misplaced file can expose information that should be protected. Rarely, however, does a violation arise from the filming of a television show. But that’s exactly what happened in the case of New York Presbyterian Hospital (“NYP”), which recently entered into a settlement with the Department of Health and Human Services, Office for Civil Rights (“OCR”) for $2.2 million. Read More ›

Categories: HIPAA, Privacy

Protect Your Business From Competitive Intelligence

competitive intelligenceThe term "competitive intelligence" is the process of legally gathering information about one's competitors to gain a strategic advantage in the marketplace. Large corporations will have strategic intelligence experts as a part of their marketing department. These experts specialize in discovering promotional activities, sales figures, and other information about the company's competitors. Ideally, strong competitive intelligence enables a company to predict the strategy of a competitor and adapt with a strategy of its own that will result in an advantage in the marketplace.

The good news is that small and medium-sized businesses are not usually the targets of professional competitive intelligence experts. However, a business owner would be wise to protect itself from amateur intelligence gathering by its competitors. Competitive intelligence gathering begins by identifying the strategy of your own business and how your competitor's strategy will interfere. Then the intelligence gathering begins.  Read More ›

Categories: Privacy, Social Media

Police Officers Can Force You to Unlock a Phone with Apple's Touch ID Technology

touch id technologyDid you know that one court has ruled that a police officer can force a person to unlock a phone with Apple's Touch ID technology? Understand the risks with enabling this feature on your phone. Check out the story here.

Categories: Privacy

Is customer e-mail data maintained by US companies on overseas servers subject to US jurisdiction?

overseas serversMicrosoft may soon find itself being held in contempt of court after refusing to abide by a U.S. District Court Order, requiring it to produce customer e-mail data stored by the company in Dublin, Ireland.  The United States Department of Justice previously sought and obtained a search warrant for the production of customer e-mail data maintained by Microsoft as part of a criminal investigation relating to narcotics trafficking.

Judge Loretta Preska, chief judge of the United States District Court for the Southern District of New York, ordered Microsoft to produce the e-mail data in July, finding that, although the data was held overseas, it remained under Microsoft’s possession and control, over which the court maintained jurisdiction. Microsoft has yet to comply, claiming that the court lacks jurisdiction over the foreign e-mail data. The judge has since imposed a Sept. 5 deadline for the parties to inform the court on how they plan to proceed. Read More ›

Categories: Privacy

Cincinnati Who-Dey Ruling is Big Deal for Internet Commerce: Website immune from Ex-Bengals Cheerleader’s Defamation Lawsuit

defamation lawsuitThe gossip website, thedirty.com, is immune from liability for online posts about an ex-Bengals Cheerleader’s sexual promiscuity and acquiring a sexually transmitted disease. In a closely followed decision from a case that has generated considerable media coverage because of its potential to chill online speech and hold internet websites such as Facebook, Twitter and newspaper sites liable, which allow third party users to post content, was reversed. The U.S. Court of Appeals for the Sixth Circuit recently overturned a jury verdict of $338,000 against gossip website thedirty.com and its owner Nik Richie. Sarah Jones v. Dirty World Entertainment Recordings LLC  arose after Sarah Jones, a former Cincinnati Bengals cheerleader and teacher who was subsequently convicted of having sex with a high school student, sued the website after it posted unflattering information about her sexual promiscuity with football team players, she demanded the posts be removed, and the website refused. She filed state law tort claims for defamation and privacy torts and won at trial. The defendants appealed. Read More ›

Categories: Privacy, Social Media

How Secure Is Your Cloud?

Business owners are increasingly turning to cloud storage as an alternative to maintaining their own servers. The three most popular cloud storage services are Dropbox, Google Drive and SkyDrive. Each service comes with a specific amount of free storage and allows users to upgrade for a fee. For a helpful comparison of these three choices, see here. Cloud storage providers are promising upgraded security, but there are certain steps business owners can take themselves to protect their data. Read More ›

Categories: Cloud Computing, Privacy

BYOD: Balancing Data Security with Employee Privacy

employee privacyThe days of carrying around a work phone and personal phone are quickly dwindling, if not already gone. Instead, businesses are implementing bring-your-own-device ("BYOD") policies that allow employees to access corporate information from their personal mobile device. On one hand, providing employees with mobile access to information increases productivity by allowing employees to work from anywhere. On the other hand, allowing corporate information to be accessed on devices that are mobile and capable of falling into the wrong hands produces a host of new security issues. This creates a difficult balancing act for employers who want their employees to be productive, but still want to maintain control over the information being accessed. Read More ›

Categories: Employment, Privacy