Antitrust Law Source

Tag Archives: data security

Still need a data breach response plan? The FTC offers a guide to help.

If you have not yet developed a data breach response plan, the FTC has stepped in to help. The FTC has prepared a guide, a short video and a corresponding segment on its business blog to help businesses prepare for data breach events. The guide and video provide key considerations, including having your computer forensic expert or team identified, steps to notify effected parties and law enforcement, and processes to remediate a breach event. The Guide also points to additional resources for breaches of electronic health information. Perhaps most helpful, the guide offers a simple template data breach notification …

FTC has ruled….and companies better beware!

In a move the surprised no one, the Federal Trade Commission (FTC) reversed the decision of its own Administrative Law Judge (ALJ) and held that LabMD’s “data security practices constitute an unfair act or practice within the meaning of Section 5 of the FTC Act.” There are two noteworthy aspects to the opinion. First, if the magnitude of the harm is great enough, the risk of its occurrence can be low and still satisfy the “substantial injury” requirement. Second, believe it or not, the word “likely” does not mean “probably.” …

Part two: Privacy matters

Continuing with part two of this three-part series about privacy and data security, Ana Crawford gives an update on which federal agencies and states are dipping their toes in the data protection arena.…

Part one: Privacy matters

In this three-part series, Jay speaks with attorneys across Porter Wright’s departments and practices about privacy and data security. Today’s podcast begins with Christina Hultsch who talks about the options available for European Union companies to transfer data. …

Consumer data breaches

What happens if your personally identifiable information is stolen, but no harm has come to you…yet? Do the eyes of the court feel that simply the fear of harm warrants relief? Jay and Ryan Graham discuss the differing decisions to date and how things may evolve in the future.…

Big data and what can be done with it: Part three

In our last installment of the big data podcast series (listen to part one and part two), Jay and Phil discuss how companies deal with data breaches. They talk about how consumer trust is vital and how customers may prepare in advance for these breaches. Finally, Phil shares three tips when it comes to using customers’ information for competitive advantage.…

Big data and what can be done with it: Part one

In part one of this three-part series, Jay talks with Phil Rist, executive vice president of Prosper Business Development, about how his company collects big data and utilizes it to detect trends that aid his clients in developing their strategic plans. Phil discusses how his company not only takes data available from the federal government, but how they administer “emotional surveys” to track the feelings of today’s population to build predictive models for future events. Phil and Jay discuss challenges and opportunities for big data in 2016 – how the internet of things (wearable devices, Bluetooth enabled devices, trackable …

Health care data breaches – inevitable, but you can minimize the damage

Data breaches in health care can be the most devastating, both to the consumers whose personally identifiable information was exposed, but also to the institutions that possessed this sensitive data. In this podcast Jay and Christina Hultsch review the various issues surrounding such data breaches, including when to review data security policies, how to prepare for a potential breach and how to deal with third-party vendor access.…

FTC chief administrative law judge: No harm, no foul

In a long awaited decision, the FTC’s chief administrative law judge (ALJ) ruled against FTC staff and held that LabMD did not violate Section 5 of the FTC Act by not reasonably securing customer data. The basis for the decision was that staff could not prove that customers would suffer “substantial injury” from LabMD’s data breach. Because the ALJ decided the case on those grounds, he never reached two critical issues – namely, were LabMD’s data security protections “unreasonable” and does the FTC have jurisdiction to enforce the unfairness prong of Section 5 to reach unreasonable data protection measures. …

Third Circuit’s Wyndham decision – Part two

So what did the Third Circuit hold in FTC vs. Wyndham and what does the decision really mean? Jay and Ryan continue their discussion of the Third Circuit’s decision and give you some key takeaways on what this means for companies that collect personally identifiable information.…

Third Circuit’s Wyndham decision – Part one

In part one of this two part series, Jay is joined by Ryan Graham, a colleague at Porter Wright and former FBI analyst, to discuss the Third Circuit’s decision in FTC vs. Wyndham. Ryan and Jay discuss generally the various agencies who have authority over data security and the challenges facing companies who have experienced a data breach. They also outline the issues involved in the Wyndham case.…

Managing post-data breach litigation just got harder

Data breaches are messy stuff, no doubt about that. They consume a huge amount of corporate resources, damage a company’s goodwill and can cost a lot of money. No real news there. And while the technological challenges in preventing, and responding to, data breaches are ever-changing – fueling the booming cybersecurity industry – the corporate response to a data breach is fairly standardized. Basic steps include (not necessarily in this order):

  • Convene response team, including IT, HR, legal and crisis management, among others (you do have a response team, right? If not, let’s talk)
  • Figure out what happened, including whether
LexBlog