Cybersecurity

Data Breaches: An Employer’s Duty to Protect Employees’ Personal Information

By Aaron Wais

Recently, there has been much discussion about the Superior Court of Pennsylvania’s ruling in Dittman v. UPMC, which affirmed a lower court’s order dismissing an employee class action against their employer over a data breach.  While this was a significant victory for employers, non-Pennsylvania employers should temper their enthusiasm.  As one recent federal court decision in California makes clear, the reasoning of Dittman may not extend far beyond, if at all, the borders of Pennsylvania.  Moreover, regardless of their outcomes, both cases also reinforce the need for employers to maintain legally compliant, written policies for safeguarding private information and responding to data breaches.

In Dittman, a data breach resulted in the theft of the personal information (e.g., names, birth dates, social security numbers, banking information) of approximately 62,000 UMPC current and former employees.  The information was used to file fraudulent tax returns and steal tax refunds from certain employees.

(more…)

Importance of Maintaining Cybersecurity Measures – Assessing the Ashley Madison Data Breach Settlement

By Aaron Wais

Daily headlines of data breaches, resulting class actions, governmental investigations and enforcement actions, and the settlements of those actions serve as constant reminders of the need to implement and maintain reasonable cybersecurity measures. Yet another example can be found in the recent announcement by the Federal Trade Commission, which states that the operators of Ashley Madison have agreed to settle the charges brought against them by the FTC and over a dozen state attorneys generals arising out of the July 2015 data breach of Ashley Madison’s network. Analyzing the settlement also provides additional guidance on what regulators mean when they refer to reasonable safeguards.

(more…)

Shielded but Not Covered – Privacy Demands Better Protection

By Susan Kohn Ross 

Yesterday, the Article 29 Working Party took action which some found surprising and others predicted. It found the EU-U.S. Privacy Shield did not contain adequate protections and needs further improvement. The Working Party’s statement can be found here.

While acknowledging the Privacy Shield contains “significant improvements” over the previous Safe Harbor, the Working Party also stated its objective is to “make sure that an essentially equivalent level of protection is maintained when personal data is processed subject to the provisions of the Privacy Shield.” (more…)

The More Things Change – The More They Stay The Same

By Susan Kohn Ross

Originally published by the Journal of Commerce in January 2016

In writing this article, it was interesting to look back and see whether the old crystal ball was accurate in its predictions in earlier years. Truthfully, the expectation was the old themes were similar over time, and that turned out to be the case. Those earlier articles made clear, the challenges facing businesses in the context of import and export remain complex. By way of example, one constant theme is the rising cost of compliance. A related theme has to do with the expanding complexity of issues demanding compliance efforts. (more…)

Cyber Bill No Real Help to Supply Chain Security

By Susan Kohn Ross

Originally published by the Journal of Commerce in January 2016

In the lead-up to President Obama signing into law on December 18, 2015 the Cybersecurity Act of 2015, Public Law. 114-113, there was hope that finally there would be a vehicle through which the federal government would be able to share broad ranges of supply chain security information with C-TPAT members. Alas, that did not turn out to be the case. (more…)

DOJ Sets Its Sights on Directors and Officers

By Susan Kohn Ross

Originally published in September 2015.

Whether publicly traded or privately held, corporate boards have been put on notice – the Department of Justice (Justice or DOJ) is after you! On September 9th, DOJ issued a memo entitled: Individual Accountability for Corporate Wrongdoing. In it, Main Justice made clear to all offices that any activity which involves the potential for liability on the part of a corporation can and must also focus on the potentially culpable individuals. (more…)

New Cybersecurity Law – Are You Prepared?

By Susan Kohn Ross

Originally published in January 2016

On December 18, 2015, President Obama signed into law the Cybersecurity Act of 2015. Beginning at Division N, Public Law 114-113 deals with cyber threats and includes the framework for the means and methods by which the private sector may submit such information to the government and by which the government is intending to share comparable information with the private sector (and others). (more…)

EU Safe Harbor- Nothing Settled Yet

By Susan Kohn Ross

While a new Safe Harbor agreement was hoped for by the January 31, 2016 deadline, negotiations still continue. It is expected the European Commission will receive an update, but keep your fingers crossed for an actual deal! In the meantime, American companies continue to rely on recommended provisions to satisfy their privacy protection requirements.

Tips re Cybersecurity

By Susan Kohn Ross

Los Angeles City Attorney Mike Feuer recently provided tips to aid individuals to protect themselves from identity theft:

  • Shred all documents containing personal, financial or medical information before you throw them out.
  • Be cautious using debit cards. Don’t use at gas pumps or for shopping online.
  • Don’t respond to e-mails, calls or texts seeking sensitive information. Legitimate companies don’t seek customers’ information this way.
  • Create strong passwords that mix letters, numbers and special characters, and use different passwords for different accounts.
  • Lock your mailbox. Stolen mail is a leading cause of identity theft.
  • Don’t keep your license, title and registration in your glove compartment.

(more…)