Category Archives: Internet Privacy

Subscribe to Internet Privacy RSS Feed

HIPAA Privacy Rules Changes Proposed by OCR!

Healthcareinfosecurity.com reported that OCR (Department of Health and Human Services’ Office for Civil Rights) which is the “HIPAA enforcement agency is planning to seek the public’s input through notices of proposed rulemaking and a request for information before making possible changes.”  The March 28, 2018 article entitled “OCR Considering HIPAA Privacy Rule, Enforcement Changes” included … Continue reading this entry

Mark Zuckerberg requested to testify to Congress about Facebook/Cambridge Analytica Privacy

The Washington Post reported that there was an official request for Mark Zuckerberg to testify at the House Energy and Commerce Committee since the Committee believes the “CEO of Facebook, he is the right witness to provide answers to the American people. We look forward to working with Facebook and Mr. Zuckerberg to determine a … Continue reading this entry

Tax phishing attacks leads to theft of millions of passwords at Office365 (think Microsoft)!

Darkreading.com reported a “new wave of phishing attacks aims to dupe users and steal their passwords by disguising malicious emails as tax-related notifications from the IRS.” The March 2, 2018 report entitled “Millions of Office 365 Accounts Hit with Password Stealers” included these comments: Barracuda Networks last month flagged a “critical alert” when it detected … Continue reading this entry

German Court Ruling against Facebook portends trouble under GDPR!

Law.com reported about “a three-year battle, a regional court in Berlin has found that Facebook’s default privacy settings, terms of service, and requirement that users register under their own name violate Germany’s data privacy and consent rules. “  The article entitled “Facebook Foreshadowing: German Court Underscores Tech’s Uncertain GDPR Future” included these comments about how … Continue reading this entry

Cybersecurity threats targeted at State elections?

The Washington Post wrote an article that “State officials have been scrambling to address vulnerabilities in their systems, particularly since the fall, when the Department of Homeland Security disclosed the attempts on the 21 states. Though it is not believed there were further attacks, experts say Russian operatives may have been laying the groundwork for … Continue reading this entry

GDPR will change world-wide privacy on May 25, 2018: here are 13 key GDPR terms you better know!

DMNews.com reported that GDPR is “a massive piece of legislation and if you want to read all 250+ pages, talk about it with fellow data nerds or marketing professionals, or just comprehend the various articles online, you need to know some of the key terms.”  The January 24, 2018 report entitled “13 Key GDPR Terms … Continue reading this entry

PBS Audio: Privacy does not exist, and no one cares!!

Please tune and listen to my friend Lauren Silverman’s interview on KERA/Think of Professor Randolph Lewis about privacy, or lack thereof since “many types of surveillance are pitched as ways to make us safer, almost no one has examined the unintended consequences of living under constant scrutiny and how it changes the way we think … Continue reading this entry

Will the Supreme Court rely on a 1979 case (think 18,134 Internet years) for Internet/cellphone privacy in 2017?

On November 29th the US Supreme Court will consider the case of US v. Carpenter where “police acquired the data from Carpenter’s wireless carriers without a warrant showing probable cause”  which led to Timothy Carpenter’s conviction that he was  “leading a gang of robbers” and the “prosecution produced cellphone-tower data that tracked the whereabouts of Carpenter’s … Continue reading this entry

Whoa! Did you know that Equifax claims to own your data?

In testimony before the US Senate we hear that “Equifax, and not consumers, that owns all the granular data collected about them, and that consumers cannot request to exit the company’s files.”  The Washington Post’s report on November 8, 2017 entitled “Equifax says it owns all its data about you” started with the comment that … Continue reading this entry

Supreme Court will consider a 1986 law about phone records and how it applies to emails in 2017 outside the US

The New York Times reported that the US Supreme Court will consider a case against Microsoft to “decide whether federal prosecutors can force technology companies to turn over data stored outside the United States.”  In 1986 Congress passed the Stored Communications Act (SCA) to control telephone records long before the Internet we know today, but … Continue reading this entry

GUEST BLOG: Neither Rain, nor Sleet, nor Dark of Night Shall Stay the Application of HIPAA Regulations…

My Guest Blogger Eric Levy is a senior attorney in Gardere’s Trial Practice Group who focuses on HIPAA, PHI, cyber security, PCI compliance, PII, eCommerce, and related complex contract negotiations and litigation. Eric has received the Certified Information Privacy Professional (CIPP-US) designation from the International Association of Privacy Professionals (“IAPP”). It is beyond dispute that Hurricanes … Continue reading this entry

Equifax confessed that it failed to protect personal data of 143+MILLION CUSTOMERS!

The New York Times reported “that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver’s license numbers.”  The September 7, 2017 report entitled “Equifax Says Cyberattack May Have Affected 143 Million Customers” included the bad news: Potentially adding to criticism of … Continue reading this entry

US Cyber insurance market exceeds $2.49 Billion!

A report to the Cybersecurity (EX) Task Force explains the growth of cyber insurance to more than $2.49 billion in 2016 because “Cybersecurity breaches can cause a major drain on the U.S. economy”…and in particular “Financial Services Sector is perhaps the most under attack from cyber criminals.”  The August 6, 2017 “Report on the Cybersecurity … Continue reading this entry

Cyber intrusions reporting will ramp up around the world in 2018 under GDPR (think EU Privacy Laws)!

On May 25, 2018 the new General Data Protection Regulation (GDPR) will take effect and according my friend Benjamin Wright who wrote a paper for the SANS Institute GDPR “is motivating organizations worldwide to improve existing technical controls for securing personal information. Organizations should be especially aware that the GDPR and other recent legal developments … Continue reading this entry

Anthem agrees to pay $115 million for 2015 cyber intrusion to settle litigation!

BusinessInsurance.com reported that “Anthem Inc., the largest U.S. health insurance company, has agreed to settle litigation over a hacking in 2015 that compromised about 79 million people’s personal health information for $115 million, which lawyers said would be the largest settlement ever for a data breach.”  The June 26, 2017 report entitled “Anthem to pay … Continue reading this entry

Facebook lied to the EU about privacy & will pay a $122 million fine!

The Washington Post reported that “Facebook was not honest about its ability to identify users who had both Facebook and WhatsApp accounts and link those accounts” during Facebook acquisition in 2014.  The May 18, 2017 report entitled “Facebook will pay $122 million in fines to the E.U.” included these details: When Facebook notified the acquisition … Continue reading this entry

Arizona passes a law recognizing that Blockchain is secure!

CIO from IDG reported that the first state to legalize Blockchain with this description “A record or contract that is secured through blockchain technology is considered to be in an electronic form and to be an electronic record.” The May 4, 2017 article entitled “Is blockchain technology secure for your company’s transactions?” described countries that … Continue reading this entry

IoT Privacy Lawsuit- Bose sued for taking headphone data without consent!

A class action was filed against Bose which alleges that Bose “Unbeknownst to its customers, however, Defendant designed Bose Connect to (i) collect and record the titles of the music and audio files its customers choose to play through their Bose wireless products and (ii) transmit such data along with other personal identifiers to third-parties—including … Continue reading this entry

GUEST BLOG: It’s time to wake up and figure out how GDPR affects you!

My Guest Blogger Eddie Block (CISSP, CIPM, CIPP/G, CISA, CEH) is a senior attorney in Gardere’s Litigation Group and member of the Cybersecurity and Privacy Legal Services Team who focuses on all aspects of information cyber security, including credentialing functions, firewall and IDS deployment and monitoring, and penetration testing, and related complex litigation.  Eddie blogs at JurisHacker. You’ve heard about … Continue reading this entry

HIPAA data risk in IoTs among 10 security risks with Wearables

CSOonline reported that most IoT (Internet of Things) wearable companies that collection personal data “don’t carefully anonymize health-related data have effectively acquired what’s known as electronic Protected Health Information (ePHI), ‘which puts you squarely in the HIPAA world.’” The March 29, 2017 report entitled “10 security risks of wearables” included these 10 security risks, many … Continue reading this entry

IBM Watson using Blockchain to protect Electronic Medical Records (EMRs)!

Computerworld announced that “IBM’s Watson Health artificial intelligence unit has signed a two-year joint-development agreement with the U.S. Food and Drug Administration (FDA) to explore using blockchain technology to securely share patient data for medical research and other purposes.” The January 11, 2017 article entitled “IBM Watson, FDA to explore blockchain for secure patient data … Continue reading this entry

GUEST BLOG: User training is the best way to protect against Cyber Phishing, is that so hard to understand?

My Guest Blogger Eddie Block (CISSP, CIPM, CIPP/G, CISA, CEH) is a senior attorney in Gardere’s Litigation Group and member of the Cybersecurity and Privacy Legal Services Team who focuses on all aspects of information cyber security, including credentialing functions, firewall and IDS deployment and monitoring, and penetration testing, and related complex litigation.  Eddie blogs at JurisHacker. Since … Continue reading this entry

D-Link opposes the FTC lawsuit that its routers and baby cameras are exposed to cyberattacks!

The Cause of Action Institute (CoA Institute) filed D-Link’s Motion to Dismiss in response to the FTC lawsuit which claims are based on D-Link’s “failure to secure devices from cyberattacks!”  The  CoA Institute Motion was filed on January 31, 2017 and is set for a hearing on March 9, 2017 and stated that the FTC claims … Continue reading this entry

$3.2 million HIPAA fine for violations since 2006!

The Office for Civil Rights (OCR) issued a Final Notice that Children’s Medical Center of Dallas among other things failed “to implement risk management plans, contrary to prior external recommendations to do so, and a failure to deploy encryption or an equivalent alternative measure on all of its laptops, work stations, mobile devices and removable … Continue reading this entry