Privacy Law Blog : Privacy Lawyers & Attorneys : Proskauer Rose Law Firm : CAN-SPAM, FCRA, FACTA

“Who Do You Trust” was a 1950’s game show that required players to decide whether they could rely upon the information provided by their partners to win cash prizes of $25, $50 and $75. In today’s increasingly networked environment, there’s a lot more at risk in trusting another’s information about cybersecurity. Corporations and industries complain that they can’t trust the timeliness and accuracy of government information about cybersecurity. And cybersecurity experts point to distrust over the motives of the government and competitors as a bar to information sharing among private entities. But despite that, everyone agrees that information sharing would inure to the general benefit of all involved.

Rep. Daniel Lungren of California,Chair of the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies of the House Committee on Homeland Security, is aiming at impediments to cybersecurity data sharing in a bill introduced on Dec. 15, 2011. S. 3674, the ‘‘Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act of 2011’’ or the “PRECISE Act of 2011,” contains, among other things, a provision that would encourage corporate and industry participation in government sponsored cybersecurity programs by including legal exemptions and protections for private entity information-sharing.  A copy of the bill as introduced is available here.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On April 7, 2011, the SEC announced that it had imposed fines of $20,000 each against the former president of a broker-dealer and a former broker for their actions in transferring customer information to a new firm as the defunct firm wound down. The SEC also fined the brokerage firm’s former chief compliance officer $15,000 for compliance failures and security breaches that took place at the defunct firm, some dating back to 2005. Click here to read our client alert about the SEC's recent action.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In August, we wrote about the ruling of a New Jersey appellate court in Stengart v. Loving Care Agency, Inc., in which the court took a very narrow view of the ability of employers to monitor the e-mail communications of employees over its computer networks. In that case, which is now on appeal to the New Jersey Supreme Court, the appellate court held that an employee did not waive her attorney-client privilege with respect to e-mails that she sent to her attorney while using the employer's computer network, but via her personal Web mail account, despite the existence of a broadly worded communications policy giving the employer the right to access all communications occurring over its network. The appellate court court ruled that even if the employer's policy applied to the employee (she disputed its applicability), the employer's right to access to such communications pursuant to that policy was limited by the employer's "legitimate business interests." Such interests did not extend, the court concluded, to the employee's communications with her attorney.

In contrast to the New Jersey court's narrow view of the applicability of such policies, the district court judge in Alamar Ranch, LLC v. County of Boise, 2009 U.S. Dist. LEXIS 101866 (D. Idaho Nov. 2, 2009), held that knowledge of employer monitoring of employee communications over its network could be imputed, not only to the employee but to the employee's attorney as well. As a result, the court held, the attorney-client privilege had been waived with respect to messages sent by the employee to the attorney using her employer-assigned e-mail account, and to messages sent to the employee at her employer e-mail address by the attorney.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

By Jeffrey D. Neuburger and Sara Krauss

Congress has been dithering over the adoption of a federal data security breach notice law for the last several years without coming to an agreement on a national standard for reporting breaches in the security of personal and financial data, but on February 17, data breach notice provisions applicable to health information were signed into law as part of the HITECH Act provisions of the massive economic stimulus legislation, H.R. 1 (111th Cong., 1st Sess. Feb. 17, 2009).

Beginning no later than September 16 of this year, "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA) will be required to give notice of breaches in the security of protected health information, and "business associates" of HIPAA-covered entities will be required to report such breaches to the covered entities. §13402(a) & (b). Currently, California and Arkansas are the only states that require that notification be given in the case of a breach in the security of medical or health insurance information.

• Email This
• Print
• Comments
• Trackbacks (1)
• Share Link