Privacy & Cybersecurity Newsletter

Locke Lord LLP
May 11, 2015

Locke Lord's Privacy & Cybersecurity Newsletter is a periodic publication to provide you with summaries on some recent developments in the fast-changing world of data security in the United States and Europe.

To read the Locke Lord Privacy & Cybersecurity Newsletter, click here.

In This Issue

Privacy And Other Issues Presented By Body Cameras
Body cameras are becoming part of the uniform for certain professionals including police officers and service personnel. read more

Rapid Developments in State Student Privacy Laws
In 2014, at least 16 states enacted laws regulating the privacy of student information. The trend is continuing in 2015, as at least 165 state student privacy bills have been introduced thus far, six of which have already been enacted in Virginia and Utah. read more

Facebook Class Action Lawsuit in Austria
A class action against Facebook has been filed in Vienna by privacy campaigner and Austrian law graduate, Max Schrems, along with 25,000 other users of the social network site. read more

Economic Impact from a Company’s Data Breach – No Big Deal? Not So Fast!
Recent data breaches have prompted worries about economic damage to the infiltrated companies. Analyses in fact show minimal effects on stock prices or revenues of the hacked companies. read more 

Delays Continue for OCR’s 2015 HIPAA Audits 
The Department of Health and Human Services Office for Civil Rights (“OCR”) continues to delay implementation of Phase 2 of its HIPAA Audit Program (“Phase 2”), which will build on OCR’s pilot audit program that concluded in 2012. read more

Entertainment Industry Agent Rightscorp Seeks Personally Identifiable Information of Thousands of Internet Users
In the past two years, Rightscorp, Inc. has sought the identity of thousands of Internet subscribers across the country, in order to obtain settlements for alleged violations of its clients’ copyrights. In its campaign, Rightscorp primarily relies upon subpoenas issued pursuant to 17 U.S.C. § 512(h) of the Digital Millennium Copyright Act (“DMCA”). read more

NAIC Planning to Require Cybersecurity Insurance Data Submission
The National Association of Insurance Commissioners’ (“NAIC’s”) Cybersecurity Task Force and Property and Casualty Insurance Committee are jointly considering whether to require a cybersecurity insurance coverage supplement in addition to the already-required Property and Casualty Annual Statement. read more

Insurance Regulatory Bellwether: NAIC Adopts 12 Principles for Effective Cybersecurity for Regulators
The National Association of Insurance Commissioners (“NAIC") is all over cybersecurity. On April 16, 2015, as a part of its aggressive work plan to help the insurance sector come up with an effective cybersecurity framework in the face of a tidal wave of data security breaches that pose a significant threat to consumer financial and health information, the NAIC’s Cybersecurity Task Force adopted 12 principles for effective cybersecurity insurance regulatory guidance. read more

Drone Privacy Implications Following the FAA’s Proposed Regulations
As Amazon recently stated in a letter to the FAA, “one day, seeing Amazon Prime Air will be as normal as seeing mail trucks on the road today.” read more 

Guidance on CCTV Surveillance and the Responsible Use of Drones in Hong Kong
Owing to the increased popularity of unmanned aircraft systems, Hong Kong’s Privacy Commissioner for Personal Data (PCPD) has issued a Guidance Note for Hong Kong on CCTV Surveillance and Use of Drones. read more

UK’s Serious Fraud Office Fined £180,000 for Disclosure of Confidential Documents from High-Profile Investigation
On 30 March 2015, the UK's Information Commissioner's Office ("ICO") announced that it has fined the Serious Fraud Office (“SFO”) £180,000 after sensitive evidence relating to 64 people involved in the BAE Systems (“BAE”) bribery investigation was accidently sent to the wrong witness, and subsequently leaked to the press. read more

North Dakota Broadens Reach for Breach Notification
North Dakota recently enacted an amendment that will again tighten its existing breach notification law. The current law, North Dakota Century Code Section 51-30 et. seq., has evolved over time, having been previously amended in 2013 to add health information to the definition of “personal information” that could trigger a notification if breached. read more

FTC Actions Highlight Pitfalls for Failing to Comply with the International Safe Harbor Privacy Frameworks
The Federal Trade Commission recently agreed to settle claims against two companies alleging that the companies were not abiding by the U.S.-EU Safe Harbor international privacy framework. read more

Cyber Bills Gain Momentum as DOJ Issues Cyber Guidance
While the U.S. Congress has been faulted for failing to find common ground on many issues, one exception seems to be cybersecurity and data sharing. read more