Category: Privacy

New SEC Rule to Protect Investors from Identity Theft

The Securities and Exchange Commission adopted new rules requiring investment advisers, broker-dealers, mutual funds, and certain other entities regulated by the agency to adopt programs to detect red flags and prevent identity theft. In 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act amended the Fair Credit reporting Act to add the SEC to

Data Breaches in Massachusetts

Through September 30, 2011, the largest share of breaches was not in the financial sector, but in the retail and healthcare industries, along with government. On October 31, 2007, the Commonwealth’s Data Security Breach Law, Mass. Gen. Law c. 93H, went into effect. On March 1, 2010, the Office of Consumer Affairs and Business Regulation’s

Proposed Identity Theft Red Flags Rules

Identity theft is a serious problem. Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act increased the scope of firms that would be subject to federal regulatory requirements on identity theft rules. The Securities Exchange Commission and the Commodities Futures Trading Commission just published a proposed rule addressing that new scope. Section

Enforcement of the Massachusetts Data Privacy Law

It’s been almost 18 months since the Massachusetts Data Privacy Law went into effect. Belmont Savings Bank has become one of the first charged with violating the law. Belmont Savings Bank maintained personal information on an unencrypted backup data tape and then lost the tape. According to surveillance footage the tape was likely discarded inadvertently by

Is Your Copier in Compliance?

I remember the days of the mimeograph. In class people would inevitably sniff the newly printed pages. For a teacher, the danger was that the latent copy would fall into the wrong hands. Animal House highlighted that danger. Current day copiers are much more advanced than the mimeograph, but the dangers of the latent copy

Data Privacy Day

Data Privacy Day is January 28, 2011. There have events throughout the week to inform and educate us all about our personal data rights and protections. Here are some key reminders: Never Post or Share Personal Information such as a date of birth, personal address, or maiden name because identity thieves now friend as many

Feds Release Usable Model Consumer Privacy Notice

There was much cheering when federal regulators finally released their Final Model Privacy Notice Form back in November. That was quickly followed by a gnashing of teeth when it turns out the regulators did not understand the concept of a form or how to use Adobe Acrobat. They merely created a static document that you

N.J. Supreme Court upholds privacy of personal e-mails accessed at work

The New Jersey courts have been handling a case that squarely addressed a company’s ability to monitor employee email. Back in April of 2009, I mentioned a New Jersey case that found e-mail, sent during work hours on a company computer, was not protected by the attorney-client privilege: Compliance Policies and Email. That later was

Data breach Sharing Framework

With the Massachusetts Data Privacy Law now in place (and presumably you are in compliance with it), you need to think about what to do if you have an incident. Verizon has published the Verizon Incident Sharing Framework to help. Our goal for our customers, friends, and anyone responsible for incident response, is to be