Sextortion Case Treads A Well-Worn Path: Are Passwords Protected Under the Fifth?.

A case of “sextortion” – blackmailing someone over naked footage (digital footage, more specifically, to reflect the times we live in) – between Instagram celebs has again dredged up the decidedly non-superfluous legal quagmire that’s been repeatedly visited since at least 2009: Is forcing a defendant to spit out his or her password a violation […] read more

HIPAA/HITECH Doesn’t Require You To Be Perfect, But It Does Expect You To Follow The Rules.

A couple of recent Department of Health and Human Services (HHS) legal settlements emphasize paperwork over security, showing that a healthcare entity’s approach to safeguarding data must be holistic: yes, you need to use encryption, and lock doors, and hide screens from potential medical data peeping-toms…but you also need to make sure that you’ve followed […] read more

Tennessee Updates Law That Required Notification For Encrypted Personal Data Loss.

In 2016, Tennessee created something of a legal furor when it became the first state to require data breach notifications (DBN) even if the lost or stolen data was protected with encryption. Earlier this month, a new law took effect that “clarifies [this] confusion” for companies: they are not required to send DBNs if the […] read more

Michaud Case In Playpen Hack Gets Dropped By Feds.

One of the most controversial US legal actions in the past couple of years, arguably, is the FBI’s approach in arresting hundreds of child pornographers who were frequenting a site in the Dark Web. Because surfing the nether regions of the internet requires the use of a special, secure browser called Tor, the FBI exploited […] read more

Data Breach Results In Loss Of $350 Million in Yahoo-Verizon Deal.

Last week, Verizon finally decided to go forward with the acquisition of Yahoo, the perennial would-be comeback internet search and media company. The deal, announced last year, saw an unusual delay when Yahoo revealed that it had been hacked, the largest data breach in history as of then. This was followed a couple of months […] read more

Horizon BCBSNJ HIPAA Charge Over Two Laptops Settled For $1.1 Million.

Horizon Blue Cross Blue Shield of New Jersey (Horizon BCBSNJ) has settled a data breach that affected approximately 690,000 New Jersey residents. This data breach was noted on this blog not too long ago: In January, the Third Circuit Appellate Court declared that a lawsuit against the insurer could proceed because the “improper disclosure” of […] read more

Australia Finally Gets A Data Breach Notification Law.

The Land Down Under is finally getting a data breach notification law. This should come as a surprise to many since (a) many would have assumed that Australia already has one and (b) it’s 2017 – unless you’re a war-ravaged country, chances you have a breach notification law. Because that’s how bad things are on […] read more

Third Circuit Appellate Court Says “OK” To Data Breach Lawsuit.

Recently, the US Court of Appeals for the Third Circuit concluded that “the improper disclosure of one’s personal data in violation of FCRA [Fair Credit Reporting Act] is a cognizable injury for Article III standing purposes.” In other words, people can go to court over data breaches and data breaches alone; there is no need […] read more

iPhone Encryption: FL Appeals Judge Says “OK” to Compel Password.

A new iPhone encryption case is making the headlines. Unlike many of the controversial ones to date, I think it can safely be said that in this case, the courts were right in compelling the suspect to unlock his smartphone.   Up-Skirt Videos A voyeur – we’ll call him John Doe, although his name was […] read more

Laptop Encryption: Chesapeake Public Schools Laptop Theft Affects Over 10,000 Employees.

According to a couple of sources, Chesapeake Public Schools in Virginia is notifying employees about a potential data breach. Per their announcement, nearly 11,000 people could be affected by the theft of a laptop computer. It appears that laptop encryption software was not used to protect the contents. Password protection, however, was used. Assuming that […] read more