Charles Shih

Subscribe to all posts by Charles Shih

Wyoming Broadens Data Breach Notification Law

By Charles Shih and Will R. Daugherty on Posted in Data Breach Notification Laws
Wyoming recently joined the list of states passing laws that broaden the scope of their data breach notification laws. On March 2, 2015, Wyoming signed into law two bills (S.F. 35 and S.F. 36) that expand the definition of personally identifiable information (PII) and require additional minimum content requirements for notifications to affected individuals. Specifically, … Continue Reading

FCC Plans $10 Million Cybersecurity Fine Against Two Telecoms

Photo of Craig A. HoffmanBy Craig A. Hoffman and Charles Shih on Posted in Cybersecurity
On October 24, 2014, the Federal Communication Commission (“FCC”) took a big step into the cybersecurity regulatory space when it announced its intent to assess a $10 million fine against two telecoms, TerraCom and YourTel America (“Companies”), for failing to protect the privacy of personal information the Companies collected from consumers. According to the FCC, … Continue Reading

Company Claims “HIPAA Has No Teeth”, Will Start Notifying Affected Individuals of Security Breaches and Vulnerabilities that Have Not Been Disclosed by Organizations

By Charles Shih on Posted in Data Breaches, HIPAA/HITECH, Medical Privacy
A company named SLC Security, LLC (“SLC”), recently announced that it will begin notifying individuals if it believes it has identified a security breach or vulnerability of a company and it has not received a satisfactory response from the company to which it reported the issue. On SLC’s blog, it claims it is providing “awareness … Continue Reading

National Highway Traffic Safety Administration Considers Privacy Implications for New Vehicle-to-Vehicle Technology

By Charles Shih on Posted in Federal Legislation, Geolocation
The Department of Transportation’s National Highway Traffic Safety Administration (“NHTSA”) announced in 2014 that it would begin steps toward implementing vehicle-to-vehicle (“V2V”) technology with an aim toward decreasing the number of traffic accidents on the nation’s roads.  V2V technology allows communication between cars on the road to alert drivers of potential accident situations.  However, with … Continue Reading

FTC Final Orders with Fandango and Credit Karma Provide Guidance on Mobile App Security

By Charles Shih on Posted in Mobile Privacy
In August 2014, the Federal Trade Commission (“FTC”) approved final orders resolving its actions against Fandango, LLC (“Fandango”) and Credit Karma, Inc. (“Credit Karma”) for allegedly misrepresenting the security of their mobile apps to customers because of alleged security flaws in both mobile applications. Companies can look to the complaints and settlement orders for guidance … Continue Reading

New Guidance for Merchants on Ensuring that Service Providers Share Security Responsibility

Photo of Craig A. HoffmanBy Craig A. Hoffman and Charles Shih on Posted in Cybersecurity, Information Security
For merchants, long gone are the days of using a card reader with a dial-up connection to their payment processor. Today’s omni-channel retailers rely on multiple third party service providers to complete payment card transactions. These third parties—call center operators, payment gateways, loyalty solution providers, managed security services, data-center hosts, mobile app developers, and fraud … Continue Reading

The FTC Takes a Closer Look at Alternative Scoring Products

Photo of Pamela Jones HarbourBy Pamela Jones Harbour, Jenna N. Felz and Charles Shih on Posted in Online Privacy
The Federal Trade Commission (“FTC”) hosted a panel discussion, in late March on “Alternative Scoring Products” as part its 2014 Spring Privacy Series, signaling the Commission’s increased attention on this burgeoning industry. The FTC has indicated that its “goal is to study what is happening in the alternative scoring space, what may be on the horizon … Continue Reading
LexBlog