Gerald J. Ferguson

Gerald Ferguson currently serves as the Intellectual Property, Technology and Media Group Coordinator for the firm’s New York office. Mr. Ferguson also serves as the national leader of the firm’s Privacy and Information Security group. He has worked with companies to create national and global privacy policies. He has extensive experience advising companies regarding compliance with state breach notification laws. Mr. Ferguson is able to advise clients regarding notification obligations quickly and efficiently using a state-by-state survey of the 47 jurisdictions with breach notification laws that is regularly updated by Baker Hostetler’s Privacy and Information Security group. As part of his proactive approach to an incident response, he works with forensic consultants to develop the substantive opinions necessary to support a determination that disclosure of a breach is not required when possible. If disclosure is required, he uses a team approach to carefully manage the process in a cost-effective and efficient manner that focuses on minimizing reputational harm.

Mr. Ferguson is Chairman of the Intellectual Property Committee of the New York State Bar Association, International Law and Practice Section.

Subscribe to all posts by Gerald J. Ferguson

Privacy and Product Counseling: 2020 in Review

Summary Advising our clients on compliance with laws and regulations is, hands down, the most important aspect of our role as attorneys. In addition to seeking counsel on their obligations under laws and regulations, however – motivated by industry trends, utilization of and dependence on third-party services and platforms, and, this year, the COVID-19 pandemic … Continue Reading

IAB Launches CCPA Benchmark Survey

The Interactive Advertising Bureau (IAB), a leading advertising industry organization, has launched a CCPA Benchmark Survey to assess how companies across the digital advertising ecosystem are approaching CCPA compliance. The survey provides an opportunity for companies to anonymously report on their handling of various CCPA matters, including to provide statistics relating to the number of … Continue Reading

IAB Previews Solution for Interest-Based Advertising and CCPA ‘Do Not Sell’ Right

On September 17, 2019, numerous stakeholders in the digital advertising industry, including publishers, advertisers/brands, AdTech companies, and law firms (including numerous representatives from BakerHostetler) convened at the Interactive Advertising Bureau’s (IAB) headquarters in New York for a preview of its CCPA Industry Compliance Framework. Throughout the course of 2019, IAB has solicited input from a … Continue Reading

Deeper Dive: Plan for Regulatory Scrutiny in Financial Services Data Security Incidents

Financial services industry companies were involved in 18% of the over 300 data security incidents we helped manage in 2015, and reported in our 2016 BakerHostetler Data Security Incident Response Report (the “Report”). After healthcare, the financial services industry was the second most affected industry according to the data we reported. It is not surprising … Continue Reading

LabMD and Wyndham Decisions Curtail FTC’s Data Privacy and Security Reach

Both the administrative law judge’s decision in LabMD and the Third Circuit’s recent decision in Wyndham, which we previously blogged about, put the FTC on notice that it cannot assume that in the wake of a security breach, allegedly inadequate data security will necessarily constitute an unfair practice under Section 5 of the FTC Act. Further, … Continue Reading

Disregard CISA Chicken Littles: CISA Boosts U.S. Cyber Defense While Protecting Privacy

Yes: the Cyber Information Sharing Act of 2015 (CISA) was slipped into the must-pass Omnibus Spending Bill last week by House negotiators and became law on Friday. No: despite protestations from some quarters, the sky has not fallen on our personal privacy. Although critics decry CISA for providing the National Security Agency (NSA) with a … Continue Reading

What the FTC’s Settlement With Wyndham Means for Your Company

The recent settlement entered into between the Federal Trade Commission (FTC) Wyndham Hotels and Resorts and related companies (Wyndham) provides an important roadmap for companies seeking to avoid running afoul of the FTC’s regulation of data security. In particular, this settlement, as embodied in a Consent Order entered by the Court provides Wyndham Hotels and … Continue Reading

Challenging FTC Regulation of Cyber-security After FTC v. Wyndham

The Third Circuit interlocutory decision in Federal Trade Commission v. Wyndham Worldwide Corporation was widely reported as a big win for the Federal Trade Commission (“FTC”). But on closer examination, it was a split decision in which Wyndham Worldwide Corporation (“Wyndham”) can claim an important victory. While affirming the FTC’s authority to regulate cyber-security practices … Continue Reading

BakerHostetler’s First Data Security Incident Response Report Shows Human Error is Most Often to Blame

We are pleased to announce the release of the first BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our law firm advised on in 2014. It looks at the nature of the threats faced by companies, as well as detection and response trends, and … Continue Reading

Obama Administration Recognizes Cyber Threats to U.S. Critical Infrastructure as a National Emergency

Many cybersecurity experts have warned that the United States is already engaged in covert cyber warfare against hostile actors around the world. The latest cybersecurity Executive Order reflects formal recognition that, regardless of whether we call it war, cyber threat activity directed at U.S. critical infrastructure has created a national emergency. Exercising authority granted by … Continue Reading

FTC Says That Sponsors of Pinterest Contests Should Require Users to Post Pins with Hashtags Warning When Pins are Posted for a Prize

In a March 20, 2014 closing letter sent to fashion company Cole Haan, the FTC warned that use of the hashtag #WanderingSole in conjunction with a recent Pinterest contest did not adequately communicate the “material connection” between Pinterest contestants and Cole Haan and violates Section 5 of the FTC Act. Although the FTC declined to … Continue Reading

Financial Institutions Privacy and Security – 2013 Year in Review

Throughout 2013, financial institutions continued to face serious threats from cybercriminals targeting the personal information of banking customers and their financial assets through the use of malicious software and denial of service attacks (DDoS).  In fact, according to the Verizon 2013 Data Breach Investigation Report, which is available here, thirty-seven percent of breaches this year … Continue Reading

New DoD Rule Promotes Voluntary Sharing of Cyber-Security Threat Information Between DoD and Defense Contractors

Co-authored by: Alan Pate On October 22, 2013, the Department of Defense (DoD) published its Final Rule establishing a program for promoting voluntary sharing of cyber threat information between the DoD and government contractors. The DoD intends this information sharing program to “enhance and supplement” participating defense contractors’ capabilities to safeguard DoD information.  Unlike failed … Continue Reading

Proposed Amendment to EU Privacy Regulations May Force Choice Between Violating US and EU Law

Authored by Gerald Ferguson and Alan M. Pate On Monday, October 21, 2013, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) voted to approve an amended version of the proposed EU General Data Protection Regulations.  Included in the compromise package is Article 43a, a provision that restricts controllers or processors of … Continue Reading

Are You Ready for the New Telephone and Text Marketing Rules?

Effective October 16, 2013, the rules governing telephone and text marketing will significantly change. Under prior Federal Communications Commission (FCC) regulations issued under the Telephone Consumer Protection Act (TCPA) (47 U.S.C. 227), telephone and text marketers could telephone and text market to consumers’ residential phones using autodialing equipment that is standard in call center operations, … Continue Reading

What You Should Be Doing Now to Prepare for Implementation of the Cybersecurity Executive Order

Co-Authored by: Theodore J. Kobus III A tempting response to the Cybersecurity Executive Order (the “Order”), announced by President Obama at his State of the Union address, is to ignore it.  It is vague in key particulars, such as which companies are part of the “critical infrastructure” and therefore subject to the Order.  The only … Continue Reading

Facebook Opens Door to Giving Your Personal Information to an Affiliated Ad Agency

Give Facebook credit for candor. Facebook does not call the policy describing what it does with your personal information a “privacy policy”, but rather a “Data Use Policy”. The nomenclature is appropriate. The Facebook Data Use Policy is not so much about protecting the privacy of the information you share on Facebook as it is … Continue Reading

Data Breach Class Action against Popular Video Game Developer Dismissed for Failure to Plead Adequate Damages

Authored by: Alan Pate In a ruling this past Wednesday, November 14th, a Federal Judge in the Western District of Washington dismissed a class action against video game developer Valve Corporation. The class action stemmed from a November 6th, 2011 data breach of Valve’s popular online video game distribution platform, “Steam.” As a result of … Continue Reading
LexBlog