Tag Archives: personally identifiable information

The Video Privacy Protection Act: Watching the Courts Through Crossed Eyes

The Video Privacy Protection Act (VPPA), passed by Congress in 1988, is intended to prevent a “video tape service provider” from “knowingly” disclosing an individual’s “personally identifiable information” (PII) to third parties where that individual “requested or obtained … video materials,” such as “prerecorded video cassette tapes or similar audio visual materials.” At the time … Continue Reading

Federal agencies given new breach response and preparation guidelines

By Erich Falke on January 17, 2017 Posted in Breach Notification

The White House has made a step toward implementing in federal agencies some breach response best practices currently used in the private sector. On Jan. 3, the White House issued a memorandum (Memo) updating for the first time in almost a decade guidelines on how federal agencies should prepare for and respond to a breach … Continue Reading

New Cop on the Block – FCC’s Proposed Data Privacy and Security Rulemaking for Broadband Internet Access Providers

By Alan L. Friel and Suchismita Pahi on May 6, 2016 Posted in Cybersecurity

In 2015, the Federal Communications Commission (FCC or global Commission) issued its Open Internet Order, applying Section 222 of the federal Communications Act to broadband Internet access services (BIAS), and in doing so took jurisdiction over privacy and data security matters for Internet Service Providers (ISPs). In doing so, it declined requests by some advocacy … Continue Reading

Wyoming Broadens Data Breach Notification Law

By Charles Shih and Will R. Daugherty on April 2, 2015 Posted in Data Breach Notification Laws

Wyoming recently joined the list of states passing laws that broaden the scope of their data breach notification laws. On March 2, 2015, Wyoming signed into law two bills (S.F. 35 and S.F. 36) that expand the definition of personally identifiable information (PII) and require additional minimum content requirements for notifications to affected individuals. Specifically, … Continue Reading

National Highway Traffic Safety Administration Considers Privacy Implications for New Vehicle-to-Vehicle Technology

By Charles Shih on October 6, 2014 Posted in Federal Legislation, Geolocation

The Department of Transportation’s National Highway Traffic Safety Administration (“NHTSA”) announced in 2014 that it would begin steps toward implementing vehicle-to-vehicle (“V2V”) technology with an aim toward decreasing the number of traffic accidents on the nation’s roads. V2V technology allows communication between cars on the road to alert drivers of potential accident situations. However, with … Continue Reading

It’s Raining PII in New York

By Judy Selby on November 26, 2012 Posted in Identity Theft

On November 25, 2012, the front page of the New York Post blasted the headline, “Drop Secret. Shred Alert! Covert cop files used as parade confetti.” The Post reported that shredded files appearing to contain material from Long Island’s Nassau County Police Department were dropped during this year’s Thanksgiving Day parade. The confetti reportedly contains … Continue Reading

Loss of Personal Information in Security Breach Results in Loss of Some “Unidentified Value”

By Craig A. Hoffman on April 20, 2011 Posted in Data Breaches, Online Privacy, Privacy Litigation

A December 2009 SQL injection attack against social network application maker RockYou.com’s database resulted in the breach of 32 million log-in credentials ( e-mail address and password). Not only did RockYou.com store the log-in credentials of its users in plain text, it also stored those user’s log-in credentials for social networking sites like Facebook and … Continue Reading