Data Breach Planning for Small Businesses

by Christina Frangiosa

Many of the top stories last year related to data breach – from the Target breach during the Christmas Shopping Season (Dec. 2013: Prior Post, Small Business Magazine article; additional news coverage) to the UPS Store data breach during the summer (Aug. 21, 2014) to, more recently, the intentional hacking of Sony Pictures‘ servers (Nov. 24, 2014) and Staples’ data breach (Dec. 19, 2014).

It would be easy to believe that data security breaches happen only to large organizations, but such a belief would be mistaken. In the last year, a number of smaller companies have experienced breaches of the records they maintain. These can occur in at least two ways – 1) they may be the third-party vendor through whom hackers invade a larger company like Target or Home Depot; or 2) they use a third-party vendor who experiences a breach that impacts the smaller company’s customers. Continue reading

LinkedIn Sued for Providing “Trusted References” to Paying Subscribers

by Christina Frangiosa

On October 9, 2014, a class action complaint was filed in the U.S. District Court for the Northern District of California alleging that LinkedIn violated the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq., (“FRCA“) by offering to subscribers reports containing “Trusted References” without complying with the FCRA’s requirements to keep the data safe from disclosure. Sweet v. LinkedIn Corp., Civ. A. No. 5:14-cv-04531 (N.D. Cal. filed Oct. 9, 2014) (available at Law360subscription required).

Specifically, the complaint alleges that LinkedIn: 1) failed to comply with the certification and disclosure requirements of the FRCA for credit reporting agencies who furnish consumer reports for employment purposes; 2) failed to maintain reasonable procedures to limit the furnishing of consumer reports for the purposes enumerated in the FRCA and to assure the maximum possible accuracy of these reports; and 3) failed to provide the notices required by the FRCA to users of the consumer reports. Id. at 2. Plaintiffs seek both damages for past violations and injunctive relief to prevent the continued misuse of these reports in violation of the FRCA. Id. Continue reading

Moving to WordPress

by Christina Frangiosa

I am very pleased to announce that The Privacy and IP Law Blog has moved to WordPress, and to a dedicated domain – PrivacyandIPLawBlog.com! The blog will operate on both the Blogspot.com location and on the new location for a few months while all the kinks are worked out. Ultimately, the RSS Feed and subscriber links will also move to WordPress.

Why the switch?
 Continue reading

Is Your Company Subject to Laws Regulating Safe Destruction of Documents?

by Christina Frangiosa

Many companies have document retention policies – in other words, policies determining how long they will keep certain kinds of documentation.  These policies also frequently cover when documents may be destroyed in the normal course of business.  (Assuming, of course, that no litigation is pending and that there is no other reason why the company would be legally obligated to keep these documents.)  It’s almost a business necessity these days given the cost of document storage.

It is also a fairly safe bet that by now, most people have heard about the potential risks associated with data breaches, or at the very least, have heard about the Target data breach during the holiday season in 2013.

However, did you know that many states regulate how personal information can be destroyed?  Or, more specifically, how documents and records that contain such personal information may be discarded?  To date, at least thirty-one states have enacted laws like this (the link attached omits the Delaware law that was just enacted).

Continue reading

ABA IPL Publishes White Paper on Online Piracy and Counterfeiting

by Christina Frangiosa

On July 7, 2014, the ABA Intellectual Property Law (IPL) Section released its comprehensive white paper, outlining the results of its research and analysis of continuing concerns about online pirates and counterfeiters based overseas.  The white paper coins a term to describe the malfeasors:  Predatory Foreign Websites.

More information about the white paper, including a summary of the conclusions and recommendations it makes, can be found in its Press Release and in the copy of the White Paper available on the ABA IPL Section’s site.