Information Technology Law is our Focus

phone icon(313) 575-7234
divider

Alerts


E.U. Sets Privacy Shield Deadline for U.S.

/ 0 Comments

The European Union General Data Privacy Regulation (GDPR), which took effect in May 2018, covers the handling of personal information of E.U. citizens, including by U.S.-based companies. The E.U.-U.S. Privacy Shield is a framework to provide companies with a mechanism to comply with the GDPR. It includes self-certification of adequate data protection practices, including data transfers. The Privacy Shield program is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce.

The U.S. has yet to appoint a permanent ombudsperson to handle any complaints by E.U. citizens that a company is not complying with the GDPR.  The E.U. has now set a deadline of February 28, 2019 for that appointment to be made. The acting ombudsperson, Judith Garber, has recently been nominated as U.S. ambassador to Cyprus. Whether the U.S. will meet the deadline remains to be seen.

More information about the E.U.-U.S. Privacy Shield is available here. Access an article with more information about the E.U.’s imposed deadline here. Contact us at Ossian Law P. C. regarding any information technology law matter.

© 2019 Ossian Law P.C.

Read More
separator

Small Businesses and the Equifax Breach

/ 0 Comments

Last year, credit reporting agency Equifax experienced a data breach that impacted 143 million consumers. Fallout from the breach included class action lawsuits initiated by various plaintiff classes such as consumers, financial institutions and a small business class.

In a recent motion to dismiss the claims of the small businesses, Equifax argued that the businesses lack the necessary “standing” to bring such claims, as the exposed data belonged to the owners of the small businesses rather than the businesses themselves. 

In response, the businesses argued that they are “foreseeable victims” in addition to their consumer owners and cite to the importance to small businesses of owner creditworthiness. The businesses pointed to damages incurred including credit reporting and monitoring and other steps that were taken to guard against the potential impact of the Equifax breach.The court has not yet decided Equifax’s motion to dismiss the small businesses’ claims.

The Consolidated Class Action Complaint for Small Business Claims is available here.  Contact us at Ossian Law P. C. regarding any information technology law matter.

© 2018 Ossian Law P.C.

Read More
separator

Can Smart Cities be Hacked?

/ 0 Comments

Earlier this year, citizens in Hawaii experienced a false missile attack alert resulting from employee error. The potential for similar incidents caused by hackers in so-called “smart cities” has been identified by researchers at IBM X-Force Red and cybersecurity firm Threatware. Smart cities, including New York City, San Francisco, Chicago, Atlanta, Charlotte, North Carolina and Kansas City, Missouri use connected systems to operate municipal resources like traffic control and transportation, surveillance and to detect natural disasters.

Among the vulnerabilities the researchers identified were the use of default passwords and networks being exposed online. Potential hacking could cause traffic jams, false disaster alerts and hijacking surveillance systems. Each of the companies involved in providing the technology, Echelon, Battelle and Libelium have stated that the vulnerabilities have already addressed or are being dealt with.

An article with more information is available here. Contact us at Ossian Law P. C. regarding any information technology law matter.

© 2018 Ossian Law P.C.

Read More
separator

Alabama: Final State to Enact Data Breach Notification Law

/ 0 Comments

As of June 1, 2018, Alabama has become the 50thstate to enforce a data breach notification law to protect the personally identifiable information of its residents.

Not unlike other states’ laws, the Alabama law defines “sensitive personally identifying information” as an Alabama resident’s first name or  initial and last name in combination with: (a) a Social Security number or tax ID; (b) driver’s license number, passport number or similar ID number; (c) a financial account number, such as a credit card; (d) a person’s medical history, treatment, diagnosis or health insurance policy number; or (e) a user name, email address in combination with a password or security question and answer.

Breach notification must be provided in writing and include the date or estimated date of the breach, a description that was acquired and the actions taken to restore the security and confidentiality of the information involved. Penalties for violation of the act can result in civil penalties of up to $500,000 per breach.

The Alabama Data Breach Notification Act is available here. Contact us at Ossian Law P. C. regarding any information technology law matter.

© 2018 Ossian Law P.C.

 

Read More
separator

Disney denied preliminary injunction against Redbox based on “copyright misuse”

/ 0 Comments

Read More
separator

Marvin Photographs, LLC. v. LiveJournal, Inc.

/ 0 Comments
Read More
separator

Regulating Personal Delivery Devices

/ 0 Comments

Personal delivery devices, or PDDs, have begun rolling along some cities’ streets, transporting carry-out from local restaurants and delivering parcels. Unlike flying drones that fall under the jurisdiction of the Federal Aviation Administration, there is no basis for federal jurisdiction over these devices, sometimes referred to as “ground drones.”

Four states, Virginia, Idaho, Wisconsin and Florida have recently passed laws regulating PDDs. The city of San Francisco is considering banning them outright, citing safety considerations given the city’s many narrow and steep sidewalks.

The current state laws include restrictions on weight of the device (typically limited to 50 or 80 pounds without cargo), requiring unique identification numbers, a braking system, speed limits, insurance requirements and prohibiting the transport of hazardous materials. Penalties for violating these laws may include both civil infraction and criminal misdemeanor.

Access the Florida law here. Contact us at Ossian Law P.C. regarding any information technology law matter.

© 2017 Ossian Law P.C.

Read More
separator

“Zombie” Cookie Enforcement Action

/ 0 Comments

Cookies are unique, persistent text files stored in a user’s browser that allow an app provider to recognize that user when the browser reconnects with the provider’s server. They are widely used by ecommerce and other web sites. A user can delete or control cookies by changing their browser settings.

The Federal Trade Commission recently entered into a consent agreement with Turn, Inc., a California-based digital marketing company, over its alleged use of “zombie” cookies (ones that were expressly deleted by users) from mobile apps without properly disclosing this practice.  The FTC asserted that Turn misrepresented in its privacy policy that users could restrict Turn’s ability to track users by blocking or limiting cookies and that users could opt out of tailored advertising through Turn’s opt-out page.

The consent agreement requires various actions by Turn over the next 20 years, including making clear and conspicuous disclosure of information that is collected and used for targeting advertising, providing users a true “opt out”, honoring user controls, compliance reporting, recordkeeping and compliance monitoring.

The FTC’s complaint is available here. The FTC’s decision and order are available here. Contact us at Ossian Law P.C. regarding any information technology law matter.

© 2016 Ossian Law P.C.

Read More
separator

A Medical Device Hacking Warning

/ 0 Comments

Johnson & Johnson has issued a formal warning to over 110,000 patients that its Animas OneTouch Ping insulin pump, if left unencrypted, could be hacked and result in a potential overdose of insulin to a diabetic patient. This is the first time a medical device manufacturer has issued such a warning.

The company has stated that it is not aware of any actual hacking of the devices and that the risk itself is extremely low, given that the pump is not connected to the Internet and could only be hacked within a proximity of 25 feet. In addition to the warning, Johnson & Johnson also provided step-by-step advice to patients on how to protect their devices.

Given the proliferation of the Internet of Things, this warning may be just the first of many from manufacturers of medical and other types of smart and connected devices. Read more about the warning here. Contact us at Ossian Law regarding any information technology law matter.

Read More
separator

eCommerce Law Article April 2015

/ 0 Comments
Read More
separator


separator