Data privacy litigation and enforcement actions continue to roil the private sector, most recently with the FTC’s announcement of a $425 million settlement with Equifax in the wake of the Equifax data breach. Less discussed is the fact that data privacy and security remains a real threat in the public sector. As we recently reported, the 2019 Verizon Data Breach Investigations Report found that 16% of confirmed data breaches were in the public sector. Three recent developments highlight the breadth and scope of the threat, reflecting that federal agencies and government contractors remain vulnerable to cyberattacks and may be subject to liability for cybersecurity failures.
Continue reading “Data Privacy Exposure Hits the Public Sector: Lessons from the OPM Data Breach Class Action, Whistleblower Actions, and the GAO Cybersecurity Report”
The GAO recently concluded a comprehensive analysis of the U.S. federal regulatory landscape with respect to internet privacy, specifically focusing on FTC and FCC enforcement actions and authorities. GAO interviewed representatives from industry, consumer advocacy groups, academia, FTC and FCC staff, former FTC and FCC commissioners, and officials from other agencies. (See page 40 of the GAO report for a complete list of those interviewed.) GAO recommends that Congress consider developing comprehensive legislation on internet privacy that would enhance existing consumer protections and provide flexibility to address a rapidly evolving privacy environment.
Continue reading “GAO Report Recommends Congress Consider Comprehensive Privacy Regulation”
It’s not news that various branches of the federal government have been studying a range of privacy and consumer safety issues that arise with ever more connected vehicles. What is new is the Government Accounting Office (GAO)’s report to the House Subcommittee on Research and Technology, Committee on Science, Space and Technology about how current passenger vehicle manufacturers address the many privacy issues that arise with connected vehicle use.
GAO interviewed industry associations and organizations that work on privacy issues and also interviewed 16 automakers that were selected based on their U.S. passenger vehicle sales. GAO reviewed the written privacy policies of the automakers against a set of leading privacy practices and issued a report, Vehicle Data Privacy: Industry and Federal Efforts Under Way but NHTSA Needs to Define its Role, on August 28, 2017.
Continue reading “GAO Report on Connected Vehicles Calls for NHTSA to Define and Document its Role in Vehicle Data Privacy”
In the wake of the WannaCry global attack that impacted the U.K.’s National Health Service, the need to protect valuable health care data has never been more urgent. The U.S. government has begun to take steps in the right direction with the passing of executive orders on cybersecurity, the Cybersecurity Act of 2015, and the Government Accountability Office report on the Internet of Things.
Continue reading “Time to Focus on Cybersecurity in Health Care”