kamagra 60mg

Reasonable Expectation Legal Blog Focusing On Privacy and Data Security Issues


NIST releases 4th version of security control catalog SP 800-53

The National Institute of Standards and Technology released April 30 a revised version of its security control catalog for federal systems, SP 800-53.NIST-Logo_5

The revision (.pdf), the fourth version of the security controls catalog, also includes for the first time an appendix of privacy controls.

Changes to the security controls include a new emphasis on secure software development in an effort to shift security away from the focus of the past few years, during which it's targeted matters such as configuration management or continuous monitoring.


Download: SP 800-53 rev. 4
Source: NIST releases 4th version of security control catalog SP 800-53 - FierceGovernmentIT

Filed under: News No Comments

Past vs. Present



We take for granted the affect technology has on our daily lives.  This comic offers an interesting (and humorous)  perspective on how society changed.

source: Doghouse Diaries




Filed under: Privacy No Comments

California AG’s Mobile App Case Against Delta Dismissed

dlA state court has dismissed the California Attorney General’s claims that Delta Air Lines Inc. (“Delta”) violated the California Online Privacy Protection Act by failing to have an appropriately posted privacy policy for its mobile application, Bloomberg reports. The California AG sued Delta in December as part of an enforcement campaign that began with the issuance of warning letters to approximately 100 operators of mobile apps, including Delta. According to the Bloomberg report, a basis for the dismissal was the federal Airline Deregulation Act, under which a state “may not enact or enforce a law, regulation, or other provision having the force and effect of law related to a price, route, or service of an air carrier that may provide air transportation under this subpart.” 49 U.S.C. § 41713.

Source: Privacy and Information Security Law Blog

Filed under: News No Comments

FTC Clarifies Children’s Online Privacy Law

FTC-logoThe Federal Trade Commission (FTC) has issued Frequently Asked Questions (FAQs) to help clarify changes to the Children’s Online Privacy Protection Act (COPPA) that go into effect on July 1, reports Forbes. The FAQs cover enforcement, privacy policies and notifications, geolocation data, verifiable parental consent and COPPA in schools, the report states. The FAQ also includes a list of things that covered entities must do, like post a comprehensive privacy policy, provide direct notice to parents and offer parents the ability to prevent further use or collection of their children’s data.

Source: Forbes


Tagged as: , No Comments

The Massachusetts Supreme Judicial Court Holds that ZIP Codes Constitute “Personal Identification Information”

On March 11, 2013, in Melissa Tyler v. Michaels Stores, Inc., the Massachusetts Supreme Judicial Court ("SJC"), in responding to three certified questions from the United States District Court for the District of Massachusetts, held: (1) ZIP Codes constitute personal identification information ("PII"); (2) a person may bring an action under General Laws, chapter 93, section 105(a) absent identity fraud; and (3) the term "credit card transaction form" "refers equally to electronic and paper transaction forms." The questions arose out of a class action lawsuit against Michaels for allegedly requesting and recording its credit card customers' ZIP Codes in violation of Section 105(a). This decision has parallels to the California Supreme Court decision in Pineda v. Williams-Sonoma Stores, Inc. In Pineda, the California Supreme Court held that ZIP Codes were PII under California's Song-Beverly Credit Card Act, Civil Code section 1747.08.

Source: Cooley Alert


Filed under: Privacy No Comments

Song-Beverly Applies Only To Brick-and-Mortars

California’s Supreme Court has ruled Apple did not violate state law by requiring customers to provide personally identifiable information (PII) to complete online credit card transactions, CNET News reports. Plaintiff David Krescent filed a proposed class-action suit in June 2011 after he was allegedly required to provide his telephone number and address for an online purchase from Apple. The majority found California’s Song-Beverly Credit Card Act, forbidding the collecting of PII for transactions, applies only to brick-and-mortar businesses. “The statutory language suggests that the legislature…did not contemplate commercial transactions conducted on the Internet,” said Justice Marvin Baxter in the ruling.
Full Story

Filed under: News No Comments

HIPAA Omnibus Final Rule Released

This afternoon, HHS released the attached omnibus final rule modifying the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules as required the Health Information Technology Economic and Clinical Health (HITECH) Act and the Genetic Information Nondiscrimination Act (GINA).

Notably, the final rule makes business associates of covered entities directly liable for certain HIPAA Privacy and Security rule requirements; expands individuals’ right to receive electronic copies of their health information; incorporates an increased tiered and civil money penalty structure as provided by the HITECH Act; changes to the “harm” definition included in the HIPAA Breach Notification interim final rule; and modifies the HIPAA Privacy Rule as required by GINA.

Link: HIPAA Final Rule

Filed under: HIPAA, News No Comments

Officials Delay Enforcement of Two HIPAA Operating Rules

On Wednesday, CMS announced that it has delayed the enforcement date for the first two operating rules for HIPAA transaction standards, AHA News reports (AHA News, 1/3).

CMS said that its Jan. 1 compliance deadline for the operating rules remains intact, but it will not begin enforcing the rules until March 31 (Conn, Modern Healthcare, 1/4).

Read more: http://www.ihealthbeat.org/articles/2013/1/4/officials-delay-enforcement-of-two-hipaa-operating-rules.aspx#ixzz2HFYbhIRe

Filed under: Privacy No Comments

OCR Issues Guidance on the Use of De-Identified Health Information

Covered Entities and HIPAA practitioners should be aware that the Office of Civil Rights (OCR) has issued guidance about methods and approaches to achieve de-identification in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. The full text is available here:


Filed under: HIPAA, News, Privacy No Comments

California Issues App Developer Noncompliance Notice

California Attorney General Kamala Harris has reportedly sent out notices warning as many as 100 mobile app developers that they must conspicuously post privacy policies within the next 30 days to be in compliance with the California Online Privacy Protection Act, Bloomberg reports. The new state protocol requires mobile applications that collect personal data within the state to post a privacy policy stating what data is collected and how it will be used. Harris said, “We have worked hard to ensure that app developers are aware of their legal obligations to respect the privacy of Californians, but it is critical that we take all necessary steps to enforce California’s privacy laws.”

Source: IAPP Full Story


Filed under: News, Privacy No Comments