Cybersecurity & Tech

Almost a year ago, Target experienced a large data security breach through a third party vendor. This data breachprompted federal and state legislation, and class action law suits.

The Target data breach led to at least 27 federal causes of action in 18 different federal courts. MDL, multi district litigation, is a hot topic for the Texas Legislature. MDL was addressed in 2003 tort reform legislation and in various asbestos litigation reforms.

If Texas creates causes of action related to data privacy, be assured, MDL will be discussed. [Southeast Times Record]

The FBI is sharing frightening information. 500 Million financial records have been hacked.

Can you hear all those bills being written? Legisaltor comments write themselves: FBI statistics indicate that 500 million financial records have been hacked. These vicitms deserve justice for the invasion in their privacy. This bill will give the vicitims of hacking justice….

What remains to be seen is whether these bills will go after the hackers? after the financial institutions for not protecting the information better? Will it be civil penalties or criminal penalties?[USA Today]

The Internet Association has been active in D.C. It’s now setting its sights on shaping student data security legislation and ride sharing legislation. It formed a California PAC.  Next stop is Texas. [The Recorder]

All federal debit and credit cards  will require PIN and chip technology. President Obama required the data security measures by issuing an executive order. The Order is heralded by the National Retailers Federation. [Roll Call] [The Hill]

Refreshing Recollection: The same chip and pin technology is discussed by several interim committees examining increasing Texas’ data security. [Business & Industry March 27, 2014]

California is limiting how third party education vendors can use student data. In an interview with Education Week, the new law is referred to as the “first truly comprehensive student-data-privacy legislation” and said he expects it to become a model for other states around the country.” [Education Week] [Copy of the Bill- The Student Online Personal information Protection Act]

Privacy is a hot issue. Citizens want privacy. The government wants to be free to peruse your electronic information. It’s causing a bone of contention between the U.S. government and big technology companies like Apple and Google that seek to protect and encrypt customer data.

The FBI Chief is warning Silicon Valley that they are doing too much to protect privacy. He wants Congress to act to allow the government to intercept more electronic information. That should be popular with the new Libertarian leaning, Republican Congress. [WallStreet Journal]

For a good while law enforcement could obtain cell phone data without a warrant. Its a controversial 4th amendment issue throughout the US, including in Texas.

Florida police had a warrant for calls going into and out of a defendant’s phone, but the Florida Supreme Court said that warrant did not cover tracking cell phone data to follow the defendant’s movements. The ruling is being heralded as an enormous victory for privacy rights. [First Coast News] [Wall Street Journal]

This interim legislative committees have been studying data security after a rash of data breaches. It’s a complex issue. How to protect consumers, how to protect businesses and how to protect banks will be a tricky balance for the Legislature.

We need to add one more policy consideration- how data security policies impact innovation. Texas wants to be a leader in innovation and utilizes economic development programs and favorable tax environment to draw leaders in innovation to Texas.  

A recent Intel panel on data security and data privacy suggests poor data security and data privacy policies are harming innovation. Add innovation and economic development to your list of poilicy considerations for 2015’s data security legislation.  [Engadget] 

DropBox, the cloud storage service, was allegedly hacked. Logins and passwords are being published and bitcoin is being requested by the hacker. DropBox’s statement is that the hack came through a third party vendor, much like the Target hack.

DropBox recommends enabling the two key log-in. Two key log-in methods have also been discussed in interim committee hearings as a standard for the state to consider adopting in 2015 legisaltion. Look for the phrase in any laundry list of data security measures. [Houston Chronicle] 

Protecting your data security has many levels. One is personal responsibility, which is Snapchat’s point. Unusual PR choice of Snapchat to blame its own users. But, exercising personal responsibility to protect your personal data is smart. Don’t worry the good men and women of Texas government will come to your aid during 2015 with legislation to protect individuals and businesses, increase criminal penalties and create new causes of action. [NYMag]

Digital health is big business. But, protecting digital health records doesn’t get the same attention as data breaches at retail establishments. We should be paying more attention to the security of our digital health records. [Washington Post: WonkBlog]

Even the Blizzard cannot prevent data breaches.  Dairy Queen followed the 3 key responses. (1) Publicly list of affected stores (2) Offer identity repair services. (3) Work with law enforcement. As usual, the target of the hack was credit card information while in transit, and no PIN numbers or social security numbers which were hacked.  [GrubStreet]

Data Security is complicated. Federal statutes and rules control on one level. State statutes and rules compliment and add to federal requirements.  Legislation will be focused on keeping the bad guys out of your personal and private information. This protection from data breaches will focus on state causes of actions to protect businesses; additional security parameters for the banking industry; and state criminal causes of action galore.

Sometimes the bad guys who should be kept out of your personal and private information is law enforcement. Most of us think law enforcement can’t go on fishing expeditions for information and that law enforcement needs warrants. Such is not true. Here’s Google’s CEO talking about it to the WallStreet Journal. [WSJ]

Breaching data security means jail time. Also- remember to be kind to people- when a fired employee is pushed to the point to break into secured email- there were communication problems. Communication problems usuallly trace to a failure to listen. Listen- it’s respectful.    No one likes a name calling bully. Be smart, don’t incite those prone to hacking.   [Albuquerque Journal] 

Breaching security means jail time. Also- remember to be kind to people- when a fired employee breaks into secured email- there was a lack of respectful treatment.    No one likes a name calling bully.      

2015 legislation will include criminal penalties.  Since the banking crisis, we’ve seen an uptick in criminal charges against corporations.  [ABQ Journal]

When talking about data security, it’s easy to get lost in the data that can be taken away by the nefarious. But, businesses shouldn’t ignore examining the information that they collect.

FTC Commissioner Brill stresses the need for companies to consider minimizing data collection. Less data collected, less of a target for data breaches by the nefarious elements. [AdAge] 

UT Austin today announced the formation of IDWise, funded with a partnership with the Texas Legislature. IDWise will provide data security toolkits and education for individuals and small businesses.   [UT Austin Center for Identity]

Blue Spike is being called a patent troll. Filing 45 patent infringement claims in two weeks raises red flags. Especailly after June US Supreme Court rulings requiring greater specificty in patent infringement claims.

The texas Legislature is looking to state solutions for businesses that were targetted by trolls. Solutions include state legal claims against the trolls. 

[EFF on the US Supreme Court Rulings] [Above the Law] [TX House Committee on Techonology Interim Charge]

Google says it takes hours, not weeks, to clean up a data breach, if your personal information/photos are posted on its websites. But, here’s the kicker- Google relies on users to report breached information.

There is no internet law enforcement. There are bullies and hackers, but there is no John Wayne or Clint Eastwood of the Internet to ensure everyone acts respectfully.  The very Libertarian internet world relies on personal responsibility.

Personal responsibility is a wonderful concept, in a perfect world. In reality, lawsuits abound. When there are lawsuits, state legislatures will step in and regulate data security. Regulation will also bring internet taxes to support data security enforcement. [WSJ]

Big week for tech and politics. Facebook & YELP stop contributing to ALEC.  Tech companies are in high gear hiring consultants at record levels to navigate politics and government. Search warrants that make tech companies turn over terabytes of storage, angering their tech users, automatically sparks the attention of their lawyers, which in turn, causes consultant hiring. It’s a limbic reaction.  The Government taking “cloud property” is as evil as taking real property to Libertarian types. [Buzzfeed]

Trust issues are hard to overcome. Jimmy John’s trusted a third party vendor. The third party vendor had log-in information stolen that allowed the thief to access Jimmy John’s customer credit card and debit card information. The incident was first reported in July. The company has made security enhancements and is offering affected customers identity protection services.[Bloomberg] [Jimmy John Press Release]

Facebook is a gold mine for divorce attorneys. They can’t get enough of it. Now, estate attorneys are falling in love with Facebook and Google. Delaware this week enacted the first bill to allow estate attorneys access to data of the deceased. So far 10 states have considered the bill, only Delaware has enacted it.  [Wall Street Journal]