March 25, 2013
President Obama recently announced the Administration’s Strategy on Mitigating the Theft of U.S. Trade Secrets emphasizing the importance of protecting trade secrets. While the Strategy primarily involves government, there are important implications for the private sector. Specifically, the Strategy encourages the development of best practices by industry groups, improvements in domestic legislation review and increases in the resources available to small and medium businesses.
The Strategy cites research suggesting that “the pace of economic espionage and trade secret theft against U.S. corporations is accelerating.” It then outlines a strategy to coordinate and improve U.S. Government efforts to stop the theft of trade secrets by foreign competitors or foreign governments by any means – cyber or otherwise, including these measures:
August 28, 2011
Mississippi has joined the majority of other states and now has a law that governs an organization’s obligations should it suffer a data breach relative to Personal Information (PI) of a Mississippi resident. Only four states in the United States have not passed similar legislation – Alabama, Kentucky, New Mexico and South Dakota.
Similar to many other state data breach notification laws, the obligation falls on any organization which owns, licenses or maintains PI of any resident of Mississippi. Like others, Mississippi defines PI as an individual’s first name or first initial and last name along with Social Security number, driver’s license number or financial account number or credit card number (along with the required security or access code).
August 28, 2011
Recent high profile data breaches and increased attention to the protection of consumers’ personal information has intensified the momentum towards enactment of a federal data security and data breach notification law. Currently 46 states and the District of Columbia have enacted data breach notifications with drastically different requirements and policies. Within the last few months, Congress has been inundated with national data security bills outlining an organization’s obligations when it suffers a data breach. Unfortunately, the proposed federal bills would, in many instances, further complicate an entity’s obligations upon a breach.
Among the numerous federal data security bills introduced, the following four are most recent and significant:
August 28, 2011
Many have written about it and several have contemplated it — whether states will adopt private data security standards, such as the Payment Card Industry Data Security Standards (PCI DSS), and use them as legal standards that owners and holders of personal information (PI) must comply with. That’s exactly what the Massachusetts Attorney General did when it recently filed suit against Briar Group, LLC and alleged, among several other things, that Briar was not PCI compliant at the time of its data breach in November 2009, affecting 53,000 MasterCard and 72,000 Visa accounts.
PCI DSS are private data security standards created by the Payment Card Industry Security Standards Council that apply to all organizations collecting credit cards. The Complaint alleged that Briar’s failure to implement basic data security measures on its computer system allowed hackers to gain access to Briar’s customers’ credit and debit card information.