Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
December 2nd, 2014
Six Essential Steps for Data Security
Here's a holiday gift for anyone whose business depends on keeping customer or client data secure: the Frankfurt Kurnit Technology Group's list of six essential steps for data security.
Create an accurate, tailored privacy policy and stick to it. Why? Three reasons: 1) consumers expect credible businesses to have privacy policies, and they judge businesses based on those policies; 2) the FTC may cite you for withholding information from consumers about how their personally identifiable information is collected, stored and used; and 3) there are federal and state laws that require you to provide certain types of disclosures to consumers about privacy. Having a privacy policy that you are not following, or that is not specifically tailored to your company, is worse than having no policy at all.
-
Do not share your customers' personally identifiable information. You may only do so 1) as provided by law (e.g., in response to a lawful subpoena); 2) with customer consent; 3) for external processing (e.g., a payment processor or shipping facility) with notice to consumers, in accordance with your privacy policy; and 4) in case of a sale of your company or transfer of assets -- provided you warn people in your privacy policy that this may occur.
-
Transfer data securely. When transferring personal data, secure it using encryption and password protection. If you are sending a file via email, do not include the password in the same message. Consider not even sending the password by message at all: make a phone call to deliver the password.
-
Do not store information longer than necessary. One of the core concepts of privacy and data security is the data lifecycle. You should dispose of customers' personally identifiable information, and particularly payment information, as soon as you no longer need it for a legitimate business purpose. Do not just store information to store it.
-
Dispose of information as completely as possible. When you dispose of personally identifiable information, you must destroy it as completely as possible. If a "dumpster diver" or hacker can resurrect your data, then you have not properly disposed of it. Use a secure method to wipe your file system clean. Just clicking and dragging data files into a "recycle bin" or the "trash" on your computer screen is not enough.
- Make a breach plan. Creating a privacy and data security team along with a breach plan is a critical step in any comprehensive privacy and data security program. Company executives should know whom to call and what to do in the event of an incident. Your company should have access to legal counsel, a forensic data security company, and thorough internal policies. Making a breach plan after a breach has occurred is too late.
Data breaches and "hacks" occur daily. For more information on data security preparedness or any other technology, data privacy and security law issues, please contact Greg Boyd at (212) 826 5581 or gboyd@fkks.com, Sean Kane at (212) 705 4845 or skane@fkks.com, Jessica Smith at (212) 705 4876 or jsmith@fkks.com, or any other member of the Frankfurt Kurnit Technology, Digital Media, & Privacy Group.
Other Technology Law Alerts
Risky Business Just Got Riskier - DOJ Changes Stance on Internet Gambling
Last week the U.S. Department of Justice (DOJ) made waves in the online gambling industry with an Opinion interpreting the Wire Act (18 U.S.C. § 1084). In the Opinion, DOJ's Office of Legal Counsel concluded that most sections of the Wire Act are not limited to sports-related wagers and instead prohibit the use of interstate wires for any bets or wagers. Read more.
January 23 2019
Video Games With Advanced Communications Services Must Now Be Accessible to Players With Disabilities
An important legal waiver recently expired and as a result, video game developers and publishers must now ensure that new and substantially upgraded games comply with the accessibility requirements of the 21st Century Communications and Video Accessibility Act (“CVAA”). Read more.
January 7 2019
Shields On: 9th Circuit Strengthens Legal Defense for Video Game Developers
There's good news for game developers who incorporate real-world elements in their games. On October 20, 2017, the Court of Appeals for the Ninth Circuit affirmed a trial court decision which found that Gran Turismo, a Sony video game, was an expressive work entitled to First Amendment protection Read more.
November 2 2017