Furthermore, failure to satisfy the requirements of the Privacy Program could result in criminal penalties under the Privacy Act, which includes misdemeanor charges and fines up to $5,000. Thus, contractors need to assess whether they already are performing contracts that involve the “design, development, operation, or maintenance of any system of records” and ensure they have processes in place to properly protect PII. To the extent contractors are required to modify their approach or implement new requirements, there may be a basis for a compensable change. For new solicitations, contractors need to factor these requirements and any resulting costs. … [Read more...] about Department of Defense’s Updated Privacy Program Imposes Stringent Rules for Protection of Personally Identifiable Information
Personally identifiable information training
Every January 31, employers scramble to meet the deadline for mailing W-2 forms to their employees. This year, a new iteration of an old W-2 phishing scam surfaced immediately thereafter. In the 2017 version, scammers posing as a company’s CEO or other high-level executive target human resources (HR) and payroll professionals with email messages requesting certain W-2s or all of a company’s W-2s. … [Read more...] about Train Your Team: Protect Personally Identifiable Information From a Widespread Phishing Scam
CALIFORNIA SENATE BILL 568 – THE “ERASER BUTTON”California Senate Bill 568, which was introduced by Senator Darrell Steinberg and has already been passed unanimously by the Senate, would require that, at the request of a minor, the operator of any Web site, online service, online application, or mobile application remove all content or information submitted to the operator’s site or service by that minor. If passed, S.B. 568 would also require operators of Web sites, online services, online applications and mobile applications to notify minors that they have the right to request that their information be deleted, while cautioning that such removal does not ensure “complete or comprehensive” removal of that information. S.B. 568 would also prohibit the operators of online services that are directed to minors (or, if not directed at minors, where the operator has actual knowledge that a minor is using the service) from marketing goods or … [Read more...] about The Great Disappearing Acts: California Considers Two Bills Addressing the Removal of Online Information of Minors
Regulation S-P issues among firms that did not appear to adequately conduct system maintenance. Because Regulation S-P was enacted to safeguard the privacy of customer information, OCIE observed that issues arose where firms failed to install software patches to address security vulnerabilities and other operational safeguards to protect customer records and information. … [Read more...] about SEC Observations from Recent Cybersecurity Examinations Identify Best Practices
Speaking of data breaches, an information security policy also has a back-end benefit both to the company and its users. For companies that provide products or services online, a user’s e-mail address is often the one and only way to communicate with the user in the event of a data breach. Yet many state laws do not allow for e-mail notification unless the company has obtained the prior consents required under the federal E-Sign Act (which few online companies likely can achieve a as a practical matter). But many states have provisions that allow companies with existing information security policies to follow the data breach notification procedures contained within their IT security policy. If applicable, these provisions can allow companies to notify their users electronically. This provides a more cost-effective approach to notice in large breaches and often reflects the most practical method of communicating with the company’s users or customers. … [Read more...] about What’s So Great About an Information Security Policy?