Data Protection

Latest in Data Protection

Data Protection

Russian Credit Card Fraud Suspect Finally Appears in U.S. Federal Court

On Nov. 12, Russian national Aleksei Yurievich Burkov made an initial court appearance in Alexandria, Virginia. The appearance followed his extradition from Israel that had faced strong opposition from Russian officials. The indictment from 2016 alleges that Burkov ran a website called Cardplanet that contributed to more than $20 million in credit card fraud.

Congress

A Method for Establishing Liability for Data Breaches

Last month, the First American Financial Corporation—which provides title insurance for millions of Americans—acknowledged a cybersecurity vulnerability that potentially exposed 885 million private financial records related to mortgage deals to unauthorized viewers. These records might have revealed bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and driver’s license images to such viewers.

Data Protection

Data Collection Standards in Privacy Legislation: Proposed Language

As a proponent of baseline federal privacy legislation, I am encouraged that proposals that would have been poison pills not long ago, such as individual rights to see, correct and delete data as well as new authority for the Federal Trade Commission, are drawing wide support now. But some crucial and difficult issues remain wide open.

Aegis Paper Series

Flat Light: Data Protection for the Disoriented, From Policy to Practice

Flat light is the state of disorientation, feared among pilots, in which all visual references are lost. The effects of flat light “completely obscure features of the terrain, creating an inability to distinguish distances and closure rates. As a result of this reflected light, [flat light] can give pilots the illusion that they are ascending or descending when they may actually be flying level.”

This is the state of information security today.

Data Protection

Why the U.S. Needs Federal Data Privacy Legislation

“I Love Lucy” provides the central metaphor for a Brookings paper released today on what to do to protect privacy. It comes from the episode where Lucy goes to work wrapping candies on an assembly line. The line keeps speeding up with the candies coming closer together, and, as they fall farther behind, Lucy and her sidekick Ethel scramble harder to keep up. “I think we’re fighting a losing game,” Lucy says.

Privacy: Technology

Silicon Valley's Regulatory Exceptionalism Comes to an End

Not so long ago, it was hard to find anyone who thought regulating Silicon Valley was even possible, let alone a good idea. Deference to the technology industry was such that companies were sometimes even applauded for baldly violating existing regulations. Think of the early days of Uber, whose “innovative” business model relied on running over transportation regulations and dealing with fines and lawsuits later.

Data protection

Summary: The EU General Data Protection Regulation

After four years of negotiation, the European Parliament approved the General Data Protection Regulation (GDPR) on April 14, 2016. Enforcement is scheduled to begin May 25. This post provides a high-level summary of what the GDPR requires, how it differs from past EU data regulations and what it means for how data is handled outside the EU.

What the GDPR Does

Subscribe to Lawfare

EmailRSSKindle