Tag Archives: personal information

Should Feds Regulate Persistent Identifiers as Personal Information?

Recently, the Federal Trade Commission settled an action it had brought against Nomi Technologies, a provider of “in-store analytics” technology. The fact that the action was brought against Nomi to begin with, considering what Nomi does, and the 20-year consent decree that Nomi entered into with the FTC, has raised more than a few eyebrows. It has left many – including some of the FTC’s own Commissioners – wondering just what regulators are interested in when it comes to controlling information collection practices in the “information economy.” Nomi has developed and markets technology to retailers that helps to physically track …

[ CONTINUE READING ]

Do You Have a Data Breach Response Plan? U.S. Department of Justice Thinks You Should

In the wake of significant retailer data breaches in 2013 and 2014, and additional significant breaches continuing in 2015, a trend is clearly developing — an expectation of proactive risk identification and mitigation from a legal, technical and business process perspective as the “gold standard” in terms of what organizations should be doing to protect sensitive customer, consumer or individual data, particularly with regard to the ever-expanding category of “personally identifiable information.” Massachusetts, Nevada and New Hampshire have passed laws specifically requiring private sector cybersecurity assessment and adherence to security standards by companies holding sensitive consumer data. It’s a matter …

[ CONTINUE READING ]

What is “Personal Information?” It Depends on Where You Live

Breach notification statutes have been enacted in 47 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands.  Only Alabama, New Mexico and South Dakota have not adopted such laws.  In general, a business has no obligation to provide notification unless a breach compromises “personal information.”  There is no uniform definition of “personal information.”  It varies from state to state depending upon how “personal information” is defined in that state’s breach notification statute.  There are common elements found in all state statutes.  For instance, all the statutes define “personal information” to include: first name, last name, or first initial …

[ CONTINUE READING ]