On July 13, 2018, over 50 civil liberties groups, technology companies and associations submitted a joint letter to Congress in support of the Email Privacy Act (EPA), which was recently included in the House- passed version of the National Defense Authorization Act (NDAA) for Fiscal Year 2019. The list of signatories included such tech giants as Google, Facebook, Amazon, Dropbox, Cisco Systems and Adobe. The EPA, if passed, would amend the Electronics Communications Privacy Act (ECPA) by requiring law enforcement and other government agencies to obtain a search warrant, based upon a showing of probable cause, before seizing emails, texts, and other information stored in the cloud. The EPA has been proposed, yet failed to pass, in prior legislative sessions, but proponents of the bill are hopeful that the time is right for these privacy protections to be put into place.
Many of us have become comfortable with the convenience of logging into our laptops or smartphones using a fingerprint scan in lieu of remembering yet another password. We are familiar with television and movie portrayals of retina scans being required for access to top secret laboratories or other secure buildings and rooms. This kind of technology, however, is no longer the stuff of science fiction. Businesses are increasingly using biometric data (i.e., measurements of a person’s physical being) for a variety of identification purposes, such as to provide security for the financial transactions of their customers and for the tracking of work hours of their employees.
The General Data Protection Regulation (GDPR) is a new data privacy and security law in Europe that will go into force on May 25, 2018. Every organization that does business with EU customers, regardless of the home base of the organization, and regardless of the size of the organization, must come into compliance or risks significant financial penalties and legal exposure. The new law permits fines of the greater of €20 million or four percent of an organization’s worldwide annual revenue for the previous fiscal year.
The term “social engineering” used to conjure up images of social scientists with Ph.D’s brainstorming ways to improve race relations or provide lower income groups with greater access to education and employment opportunities. Today, however, the term is more frequently associated with the use of technology and basic principles of human nature to trick individuals into divulging confidential or personal information that may be used for fraudulent purposes. The social engineering techniques employed by these modern day con artists may be the biggest threat to your Company’s confidential and proprietary information.
Last Friday, Snapchat (which recently changed its name to Snap, Inc.) announced the coming release of its newest product: “Spectacles” - brightly colored, fun-looking sunglasses with a built-in camera that records videos in 10-second increments (which can be combined to form a video of up to 30-seconds in length) with the touch of a button. The videos can be stored in the sunglasses until a later time or uploaded to the user’s phone for immediate sharing with friends. The glasses are expected to retail for $130 which is only about one-tenth the price of the virtually defunct Google Glass, making Spectacles a product likely to be much more accessible to the average employee. Why does this matter to employers? Because it’s the latest challenge to companies striving to implement more secure data protection and privacy protocols in the workplace.
On October 1, 2015, Experian, the world’s largest consumer credit monitoring firm, announced that an unauthorized party (i.e., hacker) had gained access to the personal data of approximately 15 million customers and prospective customers of its client, T-Mobile, which data was housed on an Experian network server. The exposed records included information such as the consumer’s name, address, Social Security number, date of birth ...