Privacy & Cybersecurity

Navigating digital privacy

Consumer privacy and data security are two of the most vital topics facing California auto dealers and other retailers today. Scali Rasmussen’s Privacy & Cybersecurity blog explores the changing legal landscape, its impact on retailers, and how to take a practical approach to issues when perfection may be unattainable. Count on us for updates on new laws and regulations, enforcement actions by regulators and the plaintiff’s bar, and steps you can take to decrease liability and increase customer confidence.

Published on

In the past decade, several large-scale data breaches have resulted in troves of personal information (PI) and other data falling into the hands of malicious actors. For instance, in 2013, the records of over a billion users were compromised from the email system of Yahoo, including names, birth dates, phone numbers, passwords, backup email addresses, and security question answers. More recently, a massive breach of Facebook's databases compromised the PI of over 533 million users from 106 countries, including over 32 million records on users in the United States. These data included phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses.

Published on

In previous articles, we have talked about the importance of using strong passwords and multi-factor authentication to protect consumer data. These are important steps, but only work when a potential user must login to a physical device or program before accessing consumer data. For this reason, every company should take steps to secure all devices and programs so that the user must login after a period of inactivity. This relatively simple step can help prevent a range of types of unauthorized access.

Published on

The Federal Trade Commission announced on October 27, 2021 the final updates to the Safeguards Rule under the Gramm–Leach–Bliley Act (“GLB”). These updates are the result of a multi-year process and purport to strengthen security for consumer financial information following an uptick in data breaches. Overall, the updates are more prescriptive than the previous Rule, imposing specific new requirements. For auto dealers who must comply with the new rules when they are fully effective, it means that action is needed now to protect their companies from costly private lawsuits and enforcement actions for failure to comply with the updates.

Published on

While it is important for every company to limit access to its data and network with strong passwords, for some sensitive data, traditional passwords aren’t secure enough anymore. Hackers have developed countless tried and tested methods of stealing credentials and gaining unauthorized access to private accounts. But strong passwords are not the only readily available security option. In a report published by Microsoft this year, it revealed that 99.9% of the account compromise incidents they deal with could have been blocked by a multi-factor authentication (MFA) solution. For this reason, your business should adopt MFA solutions to protect its most sensitive data.

Published on

On September 21, 2021, U.S. Federal Trade Commissioner Christine Wilson provided keynote remarks at the Duke University Sanford School of Public Policy’s Robert R. Wilson Distinguished Lecture Series regarding some of the major issues lawmakers must confront to pass federal privacy legislation. Commissioner Wilson, a Trump-appointee, argued that comprehensive federal privacy legislation is the right approach because there is an information asymmetry between consumers and businesses that results in a market failure and because federal legislation will create a more consistent legal landscape for businesses.

Preparing for the federal COVID mandate

Protecting employee privacy

Published on

This month, the Biden Administration announced that it has directed the Department of Labor’s Occupational Safety and Health Administration (OSHA) to issue Emergency Temporary Standards requiring that employers with 100 or more employees mandate that employees be fully vaccinated for COVID-19 or test on a weekly basis for COVID. OSHA has not yet released these Temporary Standards, but the news has already raised important questions for employers, including how to handle employee medical information. This article reviews the state of the law with respect to employee health information and makes recommendations regarding what every employer should do now to prepare for the new Temporary Standards.

Data security dos and don’ts

How to make a strong password

Published on

Passwords are ubiquitous. We use them to access everything from our bank accounts and sensitive business documents, to our social media and online memberships. The most secure passwords are a series of random numbers, letters, and characters. Using these types of passwords can present practical challenges, though, because they are easily forgotten and difficult to enter correctly. Further, because passwords are such a common part of our lives, we can too easily fall into bad habits that put business or personal information at risk.

Pages