Tuesday, December 31, 2013

Introducing the North Carolina Privacy & Information Security Law Blog

In the course of writing for the North Carolina Business & Banking Law Blog since 2011, I occasionally addressed  privacy and data security issues.  These topics have become a growing part of my law practice as well.  It has become clear that there is a great deal of interest in practical legal analysis of privacy-related topics. Therefore, I have decided to create a new blog dedicated solely to these issues: the North Carolina Privacy & Information Security Law Blog (PrivacyLawNC.com).

Why Are Privacy Law and Information Security Law Important?

Privacy and information security issues are among the most challenging and rapidly-evolving areas of risk for companies across a wide spectrum of industries. The ability to collect, use, and, share customer information has become increasingly important to all kinds of businesses, and in many cases, it is absolutely critical to business success. In recent years, however, statutes, regulations, and civil lawsuits have collectively resulted in significantly greater compliance obligations and higher risks associated with handling customer or employee information. 

What Is "Privacy Law" and "Information Security Law"?

When we refer to "privacy law" or "information security law," we are not describing a single, cohesive body of law.  Instead, we refer to a wide assortment of federal and state statutes, regulations, and cases from areas that are most commonly referred to as "healthcare law," "financial regulation," "employment law" and other traditionally-defined areas of law.  Privacy and information security issues arise in a number of contexts, including the following:
  • Electronic signatures and records, including the Electronic Signatures in Global and National Commerce Act (E-SIGN Act) and the Uniform Electronic Transactions Act (UETA)
  • E-commerce requirements, including the Payment Card Industry Data Security Standards (PCI-DSS)
  • Data breach response laws and data disposal laws
  • Password theft, hacking, and wiretapping, including the Stored Communications Act, the Wiretap Act, and other anti-interception laws
  • Website privacy policies and practices, including the Children's Online Privacy Protection Act (COPPA)
  • Email marketing, including the CAN-SPAM Act
  • International privacy compliance, including the European Union Directive on Data Protection Safe Harbor
  • Social media policies for employers
  • Financial privacy, including the Gramm-Leach-Bliley Act, the Financial Privacy Act, the Bank Secrecy Act, and other federal and state financial institution laws
  • Unauthorized transactions and funds transfers, including the Electronic Funds Transfer Act and Regulation E, as well as the Uniform Commercial Code
  • Financial account takeover statutes and the cases that control the allocation of losses when financial accounts are compromised
  • Credit reporting laws and other "background check" laws, including the Fair Credit Reporting Act
  • Identity theft laws, including the North Carolina Identity Theft Protection Act and the Federal Trade Commission's "Red Flags" regulations
  • Health information privacy, including HIPAA and HITECH
  • Educational privacy, including the Federal Education Rights Privacy Act (FERPA)
  • Employment privacy and non-disclosure agreements
  • Trade secrets
This blog will periodically address hot topics and emerging issues involving these areas.  Check back for updates, or--even better--follow the blog on Twitter: @PrivacyLawNC

I look forward to exploring these issues with you in the days, weeks, months, and years to come!