Cybersecurity risks pose serious economic and national security challenges, says Thomson, author of the American Bar Association’s Data Breach and Encryption Handbook. Published by the ABA’s Section of Science & Technology Law of the 21st century, the handbook provides an in-depth, practical review of data breaches and the legal ramifications associated with them. ‘The book was written to help attorneys and policy-makers understand the complexities and root causes of data breaches,’ Thomson says, ‘as well as to demystify encryption and provide practical solutions that can be used to future prevent data breaches.’

A new study from the Ponemon Institute–sponsored by Symantec–reveals that the average cost of a data breach increased by seven percent to $7.2 million in 2010–with the most expensive data breach jumping 15 percent over the previous high to a whopping $35.3 million. One thing is very clear: losing sensitive data is an expensive proposition. One of the driving forces raising the cost of exposing sensitive data is the growing patchwork of laws and regulations governing data protection and date breach disclosure. The Data Breach and Encryption Handbook–published by the American Bar Association–has over 300 pages dedicated to deciphering data breach laws around the globe. One appendix has 10 pages devoted to data breach laws and disclosure requirements just in the United States.

A lawsuit initiated by the American Bar Association (ABA) to block the Federal Trade Commission’s (FTC) efforts to extend its ‘Red Flags Rule’ to include attorneys has been declared ‘moot’ by a federal appeals court as a result legislation enacted by Congress last December that exempted most lawyers from the rule’s coverage. The U.S. Court of Appeals for the D.C. Circuit released its ruling on March 4. The State Bar of Wisconsin had joined the ABA and other state and local bar associations in a multi-pronged effort to protect attorneys from having to comply with the burdensome record-keeping and information safeguarding requirements specified in the rule.

A U.S. Appellate court decision March 4 further validates that physicians and attorneys are exempt from the Identity Theft Red Flags Rule. Back in December, President Obama signed legislation that exempted certain businesses, including physician practices, from the Red Flags Rule. The Red Flag Program Clarification Act of 2010 more narrowly defined the term ‘creditor’ so that, in effect, far fewer organizations must comply with the rule. Sens. John Thune, R-S.D., and Mark Begich, D-Alaska, introduced the measure, S 3987. The U.S. Court of Appeals for the District of Columbia, in ruling on a case brought by the American Bar Association that sought to exempt attorneys from the rule, pointed out that the new law made the case moot. As a result, the American Medical Association, which joined with others in filing a similar case seeking to exempt physicians, announced it had officially dropped that lawsuit.

The American Medical Association (AMA) announced Monday that it has dropped its lawsuit against the Federal Trade Commission (FTC) after a federal appeals court ruled that doctors aren’t creditors. The D.C. court of appeals ruled Friday that professionals who allow customers to pay after the delivery of services don’t automatically qualify as creditors. The FTC had argued that doctors and others should comply with ‘red flag’ rules requiring creditors to track and prevent identity theft under a 2003 law, but Congress passed a clarification act last year to exempt doctors, lawyers and others from the law’s costly requirements. … The AMA filed a ‘friend of the court’ brief in that lawsuit, which was brought by the American Bar Association. The association announced Monday that a separate lawsuit, brought by the AMA, the American Osteopathic Association and the Medical Society of the District of Columbia and joined by 26 national medical specialty societies, ‘will now formally end.’

Citing the ‘mootness doctrine,’ the U.S. Court of Appeals for the District of Columbia Circuit ended the saga (PDF) of the ‘red flags’ rule, stating that, with the December passage of the Red Flag Program Clarification Act of 2010, there was no point in carrying on with lawsuits protesting the Federal Trade Commission’s decree that doctors and lawyers were subject to the same anti-identity theft regulations as banks. … The American Bar Association and a coalition of medical societies filed lawsuits fighting the FTC. While the court was specifically ruling on the ABA suit, the American Medical Association said in a news release that its lawsuit ‘will now formally end.’

The American Medical Association Monday applauded a federal appeals court’s ruling that physicians who bill patients after providing services are not subject to Federal Trade Commission so-called red flag rules that apply to creditors. … The appeals court, ruling on a lawsuit filed by the American Bar Association that challenged the application of the red flags rule to attorneys, said the FTC’s regulations were made invalid because Congress passed the Red Flag Program Clarification Act of 2010 in December to better define who is considered a creditor under the rule.

US Transportation Security Administration head John Pistole revealed last week that the agency is developing airport ‘checkpoint of the future concepts’ that will place a greater emphasis on ‘cutting-edge technology’ and intelligence to differentiate passengers based on threat levels. Speaking before an American Bar Assn. homeland security conference in Washington, he noted that ‘TSA screens more than 628 million airline passengers each year at US airports’ and ‘the vast majority of the 628 million present little-to-no risk of committing an act of terrorism.’

The American Bar Association Section of Intellectual Property Law will be holding the 26th Annual Intellectual Property Law Conference on April 6-9, 2011 in Arlington, VA.

U.S. criminal investigators will step up probes into possible fraud involving collateralized debt obligations and credit default swaps, a top federal prosecutor in New York said. Christopher Garcia, chief of the Securities and Commodities Fraud Task Force in the U.S. Attorney’s Office in Manhattan, told white-collar criminal-defense lawyers at a conference today that his office will spend this year investigating possible fraud involving CDOs and CDSs.  ‘If there’s crime there, we’re going to find it and we’re going to pursue it,’ Garcia said at an American Bar Association meeting in San Diego. Investigators won’t be deterred by the complexity of the financial instruments, he said. CDOs are pools of assets such as mortgage bonds packaged into new securities. Interest payments on the underlying bonds or loans are used to pay investors. Credit default swaps pay the buyer face value if a borrower fails to meet its obligations, less the value of the defaulted debt.

The Transportation Security Administration (TSA) is considering a significant shift in the way airport security is handled, moving towards a more ‘intelligence-driven system,’ that would focus on ‘higher-risk passengers,’ the head of the agency said today. Under the plan, all air passengers would not be treated as potential terrorists. ‘If we want to continue to ensure the secure freedom of movement for people and commerce across this great nation and around the world, there are solutions that go beyond the one-size-fits-all system,’ TSA Administrator John S. Pistole said in a speech at the American Bar Association’s (ABA) 6th Annual Homeland Security Law Institute in Washington.

Saying a ‘one-size-fits-al’ security system doesn’t work, the head of the Transportation Security Administration said Thursday he envisions a system that focuses more attention on high-risk passengers to speed screening lines for everyone at airports. Speaking before the American Bar Assn. in Washington, TSA Administrator John Pistole said the current aviation security system relies on several layers of security measures, including background checks on passengers before they board a plane. But he said today’s screening process treats every passenger the same.