OCR Launches Next Round of HIPAA Audits; French Privacy Office Levies € 100,000 Fine on Google; SEC Reaches $18 Million Settlement for Alleged Hacker-Trader Conspiracy; FTC and Canadian Regulator Execute Anti-Spam MOU; FTC Commissioner Announces She Will Step Down

OCR Launches Next Round of HIPAA Audits

Last Monday, following much anticipation, the Department of Health and Human Services OCR announced Phase 2 of its audit program to measure compliance with the patient privacy provisions of HIPAA. This audit follows OCR’s pilot audit of 115 Covered Entities and will likely examine 200 additional Covered Entities. For more information about what entities can expect, read Elliot Golding’s March 23 post.

French Privacy Office Levies € 100,000 Fine on Google

The French data protection authority (CNIL), one of the most active privacy regulators in Europe, fined Google € 100,000 for “failure to comply with the obligation to respect the rights of individuals to erase data” under the European “right to be forgotten.”  In May 2014, the European Court of Justice ruled that the compilation of Google search result links were “data processing,” and, as such, search engines should remove links at the request of data subjects.  The CNIL faulted Google for only removing links from searches that originated from EU IP address and not delisting all “Google Search” extensions.

SEC Reaches $18 Million Settlement for Alleged Hacker-Trader Conspiracy

The SEC secured settlements, totaling almost $18 million, with seven defendants accused of participating in a scheme to trade on hacked newswire information. These seven defendants are part of a larger alleged scheme of 32 defendants who, over five years, hacked newswires to obtain earnings announcements before they were released and then distributed and traded on those stolen statements. The government has also brought a parallel criminal action against some of the 32 defendants in the District of New Jersey and has stayed a massive civil suit based on the same hacking scheme.  The $18 million in recent SEC settlements come on the heels of a $4.2 million SEC settlement with Concorde Bermuda Ltd., also accused of taking part in the scheme.

FTC and Canadian Regulator Execute Anti-Spam MOU

The FTC and the Canadian Radio-television and Telecommunications Commission (CRTC) executed an MOU last Thursday, agreeing to cooperate on a cross-border do-not-call list and other anti-spam enforcement activities.  This MOU puts further pressure on companies, who already face potential TCPA vulnerability, to monitor and control their telemarketing efforts. Among other items, the two regulatory agencies have agreed to share information, including complaints and some PII, to better enforce violations of anti-spam laws, such as the TCPA.  The countries also both agreed to a series of staff exchanges and policy-related initiatives to reduce spam, including by collaborating with industry to develop viable solutions to unlawful telemarketing.

FTC Commissioner Announces That She Will Step Down

FTC Commissioner Julie Brill announced that she will step down from her role as commissioner at the end of the month. Brill, who served as commissioner for six years, was a strong defender of privacy issues and a strong advocate for an agreement to replace the recently invalidated Safe Harbor agreement.  With former commissioner Joshua Wright having stepped down in August, there are only three remaining commissioners on the FTC.  Given the current political climate and election season, experts believe it is unlikely the Commission will return to full strength in 2017.