Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Charles Austin

Subscribe to all posts by Charles Austin

CFAA Conviction for Accessing and Damaging Former Employer’s Computer System

Posted in Cybersecurity / Data Security
Last week, a federal court sentenced a former systems administrator convicted of accessing his former employer’s computer network and uploading malicious code designed to disrupt and damage the company’s manufacturing operations. Brian P. Johnson worked for years as an information technology specialist and systems administrator at Georgia-Pacific’s Port Hudson, LA facility.  In February 2014, Georgia-Pacific… Continue Reading

Vizio Agrees to $2.2M Settlement Regarding Data Collection Practices

Posted in Government Agencies, Information Management, Internet of Things, Privacy, Uncategorized
Last week, the Federal Trade Commission (“FTC”) announced an agreement settling claims against a television manufacturer arising from the alleged unauthorized collection of television viewing data.  The FTC, along with the State of New Jersey, alleged that certain “smart TVs” manufactured and sold by VIZIO, Inc. and its subsidiary VIZIO Inscape Services (collectively, “VIZIO”) failed… Continue Reading

Privacy & Cybersecurity Weekly News Update – Week of October 22

Posted in Cybersecurity / Data Security
FCC adopts privacy rules; Privacy Shield challenge; Amendments to EU data transfer decisions; FTC data breach guidance; DOT vehicle cybersecurity best practices; HHS guidance on HIPAA and FTC compliance FCC approves privacy rules for broadband providers In a 3-2 vote, the Federal Communications Commission approved new rules governing internet service providers’ collection and use of… Continue Reading

Privacy & Cybersecurity Weekly News Update – Week of October 15

Posted in Cybersecurity / Data Security
Hospital pays $2.1MM HIPAA settlement; Dynamic IP addresses protected under EU laws; EU guidance on GDPR coming soon; California’s new privacy compliance tool; banking regulators consider cybersecurity; FCC privacy proposal comments; OMB’s new privacy office; DFARS finalizes Safeguarding Rule Hospital pays $2.1M to settle alleged HIPAA violations St. Joseph Health, a California-based health system, reached… Continue Reading

Privacy & Cybersecurity Weekly News Update – Week of Oct 8

Posted in Cybersecurity / Data Security
Guidance on HIPAA & cloud computing; Senators question FTC enforcement standards HHS publishes guidance on HIPAA’s impact on cloud computing This week, the Department of Health and Human Services issued guidance for HIPAA-covered entities and business associates regarding cloud computing.  When a covered entity seeks to use cloud services in connection with the use and/or… Continue Reading

Privacy & Cybersecurity Weekly News Update – Week of October 3

Posted in Cybersecurity / Data Security
FCC broadband privacy proposal; Potential challenge to FTC privacy enforcement power FCC to consider broadband privacy proposal On October 6, the Chairman of the Federal Communications Commission (FCC) issued proposed rules that would impose on broadband providers privacy regulations similar to those implemented and enforced by the Federal Trade Commission (FTC).  The proposal calls for… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of June 26

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Health IT, Privacy, Social Media
Adoption of Privacy Shield expected in early July; Federal Court limits VPPA liability; Belgian Court overturns Facebook fine; FTC robocall crackdown; A rare HIPAA criminal conviction; UK’s ICO fines Brexit campaigners for mass text messages; House report calls for national encryption commission. European Commission expects adoption of Privacy Shield for beginning of July European officials… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of June 20, 2016

Posted in Cybersecurity / Data Security, Data Breach, Health IT, Internet of Things, Privacy
Brexit effect on EU and UK Privacy rules; EU and U.S. to strengthen ‘Privacy Shield’; Ponemon Study on Healthcare Data Security; Mobile ad provider fined for deceptive conduct FTC comments on the Internet of Things Brexit – what does it mean for EU and UK Privacy rules? On June 23, 2016, the population of Great… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of June 13

Posted in Cybersecurity / Data Security, Data Breach, Privacy
A victory for net neutrality; U.S. may join Irish Facebook Data-Transfer case; EU-U.S. Privacy Shield by early July?; French Data Protection Authority opens GDPR consultation; FTC addresses proposed TCPA changes; DOJ and DHS cybersecurity sharing guidelines. Federal appellate court upholds net neutrality The U.S. Court of Appeals for the D.C. Circuit upheld “net neutrality” rules… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of June 6

Posted in Cybersecurity / Data Security, Data Breach, Privacy
$1M Fine for Morgan Stanley Data Breach; German DPA Issues Data Transfer Fines; FTC Critiques FCC Privacy Proposal; New Contractor Cybersecurity Rules; Drone Operations Best Practices Morgan Stanley fined $1M for alleged failure to secure client data The U.S. Securities and Exchange Commission (“SEC”) and Morgan Stanley Smith Barney LLC (“Morgan Stanley”) reached a settlement… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of May 30, 2016

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Health IT, Privacy
EU-U.S. Agreement on Law Enforcement Data; European Data Protection Supervisor Criticizes Privacy Shield; House Members Criticize FCC Privacy Proposal; NHTSA Targets Automotive Cybersecurity; Yahoo Releases National Security Letters; CareFirst Data Breach Lawsuit Dismissed; FDA Guidance on Data Protection in Investigations EU and U.S. sign Umbrella Agreement on Law Enforcement Data On June 2, 2016, Vera… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of May 23, 2016

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy
Data Breach Liability Requires Actual Misuse; More U.S.-EU Data Transfer Uncertainty; Airline App Exempt from State Privacy Law; Pending Cyber Bill Would Create Consortium; Encryption-Related Deceptive Advertising Settlement; PayPal Fined for Deceptive Trade Practices The Spokeo effect: data breach claims require actual examples of information misuse Last week, a federal court dismissed claims alleging harm… Continue Reading

Key Privacy & Cybersecurity Highlights, November 2 – November 8, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
FCC’s expands data security enforcement; Sprint settles FCRA claims; $12.5M fine for background screening agencies; Congress considers auto cybersecurity study; No FCC “do not track” rules; Safe harbor alternatives; No SCA liability for inadvertent disclosure FCC takes first enforcement action related to cable operator’s data security The Federal Communications Commission fined Cox Communications $595,000 for… Continue Reading

Key Privacy & Cybersecurity Highlights, October 26, 2015 – November 1, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
“Safe Harbor 2.0” Agreement in Principle; Senate Passes Cybersecurity Bill; Target Breach Investigation Documents Privileged; Text Message Alert May Fall Within TCPA U.S.-EU reach agreement in principle on data sharing rules Last week, the U.S. and the European Union announced they reached an agreement in principle concerning transatlantic data transfers .  This new deal, to… Continue Reading

Key Privacy & Cybersecurity Highlights for October 19 – October 25, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
Safe Harbor Fallout; Germany Rejects Safe Harbor Alternatives; Judicial Redress Act Passes House; Device IDs Not Personally Identifiable; Sony Settles Data Breach Suit Safe Harbor repercussions in Switzerland, Israel In light of the recent European Court of Justice (“ECJ”) Safe Harbor decision [link:  ], the Swiss Data Protection and Information Commissioner has declared its safe… Continue Reading

Key Privacy & Cybersecurity Developments for October 12, 2015 – October 18, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
Deadline for New Data Sharing Framework; Congress Considers Automobile Cybersecurity; No VPPA Violation for Free Apps; TCPA Standing Expands January 2016 Deadline for New Approach to Transatlantic Data Transfers European data protection agencies (DPAs) and members of the European Commission, operating collectively as “the Article 29 Working Party,” set a January 31, 2016 deadline for… Continue Reading

Key Privacy & Cybersecurity Developments: October 5, 2015 – October 11, 2015

Posted in Cybersecurity / Data Security, Privacy
U.S.-EU Data Sharing Pact Invalidated; Two Lawsuits Based on October Breaches; Dow Jones & Co. Breached; California’s New Comprehensive Privacy Law; California Revises Breach Notification Requirements; California Smart TV Notice Requirements; California Targets “Hackers for Hire”; Cybercrime Costs Increase Top EU Court Invalidates U.S.-EU Safe Harbor On October 6, 2015, the European Court of Justice… Continue Reading

NAIC Provides Cybersecurity Guidance for Insurers, Regulators

Posted in Cybersecurity / Data Security, Insurance, Privacy, Public Sectors
The National Association of Insurance Commissioners (“NAIC”) has encouraged insurers and state insurance regulators to act proactively in reducing cybersecurity risks to consumer financial and health information.  On April 16, the NAIC adopted the Principles for Effective Cybersecurity Insurance Regulatory Guidance (“Principles”), twelve regulatory principles aimed at increasing the protection of [confidential and personally identifiable… Continue Reading