Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Maida Oringher Lerner

Maida Oringher Lerner

Maida Lerner is senior counsel in Crowell & Moring’s Washington, D.C. office and a part of the firm’s Environment & Natural Resources and Government Contracts groups. Maida counsels a broad group of clients on homeland security, environmental, and administrative matters, including regulated utilities, trade associations, and companies in the pipeline, transportation, education, health care, and manufacturing sectors. Maida’s homeland security practice has a particular emphasis on chemical security, critical infrastructure, the SAFETY Act, and corporate compliance. Her environmental practice focuses on the Clean Air and Endangered Species Acts.

Read Maida's bio on Crowell & Moring's website

Subscribe to all posts by Maida Oringher Lerner

New OCR Settlement Targets Safety Net Provider on Security Rule Deficiencies

Posted in Cybersecurity / Data Security, Information Management
On Wednesday, the U.S. Department of Health and Human Services, Office for Civil Rights announced a $400,000 settlement with Metro Community Provider Network arising from MCPN’s alleged failure to implement adequate security management processes to safeguard electronic protected health information in accordance with the Health Insurance Portability and Accountability Act Security Rule. This settlement followed… Continue Reading

Home Depot Settles Major Data Breach Suit with Financial Institutions for $25 Million

Posted in Data Breach
On Wednesday, in one of the most high-profile data breach settlements to date, The Home Depot agreed to pay $25 million to settle a consolidated class action involving more than 60 nationwide financial institutions harmed by the retailer’s September 2014 data breach.  That month, the home improvement giant announced that hackers had installed malware on… Continue Reading

Privacy & Cybersecurity Weekly News Update – Week of July 31

Posted in Cybersecurity / Data Security, Data Breach, Health IT, Privacy, Social Media
‘Privacy Shield’ certifications possible since August 1, 2016; Hamburg DPA aims to challenge ‘Privacy Shield’; EU Court rules on applicability of EU privacy laws to online companies; Pokémon Go violating EU Privacy Laws?; Norwegian DPA criticizes ‘Facebook at Work’; Advocate Health to Pay Largest HIPAA Settlement Ever; FTC Overrules LabMD Dismissal; Banner Health Cyberattack Affects… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of June 26

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Health IT, Privacy, Social Media
Adoption of Privacy Shield expected in early July; Federal Court limits VPPA liability; Belgian Court overturns Facebook fine; FTC robocall crackdown; A rare HIPAA criminal conviction; UK’s ICO fines Brexit campaigners for mass text messages; House report calls for national encryption commission. European Commission expects adoption of Privacy Shield for beginning of July European officials… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of June 20, 2016

Posted in Cybersecurity / Data Security, Data Breach, Health IT, Internet of Things, Privacy
Brexit effect on EU and UK Privacy rules; EU and U.S. to strengthen ‘Privacy Shield’; Ponemon Study on Healthcare Data Security; Mobile ad provider fined for deceptive conduct FTC comments on the Internet of Things Brexit – what does it mean for EU and UK Privacy rules? On June 23, 2016, the population of Great… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of June 13

Posted in Cybersecurity / Data Security, Data Breach, Privacy
A victory for net neutrality; U.S. may join Irish Facebook Data-Transfer case; EU-U.S. Privacy Shield by early July?; French Data Protection Authority opens GDPR consultation; FTC addresses proposed TCPA changes; DOJ and DHS cybersecurity sharing guidelines. Federal appellate court upholds net neutrality The U.S. Court of Appeals for the D.C. Circuit upheld “net neutrality” rules… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of June 6

Posted in Cybersecurity / Data Security, Data Breach, Privacy
$1M Fine for Morgan Stanley Data Breach; German DPA Issues Data Transfer Fines; FTC Critiques FCC Privacy Proposal; New Contractor Cybersecurity Rules; Drone Operations Best Practices Morgan Stanley fined $1M for alleged failure to secure client data The U.S. Securities and Exchange Commission (“SEC”) and Morgan Stanley Smith Barney LLC (“Morgan Stanley”) reached a settlement… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of May 30, 2016

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Health IT, Privacy
EU-U.S. Agreement on Law Enforcement Data; European Data Protection Supervisor Criticizes Privacy Shield; House Members Criticize FCC Privacy Proposal; NHTSA Targets Automotive Cybersecurity; Yahoo Releases National Security Letters; CareFirst Data Breach Lawsuit Dismissed; FDA Guidance on Data Protection in Investigations EU and U.S. sign Umbrella Agreement on Law Enforcement Data On June 2, 2016, Vera… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Internet of Things, Privacy
FCC Adopts a NPRM for Privacy Proposal; FTC Chairwoman Wants IoT Threat Addressed; Consumer Reports Hit with Privacy Class Action; DOJ Accesses Shooter’s Phone and Drops Apple Suit   FCC Adopts a NPRM for Privacy Proposal On Thursday, March 31 in a 3-2 party-line vote, the FCC advanced a Notice of Proposed Rulemaking (NPRM) for… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy
OCR Launches Next Round of HIPAA Audits; French Privacy Office Levies € 100,000 Fine on Google; SEC Reaches $18 Million Settlement for Alleged Hacker-Trader Conspiracy; FTC and Canadian Regulator Execute Anti-Spam MOU; FTC Commissioner Announces She Will Step Down OCR Launches Next Round of HIPAA Audits Last Monday, following much anticipation, the Department of Health… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Social Media
OCR Announces a Settlement … Again; HHS Eases Restrictions on Mental Health Information Sharing to Facilitate Gun Control Efforts; Facebook: Users Lack Standing in Cookie MDL; Plaintiffs Argue for Summary Judgment in $5 Million Twitter TCPA Suit OCR Announces a Settlement … Again For the second time this week, OCR announced another huge settlement. The… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Data Breach, Internet of Things, Privacy
US Changes Stance on Wassenaar Arrangement Hacking Amendment; FCC Proposes Privacy Rules for Internet Providers; New Jersey Supreme Court Unanimously Approves Roving Wiretaps; FTC Commissioner Opposes Encryption Backdoor Legislation US Changes Stance on Wassenaar Arrangement Hacking Amendment Last week, the U.S. executive branch announced that it will change its stance on the 2013 amendment to… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Data Breach, Privacy
EU-US Privacy Shield Principles Released; No Insurance Coverage for Data Breach, New York Court Holds; CFPB Levies First Data Security Fine; New York Court Sides with Apple in 4th Amendment War; “I confirm that I am over 13 years old” Checkbox Ruled Not an Effective Age-Screener EU-US Privacy Shield Principles Released After years of negotiations… Continue Reading

Interim Rule Could Expand Already Onerous DFARS Cyber Requirements

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Contracting, Government Regulations & FISMA, Information Management, Privacy, Public Sectors, Rules
Yesterday, the DoD published an Interim Rule that, if finalized as drafted, would expand the already onerous requirements of the DFARS Safeguarding Clause to a broader array of potentially 10,000 defense contractors.  Citing “recent high-profile breaches of federal information,” the DoD’s Interim Rule emphasizes the need for clear, effective, and consistent cybersecurity protections in its… Continue Reading

Economic Espionage: A Real Risk for Universities

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Contracting, Government Regulations & FISMA, Information Management, Privacy, Public Sectors
The recent arrests of Chinese nationals for alleged economic espionage are raising eyebrows across American industries, who are rightfully asking how they can protect themselves from becoming the next foreign target. U.S. universities have been key figures in these headlines. The risk of economic espionage is a serious one for higher education because universities are… Continue Reading

Join Us for OOPS 2015! Cybersecurity Risk Management: The View from Washington and Beyond

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Contracting, Information Management, Internet of Things, Privacy, Public Sectors
Crowell & Moring would like to invite government contractors to ring-side seats for the fight of the year – Congress v. the White House.  This year’s Ounce of Prevention Seminar (OOPS) will focus on the dynamic interplay between the opposite ends of Pennsylvania Avenue and how it will ultimately impact government contractors across the industry.… Continue Reading

Cyber Executive Order Continues the Push for Public-Private Partnerships

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Regulations & FISMA, Information Management, Privacy, Public Sectors
In conjunction with his remarks at the White House Summit on Cybersecurity at Stanford University earlier this month, President Obama signed Executive Order 13691, entitled “Promoting Private Sector Cybersecurity Information Sharing.”  Published in the Federal Register last week, the Order is intended to encourage and facilitate cybersecurity information sharing within the private sector, and also… Continue Reading