Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Category Archives: Government Agencies

Subscribe to Government Agencies RSS Feed

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
FTC Settles IoT Enforcement Action; HHS Releases HIPAA/NIST Crosswalk; HHS Provides FAQs on Patient Fees for PHI Release; Judicial Redress Act Becomes Law FTC Identifies Reasonable Security Measures Through IoT Enforcement Action The Federal Trade Commission (FTC) settled charges with ASUSTek Computer, Inc. (ASUS), a manufacturer of home router and home networking (or “home cloud”)… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
California AG Defines “Reasonable Security;” Apple Opposes FBI Hack Request; Russia to Enforce Data Localization with (Surprise) Audits; HHS Helps Health App Developers Determine if Subject to HIPAA; Carrier IQ Agrees to $9M Data Leak Settlement California AG Defines “Reasonable Security” California Attorney General (AG) Kamala Harris published the 2016 “California Data Breach Report,” which… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
President announces cybersecurity action plan; Congress passes Judicial Redress Act; French DPA notice provides compliance guidance; and FCC set to enforce CPNI rules. President Obama Announces Cybersecurity Action Plan The President announced his Cybersecurity National Action Plan (CNAP) this week, with a FY 2017 Budget proposal that includes $19 billion on CNAP initiatives – a… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
HHS proposes new substance abuse information confidentiality rules; HHS releases PHI disclosure fact sheets; U.S.-EU Safe Harbor replacement announced; OCR levies civil monetary penalties; and FTC settles charges with technology company for installing apps without consent. HHS Proposes Update to Substance Abuse Confidentiality Rules The U.S. Department of Health and Human Services (“HHS”) announced a… Continue Reading

OCR Levies Second Ever HIPAA Civil Monetary Penalty

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Information Management, Privacy, Rules
For only the second time in its history (following the $4.3 million Cignet case) the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) imposed civil money penalties (CMPs) on a company for violating the Health Insurance Portability and Accountability (HIPAA) Privacy Rule. Lincare, Inc. (Lincare), a home health provider, was… Continue Reading

EU Member States to Investigate EU-U.S. Transfers That Rely Solely on Invalidated Safe Harbor: Starting Now

Posted in Cybersecurity / Data Security, Government Agencies, Privacy, Sanctions
Certain European Union (EU) Member States’ data protection authorities (DPAs) have already started to announce investigations and or “prudential measures” for data transfers solely relying on the invalidated “U.S.-EU Safe Harbor Framework” (Safe Harbor). In the aftermath of the announcement of the “EU-U.S. Privacy Shield” (Privacy Shield), the Article 29 Working Party (WP29), comprised of… Continue Reading

EU Regulators React to New EU-U.S. Privacy Shield

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
The Article 29 Working Party (WP29), consisting of the data protection authorities (DPAs) of all 28 European Union (EU) Member States, met February 2-3 to discuss the future of EU-U.S. data flows. The meeting coincided with an end-of-January deadline that WP29 had set for the European Commission and U.S. Department of Commerce to provide a… Continue Reading

U.S.-EU Safe Harbor Replacement Announced: EU-U.S. Privacy Shield

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
The European Commission (EC) and U.S. Department of Commerce (DOC) announced today that they have replaced the invalidated U.S.-EU Safe Harbor framework with an updated transatlantic framework which adds several new layers of transparency and oversight. Though the text of the agreement will not be available for a few weeks, both parties announced a number… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy
U.S.-EU Safe Harbor renegotiation misses deadline; FDA provides medical device design guidance; FTC settles false advertising claim with health care software vendor over encryption. U.S.-EU Safe Harbor Renegotiation Misses Deadline The deadline for the U.S.-EU Safe Harbor renegotiation, set by the EU Data Protection Authorities (DPAs) after the October 2015 invalidation of Safe Harbor was… Continue Reading

Crowell & Moring’s 2016 Litigation & Regulatory Forecasts: What Corporate Counsel Need to Know for the Coming Year

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Regulations & FISMA, Internet of Things, Privacy
Crowell & Moring LLP is pleased to release its “2016 Litigation & Regulatory Forecasts: What Corporate Counsel Need to Know for the Coming Year.” The reports examine the trends and developments that will impact corporations in the coming year—from the last year of the Obama administration to how corporate litigation strategy is transforming from the… Continue Reading

U.S.-EU Safe Harbor Renegotiation in Jeopardy

Posted in Government Agencies, Privacy
The U.S. Department of Commerce and European Commission have remained publicly optimistic about their renegotiation of the U.S.-EU Safe Harbor (Safe Harbor) following the program’s invalidation by the European Court of Justice in October. Unfortunately, there are signs of trouble in the U.S. Senate and future trouble coming from European Union (EU) regulators. The EU… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy
DoD Issues Year-End DFARS Changes; Russians Now Have the “Right to Be Forgotten”; No Injury in Michael’s Data Breach Suit; FAA Issues Interim Final UAS Rule; New Penalties for Distributing Unique Medical Identifiers Holiday Gift from Defense Department: More Time to Comply with DFARS Safeguarding Rule Last Wednesday, the Department of Defense issued an interim… Continue Reading

Privacy-Cybersecurity Weekly News Update December 14-18, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Social Media
FTC Settles False Ad Claim with LifeLock for $100M; CISA Signed into Law; University of Washington Settles HIPAA Claims Arising from 2013 Data Breach; Senators Urge White House to Search Social Media Profiles During Visa Background Checks; FTC Announces COPPA Settlements with App Developers; Cybersecurity Enters the 2016 Presidential Race. FTC Announces Staggering Sum in… Continue Reading

Privacy-Cybersecurity Weekly News Update December 6- 11, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy
Wyndham-FTC Settlement Looks to PCI; Target Consumer Appeals Settlement; Leaders Propose Encryption Commission; Ashley Madison MDL in St. Louis; FTC Commissioner Warns of FCC ISP Overreach; Moms Sue Over Doll’s IoT Capability Wyndham to Implement PCI-Focused Information Security Program in Settlement with FTC On Wednesday, the FTC and Wyndham settled a long-standing dispute regarding the hospitality… Continue Reading

Key EU Privacy & Cybersecurity Highlights, November 30 – December 6, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
EU Data Protection Law Reform: Most of the General Data Protection Regulation (GDPR) text agreed in principle; Schrems’ second hit – Austrian citizen files three new complaints with EU Data Protection authorities to suspend data transfers outside the EU by Facebook; EU Privacy Regulators to Evaluate VTech Breach. EU Data Protection Law Reform: Most of… Continue Reading

Privacy-Cybersecurity Weekly News Update November 29- December 4, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
Target Settles Data Breach Claims with Banks and Insurers On Thursday, Target agreed to settle claims with a group of financial institutions arising from its 2013 data breach involving customers’ credit card information.  Target reportedly will pay $39 million to settle the class-action suit in federal court in Minnesota.  This settlement follows a $67 million… Continue Reading

Key EU Privacy & Cybersecurity Highlights, November 16 – November 22, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
Record Fine: Belgium’s Court orders Facebook to stop Data Protection law violation under forfeiture of a penalty of € 250,000 per day; Big Data: Opinion of The European Data Protection Supervisor; Safe Harbor Topic 1: Hamburg DPA actively preparing enforcement actions; Data Protection vs. Terrorism: Belgium to push for Passenger Records Law following Paris attacks;… Continue Reading

Key Privacy & Cybersecurity Highlights, November 2 – November 8, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
FCC’s expands data security enforcement; Sprint settles FCRA claims; $12.5M fine for background screening agencies; Congress considers auto cybersecurity study; No FCC “do not track” rules; Safe harbor alternatives; No SCA liability for inadvertent disclosure FCC takes first enforcement action related to cable operator’s data security The Federal Communications Commission fined Cox Communications $595,000 for… Continue Reading

Key Privacy & Cybersecurity Highlights, October 26, 2015 – November 1, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
“Safe Harbor 2.0” Agreement in Principle; Senate Passes Cybersecurity Bill; Target Breach Investigation Documents Privileged; Text Message Alert May Fall Within TCPA U.S.-EU reach agreement in principle on data sharing rules Last week, the U.S. and the European Union announced they reached an agreement in principle concerning transatlantic data transfers .  This new deal, to… Continue Reading

Key Privacy & Cybersecurity Highlights for October 19 – October 25, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
Safe Harbor Fallout; Germany Rejects Safe Harbor Alternatives; Judicial Redress Act Passes House; Device IDs Not Personally Identifiable; Sony Settles Data Breach Suit Safe Harbor repercussions in Switzerland, Israel In light of the recent European Court of Justice (“ECJ”) Safe Harbor decision [link:  ], the Swiss Data Protection and Information Commissioner has declared its safe… Continue Reading

Key Privacy & Cybersecurity Developments for October 12, 2015 – October 18, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
Deadline for New Data Sharing Framework; Congress Considers Automobile Cybersecurity; No VPPA Violation for Free Apps; TCPA Standing Expands January 2016 Deadline for New Approach to Transatlantic Data Transfers European data protection agencies (DPAs) and members of the European Commission, operating collectively as “the Article 29 Working Party,” set a January 31, 2016 deadline for… Continue Reading

Life Without Safe Harbor: Guidance from EU Regulators

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
The EU’s Article 29 Working Party (Art. 29 WP) has now provided guidance on alternative mechanisms for transferring data from the EU to the U.S. after the popular U.S.-EU Safe Harbor mechanism was invalidated by the European Court of Justice (ECJ). The Art. 29 WP guidance, like the ECJ decision, focuses on “massive and indiscriminate… Continue Reading

Key Privacy & Cybersecurity Developments: September 28, 2015 – October 4, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
15M T-Mobile Customers Exposed in Hack; Trump Hotels Hit With Data Breach; Privilege Covering Target Docs Challenged; HHS: OCR Should Strengthen HIPAA Oversight; 17.6M U.S. Victims of Identity Theft in 2014 15M T-Mobile Customers Exposed in Experian Breach Experian has reportedly suffered a major data breach, potentially exposing anyone who applied for a regular T-Mobile… Continue Reading