Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Category Archives: Information Management

Subscribe to Information Management RSS Feed

New Jersey Restricts Retailers’ Collection and Use of Customer Information

Posted in Cybersecurity / Data Security, Data Breach, Information Management, Privacy
On July 21, 2017, Governor Chris Christie signed the Personal Information Privacy and Protection Act (S-1913) (the “Act”) into law, further enhancing the protections afforded to consumers who make retail credit card purchases in New Jersey.  As technology has evolved, many retailers rely on electronic barcode scanners to review and capture information on customers’ driver’s… Continue Reading

New OCR Settlement Targets Safety Net Provider on Security Rule Deficiencies

Posted in Cybersecurity / Data Security, Information Management
On Wednesday, the U.S. Department of Health and Human Services, Office for Civil Rights announced a $400,000 settlement with Metro Community Provider Network arising from MCPN’s alleged failure to implement adequate security management processes to safeguard electronic protected health information in accordance with the Health Insurance Portability and Accountability Act Security Rule. This settlement followed… Continue Reading

Vizio Agrees to $2.2M Settlement Regarding Data Collection Practices

Posted in Government Agencies, Information Management, Internet of Things, Privacy, Uncategorized
Last week, the Federal Trade Commission (“FTC”) announced an agreement settling claims against a television manufacturer arising from the alleged unauthorized collection of television viewing data.  The FTC, along with the State of New Jersey, alleged that certain “smart TVs” manufactured and sold by VIZIO, Inc. and its subsidiary VIZIO Inscape Services (collectively, “VIZIO”) failed… Continue Reading

Insider Threats Meet Litigation

Posted in Cybersecurity / Data Security, Data Breach, Government Contracting, Information Management
Last week, we highlighted our colleagues’ post in Crowell’s Trade Secrets Trends focusing on recent comments submitted by the U.S. Chamber of Commerce regarding the need to stem the cyber theft of intellectual property.  Today, we once again turn to our sister blog to highlight an example of how that theft plays out in the… Continue Reading

U.S. Chamber of Commerce on Trade Secrets Protections

Posted in Cybersecurity / Data Security, Government Agencies, Information Management
Earlier this month, the U.S. Chamber of Commerce submitted comments in response to the National Institute of Standards & Technology’s request for information regarding cybersecurity and the digital economy. The Chamber’s comments focused on specifics such as the NIST Cybersecurity Framework and the Cybersecurity Information Sharing Act of 2015, but it also discussed more generally… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of July 9

Posted in Admissibility, Cybersecurity / Data Security, Government Agencies, Information Management, Privacy, Rules, Social Media, Transnational Discovery
“Pokémon Go” Developer feels the heat over data collection; 2nd Circuit Ruling limits government’s access to data stored overseas; 9th Circuit CFAA Ruling increases Facebook’s control over its Users’ Data; Dutch Study reveals tension between EU Trade Deals and Data Protection “Pokémon Go” Developer in Hot Water over Extensive Data Collection Practices In early July,… Continue Reading

2nd Circuit: Government Cannot Force Companies to Hand Over Communications Data Stored Overseas

Posted in Accessibility, Criminal Law, Government Agencies, Information Management, Privacy, Transnational Discovery
The Second Circuit today issued a much-anticipated ruling holding that U.S. firms are not required to turn over user data stored overseas, even in the face of a government warrant.  This decision arose from Microsoft’s December 2014 appeal of a civil contempt ruling against the tech giant for refusing to turn over the personal data… Continue Reading

FTC’s New Chief Technologist Speaks at Crowell & Moring

Posted in Cybersecurity / Data Security, Government Agencies, Information Management, Privacy
Yesterday, Crowell & Moring hosted an International Association of Privacy Professionals (IAPP) KnowledgeNet featuring the Federal Trade Commission’s (FTC) new Chief Technologist, Lorrie Cranor. In her short time at the FTC, Cranor has already made waves by encouraging companies to rethink mandatory password changes.  At the event, Cranor spoke about the focus of her work,… Continue Reading

OCR Levies Second Ever HIPAA Civil Monetary Penalty

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Information Management, Privacy, Rules
For only the second time in its history (following the $4.3 million Cignet case) the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) imposed civil money penalties (CMPs) on a company for violating the Health Insurance Portability and Accountability (HIPAA) Privacy Rule. Lincare, Inc. (Lincare), a home health provider, was… Continue Reading

Interim Rule Could Expand Already Onerous DFARS Cyber Requirements

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Contracting, Government Regulations & FISMA, Information Management, Privacy, Public Sectors, Rules
Yesterday, the DoD published an Interim Rule that, if finalized as drafted, would expand the already onerous requirements of the DFARS Safeguarding Clause to a broader array of potentially 10,000 defense contractors.  Citing “recent high-profile breaches of federal information,” the DoD’s Interim Rule emphasizes the need for clear, effective, and consistent cybersecurity protections in its… Continue Reading

Economic Espionage: A Real Risk for Universities

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Contracting, Government Regulations & FISMA, Information Management, Privacy, Public Sectors
The recent arrests of Chinese nationals for alleged economic espionage are raising eyebrows across American industries, who are rightfully asking how they can protect themselves from becoming the next foreign target. U.S. universities have been key figures in these headlines. The risk of economic espionage is a serious one for higher education because universities are… Continue Reading

Digital Privacy and E-Discovery in Government Investigations and Criminal Litigation

Posted in Accessibility, Cloud Computing, Cooperation/Meet & Confer, Criminal Law, Cybersecurity / Data Security, Ethics, Government Agencies, Information Management, Preservation, Privacy, Privilege/Rule 502, Public Sectors, Rules, Sanctions, Social Media, Spoliation
In conjunction with the 2015 American Bar Association annual State of Criminal Justice publication, Louisa Marion and I have published a new chapter on “Digital Privacy and E-Discovery in Government Investigations and Criminal Litigation.” The article provides an in-depth look at many of the current and cutting edge issues raised by digital privacy and e-discovery… Continue Reading

Three State Data Breach Laws Set to Change This Summer

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Regulations & FISMA, Information Management, Privacy
With Memorial Day unofficially kicking off summer, those keeping up on recent changes to state data breach laws are eyeing their calendars, as a series of state amendments are due to come into effect.  Beginning on July 1, both Nevada and Wyoming will expand their definitions of personal information.  One month later on August 1,… Continue Reading

Technology Coalition tells the President: Encryption Back Doors are a Bad Idea

Posted in Cybersecurity / Data Security, Ethics, Government Agencies, Information Management, Privacy
In an open letter to President Obama, 143 of the nation’s most well-known businesses, trade associations, academics, and organizations urged the President to promote strong encryption technologies. The letter was prompted by recent law enforcement (including the FBI and NSA) advocacy for built-in government access to encrypted data despite a December 2013 recommendation by the… Continue Reading

Supreme Court to Consider Congressionally-Conferred Privacy Breach Standing

Posted in Data Breach, Government Regulations & FISMA, Information Management, Privacy, Social Media
One year ago, data broker Spokeo, Inc. asked the Supreme Court to reconsider the Ninth Circuit’s revival of a putative class action against it for willfully violating the Fair Credit Reporting Act (“FCRA”) by publishing personal information without notice.  This week, the Court heeded that request, granting certiorari.  In doing so, it has paved the… Continue Reading

OCR Fines Pharmacy Over Potential Violation of HIPAA Privacy Rule

Posted in Government Agencies, Information Management, Privacy
On April 22, 2015, Cornell Prescription Pharmacy (Cornell), a small pharmacy with a single location in the Denver, Colorado area, agreed to settle potential violations of the HIPAA Privacy Rule with the Department of Health and Human Services Office for Civil Rights (“OCR”).  The settlement requires Cornell to pay a $125,000 fine and agree to… Continue Reading

Join Us for OOPS 2015! Cybersecurity Risk Management: The View from Washington and Beyond

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Contracting, Information Management, Internet of Things, Privacy, Public Sectors
Crowell & Moring would like to invite government contractors to ring-side seats for the fight of the year – Congress v. the White House.  This year’s Ounce of Prevention Seminar (OOPS) will focus on the dynamic interplay between the opposite ends of Pennsylvania Avenue and how it will ultimately impact government contractors across the industry.… Continue Reading

ONC’s Privacy & Security Guide Updates Information on HIPAA Rules & EHR Incentive Program

Posted in Cybersecurity / Data Security, Government Agencies, Information Management, Privacy
Smaller health care practices and providers now have another reason to bookmark the website of the Office of the National Coordinator for Health Information Technology (ONC).  Yesterday, the ONC published Version 2.0 of its “Guide to Privacy and Security of Electronic Health Information” (the Guide).  Overall, the 62-page Guide provides health care providers with “plain… Continue Reading

FTC dives deeper on U.S.-EU Safe Harbor enforcement

Posted in Cybersecurity / Data Security, Information Management, Privacy, Sanctions
On April 7, 2015 the Federal Trade Commission (FTC) announced two new U.S.-EU Safe Harbor cases. TES Franchising, LLC and American International Mailing, Inc. have agreed to settle FTC charges that the companies falsely claimed they were abiding by the U.S.-EU Safe Harbor Framework, a voluntary but enforceable framework that enables U.S. companies to transfer… Continue Reading

Cyber Executive Order Continues the Push for Public-Private Partnerships

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Regulations & FISMA, Information Management, Privacy, Public Sectors
In conjunction with his remarks at the White House Summit on Cybersecurity at Stanford University earlier this month, President Obama signed Executive Order 13691, entitled “Promoting Private Sector Cybersecurity Information Sharing.”  Published in the Federal Register last week, the Order is intended to encourage and facilitate cybersecurity information sharing within the private sector, and also… Continue Reading

New Jersey Becomes Second State to Require Encrypting Certain Personal Information

Posted in Cybersecurity / Data Security, Information Management, Privacy
Beginning August 1, 2015, New Jersey health insurers must encrypt personal information maintained on their computer systems and transmitted through public networks, or face civil penalties and fines under the state’s newly enacted Senate Bill No. 562 (“SB 562”). While SB 562’s requirements will have broad applicability to a wide range of “end user computer… Continue Reading

President Obama Announces Major Cyber and Privacy Legislation

Posted in Criminal Law, Cybersecurity / Data Security, Data Breach, Government Agencies, Government Regulations & FISMA, Information Management, Privacy
President Obama recently proposed several new laws reflecting the administration’s increased focus on privacy and cyber issues. The proposals seek to create a consistent national data breach notification law (to replace the current patchwork of 47 state laws), to encourage cyber threat information sharing, and to update cybercrime enforcement. Although Immediate reactions to the proposed… Continue Reading

Snapchat Settlement Highlights Continued FTC Scrutiny of Privacy and Security Representations

Posted in Cybersecurity / Data Security, Data Breach, Government Regulations & FISMA, Information Management, Privacy, Sanctions
The Federal Trade Commission (FTC) has been at it again, settling on December 31, 2014 with Snapchat over privacy and data security concerns stemming from its text and video mobile messaging services. The settlement is instructive for gauging the FTC’s enforcement priorities and illustrates the steep costs a company can face when the FTC alleges… Continue Reading

Tough New Privacy Protections in California

Posted in Cybersecurity / Data Security, Data Breach, Information Management, Privacy
California Governor Jerry Brown has signed into law Assembly Bill 1710, which includes new personal information protections that affect all businesses that “own, license, or maintain personal information about Californians.” In what may be a sign of things to come for other jurisdictions, the new law includes the nation’s first mandatory state requirement for breached… Continue Reading