Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Category Archives: Privacy

Subscribe to Privacy RSS Feed

New Jersey Restricts Retailers’ Collection and Use of Customer Information

Posted in Cybersecurity / Data Security, Data Breach, Information Management, Privacy
On July 21, 2017, Governor Chris Christie signed the Personal Information Privacy and Protection Act (S-1913) (the “Act”) into law, further enhancing the protections afforded to consumers who make retail credit card purchases in New Jersey.  As technology has evolved, many retailers rely on electronic barcode scanners to review and capture information on customers’ driver’s… Continue Reading

FBI and FTC on Privacy Risks Stemming from “Smart” Toys

Posted in Advertising & Product Risk Management, Cybersecurity / Data Security, Privacy
Earlier this month, the Federal Bureau of Investigation (FBI) issued a public comment about privacy, cybersecurity, and safety risks associated with internet-connected toys.  The FBI’s comment builds on the Federal Trade Commission’s recent amendment to the Children’s Online Privacy Protection Act (COPPA), which explicitly states that connected toys are deemed “websites or online services” subject… Continue Reading

Supreme Court to Hear Major Cellphone Privacy Case

Posted in Admissibility, Litigation, Privacy
Yesterday, the Supreme Court announced that it will hear a case with significant ramifications for privacy in the digital age. The case involves a man convicted of armed robbery based in part on cellphone location data obtained without a probable cause warrant. The conviction was appealed at the Sixth Circuit Court of Appeals, which held… Continue Reading

Vizio Agrees to $2.2M Settlement Regarding Data Collection Practices

Posted in Government Agencies, Information Management, Internet of Things, Privacy, Uncategorized
Last week, the Federal Trade Commission (“FTC”) announced an agreement settling claims against a television manufacturer arising from the alleged unauthorized collection of television viewing data.  The FTC, along with the State of New Jersey, alleged that certain “smart TVs” manufactured and sold by VIZIO, Inc. and its subsidiary VIZIO Inscape Services (collectively, “VIZIO”) failed… Continue Reading

December 2016 Monthly Update

Posted in Cybersecurity / Data Security, Data Breach, Ethics, Government Agencies, Health IT, Privacy, Rules
Kansas Judge Rules that Class Action over CareCentrix Data Breach may Proceed On December 19, 2016, in Hapka v. Carecentrix, the United States District Court for the District of Kansas denied CareCentrix, Inc.’s (CareCentrix) motion to dismiss a class action suit arising from a data breach affecting CareCentrix’s personal and tax information regarding thousands of… Continue Reading

Missouri District Court Relieves Insurer of Duty to Defend TCPA Suit

Posted in Insurance, Privacy
On December 15, 2016, in The Travelers Indemnity Co. of Connecticut v. Max Margulis, et al., the U.S.  District Court for the Eastern District of Missouri ruled that an insurer did not have a duty to defend its policyholder in a suit alleging a violation of the Telephone Consumer Protection Act (“TCPA”). Margulis is one… Continue Reading

Privacy-Cybersecurity Weekly News Update—Week of November 20 and November 27

Posted in Cybersecurity / Data Security, Data Breach, Privacy
Discussion headlines: UMass settles alleged HIPAA violations; FCC combatting robotexts and robocalls; TCPA class certification; failed investor suit over data breach; UK surveillance bill became law UMass pays $650,000 to settle alleged HIPAA violations The University of Massachusetts Amherst (UMass) reached an agreement to pay $650,000 to settle alleged HIPAA violations based on the disclosure… Continue Reading

Alabama District Court Relieves Carrier of a Duty to Defend or Indemnify Policyholder Following Data Breach

Posted in Cybersecurity / Data Security, Data Breach, Insurance, Privacy
On October 25, in the case of Camp’s Grocery, Inc. v. State Farm Fire & Casualty Company, the District Court for the Northern District of Alabama granted summary judgment in favor of State Farm Fire and Casualty Company (“State Farm”), concluding that State Farm did not have to defend or indemnify its policyholder, Camp’s Grocery… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Health IT, Privacy
Hamburg DPA orders WhatsApp to stop sharing data with Facebook; GAO: HHS Needs to Improve is Digital Health Protection Rules; Notice and Choice Becoming Par for the Course for Interest-Based-Ads in Apps German Data Protection Authority of Hamburg orders WhatsApp to stop sharing data with Facebook On September 27, 2016, the Hamburg Commissioner for Data… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Privacy
NHTSA Issues Voluntary Driverless Car Guidelines; European Privacy Supervisor proposes Digital Clearing House for coherent handling of Big Data cases; Facebook and Power Ventures Battle Over the Scope of the CFAA; Arizona Supreme Court: Police Cannot Search Unlocked, Unattended Phone; German consumer group urges Whatsapp to stop sharing data with Facebook; German DPA issues guidelines… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy
Privacy law meets antitrust – EU Commissioner Vestager on data in competition law; ECJ to rule on admissibility of Privacy class actions; Northern District of California Sends Yelp Privacy Suit to the Jury; EU Advocate General finds EU-Canadian PNR pact unlawful; New York Unveils New Cyber Security Rules for Financial Services Organizations; New Jersey Senate… Continue Reading

Privacy & Cybersecurity Weekly News Update – Week of September 12

Posted in Cybersecurity / Data Security, Privacy
    HHS Jumps on the Cybersecurity Information Sharing Bandwagon; Third Circuit on Economic Loss as a basis for Negligence Claim; FTC workshop on Ransomware; German draft implementing law for GDPR revealed. HHS Jumps on the Cybersecurity Information Sharing Bandwagon Because of recent news reports confirming that cyberattacks against healthcare agencies have increased 125 %… Continue Reading

Privacy & Cybersecurity Weekly News Update – Week of August 28

Posted in Cybersecurity / Data Security, Privacy
Bavarian DPA: fines under GDPR to be calculated based on revenues of whole company group; ICO publishes report on data security incident trends. Bavarian DPA: fines under GDPR to be calculated based on revenues of whole company group On September 01, 2016, the German Data Protection Authority of Bavaria (BayLDA) has announced that according to… Continue Reading

Privacy & Cybersecurity Weekly News Update – Week of August 21

Posted in Cybersecurity / Data Security, Privacy
ICO investigating into Facebook and WhatsApp Data Sharing Plans; Germany and France publish joint action plan against encryption; PrivacyShield now covering 200 U.S. companies. UK DPA investigating into Facebook and WhatsApp Data Sharing Plans The United Kingdom’s Information Commissioner (‘ICO’) is taking a closer look into WhatsApp’s plan to share more user data with parent… Continue Reading

Privacy & Cybersecurity Weekly News Update – Week of August 14

Posted in Privacy
First self-certifications accepted under Privacy Shield; EU Commission considers extension of telecommunication rules to apps. U.S. Department of Commerce accepts first bunch of self-certifications under Privacy Shield About 2 weeks after the announced start of the certification procedure under the “EU-U.S. Privacy Shield” (‘Privacy Shield’) on August 1, 2016, the U.S. Department of Commerce (‘DoC’)… Continue Reading

Privacy & Cybersecurity Weekly News Update Week of August 7

Posted in Privacy
EU Commission publishes first results of consultation of e-Privacy Directive; Irish DPA issues Guidance on Location Data. European Commission publishes summary report on consultation of e-Privacy Directive On August 4, 2016, the European Commission has published a first summary report on the public consultation on the evaluation and review of the e-Privacy Directive (Directive 2002/58/EC… Continue Reading

Upcoming Free Privacy/Cyber Event: Healthy Data Management Webinar

Posted in Cybersecurity / Data Security, Health IT, Privacy
On Thursday, September 8, 2016 from 1:00 PM to 2:00 PM ET Crowell & Moring’s Elliot Golding will be speaking as part of a 60-minute Bloomberg BNA Webinar on Healthy Data Management: Essential Strategies for Governing PHI, PII, and Highly Sensitive Data during an Acquisition or Divestiture.  The panel discussion will cover the information governance… Continue Reading

Privacy & Cybersecurity Weekly News Update – Week of July 31

Posted in Cybersecurity / Data Security, Data Breach, Health IT, Privacy, Social Media
‘Privacy Shield’ certifications possible since August 1, 2016; Hamburg DPA aims to challenge ‘Privacy Shield’; EU Court rules on applicability of EU privacy laws to online companies; Pokémon Go violating EU Privacy Laws?; Norwegian DPA criticizes ‘Facebook at Work’; Advocate Health to Pay Largest HIPAA Settlement Ever; FTC Overrules LabMD Dismissal; Banner Health Cyberattack Affects… Continue Reading

Proposals to Protect Health Data Outside of HIPAA

Posted in Health IT, Privacy
Last month, the Office of the National Coordinator for Health Information Technology (“ONC”) sent a report to Congress highlighting the absence of adequate privacy and security safeguards for health data collected by entities not regulated by HIPAA.  For a discussion regarding the next steps to address these privacy and security gaps, please see our recent article in… Continue Reading

Privacy & Cybersecurity Weekly News Update – Week of July 24

Posted in Cybersecurity / Data Security, Data Breach, Privacy
Russians Hack Clinton Campaign System; FTC: LabMD Liable in Data Security Suit; EU Member States issue statement on Privacy Shield; NIS Directive published – Implementation into national law by May 2018; EU Data Protection Supervisor: e-Privacy directive should meet GDPR-requirements. Clinton Campaign Data Breach brings data security into 2016 campaign yet again On July 29,… Continue Reading

Privacy & Cybersecurity Weekly News Update – Week of July 17

Posted in Accessibility, Criminal Law, Cybersecurity / Data Security, Privacy
DOJ Proposes Workaround to Microsoft Ruling; United States Joins Irish Facebook Case; St. Louis Cardinals Scouting Director Sentenced to 46 Months; EU’s Advocate General Okays National Data Retention Laws; Data Protection Authority of Hamburg Becomes “Completely Independent”; 9th Circuit Suggests Password Sharing is a Federal Crime DOJ Seeks Legislative Circumvention of 2nd Circuit’s Microsoft Ruling… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of July 9

Posted in Admissibility, Cybersecurity / Data Security, Government Agencies, Information Management, Privacy, Rules, Social Media, Transnational Discovery
“Pokémon Go” Developer feels the heat over data collection; 2nd Circuit Ruling limits government’s access to data stored overseas; 9th Circuit CFAA Ruling increases Facebook’s control over its Users’ Data; Dutch Study reveals tension between EU Trade Deals and Data Protection “Pokémon Go” Developer in Hot Water over Extensive Data Collection Practices In early July,… Continue Reading