Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Tag Archives: Cybersecurity / Data Security

Privacy & Cybersecurity Weekly News Update – Week of October 22

Posted in Cybersecurity / Data Security
FCC adopts privacy rules; Privacy Shield challenge; Amendments to EU data transfer decisions; FTC data breach guidance; DOT vehicle cybersecurity best practices; HHS guidance on HIPAA and FTC compliance FCC approves privacy rules for broadband providers In a 3-2 vote, the Federal Communications Commission approved new rules governing internet service providers’ collection and use of… Continue Reading

Privacy & Cybersecurity Weekly News Update – Week of July 24

Posted in Cybersecurity / Data Security, Data Breach, Privacy
Russians Hack Clinton Campaign System; FTC: LabMD Liable in Data Security Suit; EU Member States issue statement on Privacy Shield; NIS Directive published – Implementation into national law by May 2018; EU Data Protection Supervisor: e-Privacy directive should meet GDPR-requirements. Clinton Campaign Data Breach brings data security into 2016 campaign yet again On July 29,… Continue Reading

FTC’s New Chief Technologist Speaks at Crowell & Moring

Posted in Cybersecurity / Data Security, Government Agencies, Information Management, Privacy
Yesterday, Crowell & Moring hosted an International Association of Privacy Professionals (IAPP) KnowledgeNet featuring the Federal Trade Commission’s (FTC) new Chief Technologist, Lorrie Cranor. In her short time at the FTC, Cranor has already made waves by encouraging companies to rethink mandatory password changes.  At the event, Cranor spoke about the focus of her work,… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
FTC Settles IoT Enforcement Action; HHS Releases HIPAA/NIST Crosswalk; HHS Provides FAQs on Patient Fees for PHI Release; Judicial Redress Act Becomes Law FTC Identifies Reasonable Security Measures Through IoT Enforcement Action The Federal Trade Commission (FTC) settled charges with ASUSTek Computer, Inc. (ASUS), a manufacturer of home router and home networking (or “home cloud”)… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
California AG Defines “Reasonable Security;” Apple Opposes FBI Hack Request; Russia to Enforce Data Localization with (Surprise) Audits; HHS Helps Health App Developers Determine if Subject to HIPAA; Carrier IQ Agrees to $9M Data Leak Settlement California AG Defines “Reasonable Security” California Attorney General (AG) Kamala Harris published the 2016 “California Data Breach Report,” which… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
President announces cybersecurity action plan; Congress passes Judicial Redress Act; French DPA notice provides compliance guidance; and FCC set to enforce CPNI rules. President Obama Announces Cybersecurity Action Plan The President announced his Cybersecurity National Action Plan (CNAP) this week, with a FY 2017 Budget proposal that includes $19 billion on CNAP initiatives – a… Continue Reading

Facebook Hit with French Data Protection Authority Action – Including a Safe Harbor Count

Posted in Cybersecurity / Data Security, Privacy, Sanctions
On February 8, 2016, the French Data Protection Authority (CNIL) publicly issued a formal notice to Facebook, following a joint investigation with four other EU regulators, asking the U.S. social network provider to comply with the French Data Protection Act within three months’ time. The notice (unofficial English translation available here), outlined several alleged violations… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
HHS proposes new substance abuse information confidentiality rules; HHS releases PHI disclosure fact sheets; U.S.-EU Safe Harbor replacement announced; OCR levies civil monetary penalties; and FTC settles charges with technology company for installing apps without consent. HHS Proposes Update to Substance Abuse Confidentiality Rules The U.S. Department of Health and Human Services (“HHS”) announced a… Continue Reading

OCR Levies Second Ever HIPAA Civil Monetary Penalty

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Information Management, Privacy, Rules
For only the second time in its history (following the $4.3 million Cignet case) the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) imposed civil money penalties (CMPs) on a company for violating the Health Insurance Portability and Accountability (HIPAA) Privacy Rule. Lincare, Inc. (Lincare), a home health provider, was… Continue Reading

EU Member States to Investigate EU-U.S. Transfers That Rely Solely on Invalidated Safe Harbor: Starting Now

Posted in Cybersecurity / Data Security, Government Agencies, Privacy, Sanctions
Certain European Union (EU) Member States’ data protection authorities (DPAs) have already started to announce investigations and or “prudential measures” for data transfers solely relying on the invalidated “U.S.-EU Safe Harbor Framework” (Safe Harbor). In the aftermath of the announcement of the “EU-U.S. Privacy Shield” (Privacy Shield), the Article 29 Working Party (WP29), comprised of… Continue Reading

EU Regulators React to New EU-U.S. Privacy Shield

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
The Article 29 Working Party (WP29), consisting of the data protection authorities (DPAs) of all 28 European Union (EU) Member States, met February 2-3 to discuss the future of EU-U.S. data flows. The meeting coincided with an end-of-January deadline that WP29 had set for the European Commission and U.S. Department of Commerce to provide a… Continue Reading

Privacy-Cybersecurity Weekly News Update December 6- 11, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy
Wyndham-FTC Settlement Looks to PCI; Target Consumer Appeals Settlement; Leaders Propose Encryption Commission; Ashley Madison MDL in St. Louis; FTC Commissioner Warns of FCC ISP Overreach; Moms Sue Over Doll’s IoT Capability Wyndham to Implement PCI-Focused Information Security Program in Settlement with FTC On Wednesday, the FTC and Wyndham settled a long-standing dispute regarding the hospitality… Continue Reading

Key EU Privacy & Cybersecurity Highlights, November 30 – December 6, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
EU Data Protection Law Reform: Most of the General Data Protection Regulation (GDPR) text agreed in principle; Schrems’ second hit – Austrian citizen files three new complaints with EU Data Protection authorities to suspend data transfers outside the EU by Facebook; EU Privacy Regulators to Evaluate VTech Breach. EU Data Protection Law Reform: Most of… Continue Reading

Privacy-Cybersecurity Weekly News Update November 29- December 4, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
Target Settles Data Breach Claims with Banks and Insurers On Thursday, Target agreed to settle claims with a group of financial institutions arising from its 2013 data breach involving customers’ credit card information.  Target reportedly will pay $39 million to settle the class-action suit in federal court in Minnesota.  This settlement follows a $67 million… Continue Reading

Key EU Privacy & Cybersecurity Highlights, November 16 – November 22, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
Record Fine: Belgium’s Court orders Facebook to stop Data Protection law violation under forfeiture of a penalty of € 250,000 per day; Big Data: Opinion of The European Data Protection Supervisor; Safe Harbor Topic 1: Hamburg DPA actively preparing enforcement actions; Data Protection vs. Terrorism: Belgium to push for Passenger Records Law following Paris attacks;… Continue Reading

Key Privacy & Cybersecurity Highlights, November 2 – November 8, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
FCC’s expands data security enforcement; Sprint settles FCRA claims; $12.5M fine for background screening agencies; Congress considers auto cybersecurity study; No FCC “do not track” rules; Safe harbor alternatives; No SCA liability for inadvertent disclosure FCC takes first enforcement action related to cable operator’s data security The Federal Communications Commission fined Cox Communications $595,000 for… Continue Reading

Key Privacy & Cybersecurity Highlights, October 26, 2015 – November 1, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
“Safe Harbor 2.0” Agreement in Principle; Senate Passes Cybersecurity Bill; Target Breach Investigation Documents Privileged; Text Message Alert May Fall Within TCPA U.S.-EU reach agreement in principle on data sharing rules Last week, the U.S. and the European Union announced they reached an agreement in principle concerning transatlantic data transfers .  This new deal, to… Continue Reading

Key Privacy & Cybersecurity Highlights for October 19 – October 25, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
Safe Harbor Fallout; Germany Rejects Safe Harbor Alternatives; Judicial Redress Act Passes House; Device IDs Not Personally Identifiable; Sony Settles Data Breach Suit Safe Harbor repercussions in Switzerland, Israel In light of the recent European Court of Justice (“ECJ”) Safe Harbor decision [link:  ], the Swiss Data Protection and Information Commissioner has declared its safe… Continue Reading

Key Privacy & Cybersecurity Developments for October 12, 2015 – October 18, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
Deadline for New Data Sharing Framework; Congress Considers Automobile Cybersecurity; No VPPA Violation for Free Apps; TCPA Standing Expands January 2016 Deadline for New Approach to Transatlantic Data Transfers European data protection agencies (DPAs) and members of the European Commission, operating collectively as “the Article 29 Working Party,” set a January 31, 2016 deadline for… Continue Reading

Key Privacy & Cybersecurity Developments: September 28, 2015 – October 4, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
15M T-Mobile Customers Exposed in Hack; Trump Hotels Hit With Data Breach; Privilege Covering Target Docs Challenged; HHS: OCR Should Strengthen HIPAA Oversight; 17.6M U.S. Victims of Identity Theft in 2014 15M T-Mobile Customers Exposed in Experian Breach Experian has reportedly suffered a major data breach, potentially exposing anyone who applied for a regular T-Mobile… Continue Reading

Key Privacy & Cybersecurity Developments: September 21, 2015 – September 27, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
5.6 Million Fingerprints Stolen in OPM Hack; US and China Agree to Economic Cyber Pact; SEC Charges Firm for Failing to Protect Against Hack; EU Court Advisor Says Safe Harbor Agreement Invalid; SEC Commissioner:  Smaller Companies More Targeted for Hacks; NIST Awards 3 Cybersecurity Grants OPM Cyberattack Update:  5.6 Million Fingerprints Stolen The Office of… Continue Reading

EU Court of Justice Advocate General Says Safe Harbor is Invalid

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
A European Court of Justice (ECJ) advocate general released his opinion September 23 in the matter of Maximillian Schrems v. Data Protection Commissioner, a case that questions the “adequacy” of the U.S.-EU Safe Harbor (Safe Harbor). The nonbinding opinion, which will now be considered by the full court in the coming months ruled: (1) that… Continue Reading

Key Privacy & Cybersecurity Developments: September 14 – 20, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
SEC Announces 2nd Round of Cyber Exams; Judge Certifies Target Class Action; DHS Cybersecurity Improvements Needed; DoD Official Calls for Culture Change; Obama to Raise Cyber Concerns with Chinese President SEC Announces 2nd Round of Cybersecurity Exams The Securities and Exchange Commission (SEC) issued a Risk Alert indicating that it would begin a second round… Continue Reading