Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Tag Archives: Privacy

Privacy & Cybersecurity Weekly News Update- Week of June 13

Posted in Cybersecurity / Data Security, Data Breach, Privacy
A victory for net neutrality; U.S. may join Irish Facebook Data-Transfer case; EU-U.S. Privacy Shield by early July?; French Data Protection Authority opens GDPR consultation; FTC addresses proposed TCPA changes; DOJ and DHS cybersecurity sharing guidelines. Federal appellate court upholds net neutrality The U.S. Court of Appeals for the D.C. Circuit upheld “net neutrality” rules… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of June 6

Posted in Cybersecurity / Data Security, Data Breach, Privacy
$1M Fine for Morgan Stanley Data Breach; German DPA Issues Data Transfer Fines; FTC Critiques FCC Privacy Proposal; New Contractor Cybersecurity Rules; Drone Operations Best Practices Morgan Stanley fined $1M for alleged failure to secure client data The U.S. Securities and Exchange Commission (“SEC”) and Morgan Stanley Smith Barney LLC (“Morgan Stanley”) reached a settlement… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of May 30, 2016

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Health IT, Privacy
EU-U.S. Agreement on Law Enforcement Data; European Data Protection Supervisor Criticizes Privacy Shield; House Members Criticize FCC Privacy Proposal; NHTSA Targets Automotive Cybersecurity; Yahoo Releases National Security Letters; CareFirst Data Breach Lawsuit Dismissed; FDA Guidance on Data Protection in Investigations EU and U.S. sign Umbrella Agreement on Law Enforcement Data On June 2, 2016, Vera… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of May 23, 2016

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy
Data Breach Liability Requires Actual Misuse; More U.S.-EU Data Transfer Uncertainty; Airline App Exempt from State Privacy Law; Pending Cyber Bill Would Create Consortium; Encryption-Related Deceptive Advertising Settlement; PayPal Fined for Deceptive Trade Practices The Spokeo effect: data breach claims require actual examples of information misuse Last week, a federal court dismissed claims alleging harm… Continue Reading

Privacy & Cybersecurity News Update- 3 Week Summary

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Internet of Things, Privacy
The Panama Papers Leak – An overview on histories’ biggest data leak; Article 29 Working Party about to release opinion on EU-U.S. Privacy Shield; EU: GDPR and PCJ DPD about to be approved next week – final consolidated text published by Council; US: New HIPAA Audit Protocol Released as a Guidance Tool for phase two… Continue Reading

Fourth Circuit Affirms Carrier’s Duty to Defend Against Security Breach Claims Under Traditional Insurance Policy

Posted in Cybersecurity / Data Security, Data Breach, Insurance, Privacy
Following an April 11 ruling by the Fourth Circuit in Travelers Indemnity Company of America v. Portal Healthcare Solutions, LLC, Travelers must defend its policyholder, Portal Healthcare, in a class action lawsuit concerning a security breach.  For years, courts have wrestled with whether traditional commercial general liability (CGL) policies provide coverage in event of a… Continue Reading

FTC’s New Chief Technologist Speaks at Crowell & Moring

Posted in Cybersecurity / Data Security, Government Agencies, Information Management, Privacy
Yesterday, Crowell & Moring hosted an International Association of Privacy Professionals (IAPP) KnowledgeNet featuring the Federal Trade Commission’s (FTC) new Chief Technologist, Lorrie Cranor. In her short time at the FTC, Cranor has already made waves by encouraging companies to rethink mandatory password changes.  At the event, Cranor spoke about the focus of her work,… Continue Reading

EU DPAs Say Privacy Shield an Improvement but Needs Some Work

Posted in Government Agencies, Privacy
Uncertainty surrounding the U.S.-EU Safe Harbor (Safe Harbor) replacement, the EU-U.S. Privacy Shield (Privacy Shield), will remain for now. On April 13, 2016 the European Union (EU) Article 29 Working Party (WP29) comprised of all 28 EU member state data protection authorities (DPAs) announced its official but non-binding opinion on the European Commission’s (EC) draft… Continue Reading

FTC’s New Online Quiz: Which Federal Laws Apply to Your App?

Posted in Government Agencies, Government Regulations & FISMA, Health IT, Privacy
On Tuesday, the FTC simultaneously released a “Mobile Health App Interactive Tool” and “Best Practices,” to help mobile health app developers navigate the maze of federal regulation, including data privacy regulation.  The tool walks developers through a series of high level questions about the nature of their app, and uses the answers to those questions… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Internet of Things, Privacy
FCC Adopts a NPRM for Privacy Proposal; FTC Chairwoman Wants IoT Threat Addressed; Consumer Reports Hit with Privacy Class Action; DOJ Accesses Shooter’s Phone and Drops Apple Suit   FCC Adopts a NPRM for Privacy Proposal On Thursday, March 31 in a 3-2 party-line vote, the FCC advanced a Notice of Proposed Rulemaking (NPRM) for… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy
OCR Launches Next Round of HIPAA Audits; French Privacy Office Levies € 100,000 Fine on Google; SEC Reaches $18 Million Settlement for Alleged Hacker-Trader Conspiracy; FTC and Canadian Regulator Execute Anti-Spam MOU; FTC Commissioner Announces She Will Step Down OCR Launches Next Round of HIPAA Audits Last Monday, following much anticipation, the Department of Health… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Social Media
OCR Announces a Settlement … Again; HHS Eases Restrictions on Mental Health Information Sharing to Facilitate Gun Control Efforts; Facebook: Users Lack Standing in Cookie MDL; Plaintiffs Argue for Summary Judgment in $5 Million Twitter TCPA Suit OCR Announces a Settlement … Again For the second time this week, OCR announced another huge settlement. The… Continue Reading

NAIC Announces Insurance Data Security Model Law

Posted in Cybersecurity / Data Security, Data Breach, Insurance, Privacy
On March 2, 2016, the National Association of Insurance Commissioners (NAIC) Cybersecurity Task Force proposed a new model law intended to “establish the exclusive standards for data security and investigation and notification of a breach of data security” in the insurance industry. The model law requires licensed insurers and producers to: Develop, implement and maintain… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Data Breach, Internet of Things, Privacy
US Changes Stance on Wassenaar Arrangement Hacking Amendment; FCC Proposes Privacy Rules for Internet Providers; New Jersey Supreme Court Unanimously Approves Roving Wiretaps; FTC Commissioner Opposes Encryption Backdoor Legislation US Changes Stance on Wassenaar Arrangement Hacking Amendment Last week, the U.S. executive branch announced that it will change its stance on the 2013 amendment to… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Data Breach, Privacy
EU-US Privacy Shield Principles Released; No Insurance Coverage for Data Breach, New York Court Holds; CFPB Levies First Data Security Fine; New York Court Sides with Apple in 4th Amendment War; “I confirm that I am over 13 years old” Checkbox Ruled Not an Effective Age-Screener EU-US Privacy Shield Principles Released After years of negotiations… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
FTC Settles IoT Enforcement Action; HHS Releases HIPAA/NIST Crosswalk; HHS Provides FAQs on Patient Fees for PHI Release; Judicial Redress Act Becomes Law FTC Identifies Reasonable Security Measures Through IoT Enforcement Action The Federal Trade Commission (FTC) settled charges with ASUSTek Computer, Inc. (ASUS), a manufacturer of home router and home networking (or “home cloud”)… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
California AG Defines “Reasonable Security;” Apple Opposes FBI Hack Request; Russia to Enforce Data Localization with (Surprise) Audits; HHS Helps Health App Developers Determine if Subject to HIPAA; Carrier IQ Agrees to $9M Data Leak Settlement California AG Defines “Reasonable Security” California Attorney General (AG) Kamala Harris published the 2016 “California Data Breach Report,” which… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
President announces cybersecurity action plan; Congress passes Judicial Redress Act; French DPA notice provides compliance guidance; and FCC set to enforce CPNI rules. President Obama Announces Cybersecurity Action Plan The President announced his Cybersecurity National Action Plan (CNAP) this week, with a FY 2017 Budget proposal that includes $19 billion on CNAP initiatives – a… Continue Reading

Facebook Hit with French Data Protection Authority Action – Including a Safe Harbor Count

Posted in Cybersecurity / Data Security, Privacy, Sanctions
On February 8, 2016, the French Data Protection Authority (CNIL) publicly issued a formal notice to Facebook, following a joint investigation with four other EU regulators, asking the U.S. social network provider to comply with the French Data Protection Act within three months’ time. The notice (unofficial English translation available here), outlined several alleged violations… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
HHS proposes new substance abuse information confidentiality rules; HHS releases PHI disclosure fact sheets; U.S.-EU Safe Harbor replacement announced; OCR levies civil monetary penalties; and FTC settles charges with technology company for installing apps without consent. HHS Proposes Update to Substance Abuse Confidentiality Rules The U.S. Department of Health and Human Services (“HHS”) announced a… Continue Reading

OCR Levies Second Ever HIPAA Civil Monetary Penalty

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Information Management, Privacy, Rules
For only the second time in its history (following the $4.3 million Cignet case) the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) imposed civil money penalties (CMPs) on a company for violating the Health Insurance Portability and Accountability (HIPAA) Privacy Rule. Lincare, Inc. (Lincare), a home health provider, was… Continue Reading

EU Member States to Investigate EU-U.S. Transfers That Rely Solely on Invalidated Safe Harbor: Starting Now

Posted in Cybersecurity / Data Security, Government Agencies, Privacy, Sanctions
Certain European Union (EU) Member States’ data protection authorities (DPAs) have already started to announce investigations and or “prudential measures” for data transfers solely relying on the invalidated “U.S.-EU Safe Harbor Framework” (Safe Harbor). In the aftermath of the announcement of the “EU-U.S. Privacy Shield” (Privacy Shield), the Article 29 Working Party (WP29), comprised of… Continue Reading

EU Regulators React to New EU-U.S. Privacy Shield

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
The Article 29 Working Party (WP29), consisting of the data protection authorities (DPAs) of all 28 European Union (EU) Member States, met February 2-3 to discuss the future of EU-U.S. data flows. The meeting coincided with an end-of-January deadline that WP29 had set for the European Commission and U.S. Department of Commerce to provide a… Continue Reading