This is not a drill: the Texas Attorney General is coming for HIPAA. On September 4, 2024, the State of Texas sued the United States Department of Health and Human Services (DHHS) to enjoin portions of HIPAA regulations,...more
The FTC recently sent five tax preparers a notice of its intention to pursue civil penalties (“Notice”) if they continue to use consumers’ data for purposes other than tax preparation (such as advertising) without first...more
To say there’s been a lot of new privacy law in the last decade is an understatement. For those of us who think we’ve “seen it all,” many of these new laws arrive and elicit a sense of challenge (for the optimists) or mild...more
4/25/2023
/ Class Action ,
Corporate Counsel ,
Data Collection ,
Data Management ,
Data Protection ,
Data Security ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Reform ,
Personally Identifiable Information ,
PHI ,
Private Right of Action ,
State Data Privacy Laws ,
Washington
On May 20, 2022, with little fanfare and just five short paragraphs, the Federal Trade Commission announced that businesses must publicly report security incidents to prevent potential harms, even if no other applicable law...more
5/26/2022
/ Breach Notification Rule ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
Popular ,
Regulatory Reform ,
Regulatory Standards ,
Section 5
Executive teams in the U.S. live in fear of a successful ransomware attack, and who can blame them? Attacks are both prevalent and evolving. Many attackers have shifted from encrypting data and locking up systems to also (or...more
11/23/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Management ,
Economic Sanctions ,
Hackers ,
Incident Response Plans ,
Information Technology ,
Network Security ,
Ransomware ,
Risk Mitigation
In a unanimous decision we sincerely hope was not a cruel April Fool’s Day gag, yesterday the United States Supreme Court ruled in favor of Facebook in a high-profile TCPA class action, drastically narrowing the definition of...more
On November 10, 2020, the European Data Protection Board (“EDPB”) issued highly anticipated guidance intended to clarify how data exporters could legally transfer data to “third countries” under GDPR following the Schrems II...more
11/19/2020
/ Cloud Computing ,
Corporate Counsel ,
Cybersecurity ,
Data Management ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
New Guidance ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses