• Life sciences companies are subject to rapidly changing regulatory obligations, government enforcement, and increasing public scrutiny.
• Conducting effective legal and regulatory due diligence can mean uncovering risks...more
5/2/2019
/ Acquisitions ,
Anti-Kickback Statute ,
Due Diligence ,
False Claims Act (FCA) ,
Health Care Providers ,
Investors ,
Life Sciences ,
Medicaid ,
Mergers ,
OIG ,
Patient Referrals ,
Private Equity ,
Provider Payments ,
Safe Harbors ,
Sunshine Act ,
TRICARE ,
Venture Capital
The 2018 California Consumer Privacy Act (CCPA) requires the California Attorney General’s Office (AGO) to promulgate regulations related to the CCPA by July 1, 2020. The AGO is holding seven public forums and accepting...more
2/7/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Privacy Laws ,
Public Comment ,
Public Forum ,
Rulemaking Process ,
State Attorneys General
There are less than two weeks left to submit comments regarding potential updates to the privacy, security and breach notification regulations adopted under the Health Insurance Portability and Accountability Act of 1996 and...more
1/31/2019
/ Comment Period ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Notification Requirements ,
OCR ,
PHI ,
Public Comment ,
Request For Information
This client alert will briefly outline key upcoming deadlines under the New York State Department of Financial Services (DFS) Cybersecurity Regulation (the “Regulation”). These include annual filing deadlines coming up in...more
1/31/2019
/ Certificates of Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Due Diligence ,
Encryption ,
Exemptions ,
Filing Deadlines ,
NYDFS ,
Policies and Procedures ,
Risk Assessment ,
Third-Party Service Provider ,
Vendors
• On January 25, 2019, the Illinois Supreme Court issued a decision interpreting the Biometric Information Privacy Act (BIPA) in the Rosenbach v. Six Flags Entertainment Corp. appeal. The court ruled that a plaintiff does not...more
1/29/2019
/ Actual Injuries ,
Appeals ,
Biometric Information ,
Biometric Information Privacy Act ,
Consent ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Retention ,
Fingerprints ,
IL Supreme Court ,
Injunctive Relief ,
Liquidated Damages ,
Personally Identifiable Information ,
Private Right of Action ,
Putative Class Actions ,
Standing ,
Statutory Interpretation ,
Statutory Violations
• Non-profit organizations are testing companies’ GDPR compliance through targeted requests for information and other means and are filing complaints against allegedly non-compliant companies.
• Main areas for non-profit...more
1/28/2019
/ Australia ,
CNIL ,
Cybersecurity ,
Data Collection ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Google ,
International Data Transfers ,
Nonprofits ,
Personal Data ,
Popular ,
Request For Information
The 2018 California Consumer Privacy Act (CCPA) requires the California Attorney General’s Office (AGO) to promulgate regulations related to the CCPA by July 1, 2020. The AGO is holding a series of six public forums and...more
1/16/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Privacy Laws ,
Public Comment ,
Public Forum ,
Rulemaking Process ,
State Attorneys General
This week, Governor Brown signed into law various amendments to the 2018 California Consumer Privacy Act (CCPA) passed by the California Legislature at the end of August. We discussed those amendments in detail in an earlier...more
• The California Legislature passed SB 1121 to revise certain sections of the CCPA – the nation’s strictest privacy protection statute which provides Californians with a right to learn what personal information certain...more
9/10/2018
/ California Consumer Privacy Act (CCPA) ,
Civil Monetary Penalty ,
CMIA ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Enforcement ,
Exemptions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Time Extensions
• California recently passed the landmark California Consumer Privacy Act that goes into effect in 2020, which grants California residents new privacy rights.
• The CCPA creates a private right of action for California...more
7/9/2018
/ Attorney General ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Rights ,
Data Security ,
Disclosure Requirements ,
Encryption ,
Enforcement Actions ,
Governor Brown ,
New Legislation ,
Notice Requirements ,
Opt-Outs ,
Penalties ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Right to Delete ,
Third-Party Service Provider ,
Transparency
• NAIC recently adopted an Insurance Data Security Model Law that follows the risk assessment-based approach of the New York DFS Cybersecurity Regulation. This signals the growing influence of the New York Regulation,...more
11/1/2017
/ Cyber Insurance ,
Cybersecurity ,
Data Security ,
Department of Financial Services ,
Health Insurance Portability and Accountability Act (HIPAA) ,
National Association of Insurance Commissioners ,
Non-Public Information ,
Notification Requirements ,
Personally Identifiable Information ,
Reinsurance ,
Risk Assessment ,
The Model Law ,
Third-Party Service Provider
Government contractors are subject to cybersecurity requirements, found in the Federal Acquisition Regulation (FAR) and each agency’s supplement to the FAR, and some important deadlines are fast approaching. Set forth below...more
New York Financial Regulator to Enforce First-of-Its-Kind Cybersecurity Regulations in Coming Weeks -
On December 28, 2016, the New York Department of Financial Services (NYDFS) issued revised cybersecurity regulations...more
On August 1, 2016, the Department of Commerce began accepting applications for self-certification under the new Privacy Shield requirements. Privacy Shield was approved by the European Union (EU) on July 12, 2016, and...more
As we previously reported, on March 21, 2016, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) launched the long-awaited Phase 2 of the audit program that is intended to assess compliance with...more
On April 12, 2016, the U.S. Securities and Exchange Commission (“SEC”) continued its enforcement of reasonable cybersecurity controls, announcing cease and desist proceedings against a broker-dealer and two of its principals...more
The Fourth Circuit affirmed this week that Travelers Insurance (“Travelers”) must defend Portal, a medical records company, against a class action suit stemming from an alleged cyber “publication” of its customers’ personal...more
On March 21, 2016, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) launched the long-awaited Phase 2 of the audit program that is intended to assess compliance with the Privacy, Security, and...more
Germany has enacted a new data protection statute, which came into force on February 24, 2016, and enables business associations and consumer groups to enforce violations of German data protection laws against businesses....more
The president’s FY 2017 budget, released today, includes cybersecurity as a national priority. The budget would invest $19 billion in overall federal resources for cybersecurity that are intended to support a broad-based...more
Wednesday, February 3, brought additional developments pertaining to the transfer of personal data from the EU to the U.S. consistent with EU privacy law. Just one day prior, we reported on the announcement by the EU and U.S....more
If you read one thing...
- The omnibus appropriations package includes legislation that provides liability protection to companies who voluntarily engage in cybersecurity information sharing.
- The...more
On December 15, 2015, European Union (“EU”) politicians and officials reached a political agreement on a new EU-wide legal framework to govern data sharing and collection and related consumer privacy rights. It is called the...more
On November 13, 2015, Federal Trade Commission (FTC) Chief Administrative Law Judge Michael Chappell dismissed a suit brought by the FTC alleging that LabMD’s failure to implement reasonable and appropriate data security...more
In the wake of the European Court of Justice’s (“CJEU”) landmark decision of Schrems v. Data Protection Authority earlier this month, the EU Justice Commissioner Vera Jourova announced this week that the EU has “agreed in...more
11/2/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Data Protection Authority ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Model Contracts ,
National Security Agency (NSA) ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework