As our loyal Practical Privacy readers may remember, back in December of 2021, the Federal Trade Commission (the “FTC” or “Commission”) began a rulemaking process to update the Commission’s Health Breach Notification Rule...more
5/17/2024
/ Breach Notification Rule ,
Data Breach ,
Data Privacy ,
Data Security ,
Electronic Medical Records ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Personally Identifiable Information ,
PHI ,
Popular
Following up on our previous report from almost a year ago, the U.S. Securities and Exchange Commission (the “SEC” or “Commission”) has adopted final rules intended to enhance and standardize disclosures regarding...more
8/15/2023
/ Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
On the heels of its $1.5 million enforcement action against GoodRx, the FTC is back with an enforcement action against BetterHelp, an online mental health counseling service. This time the price tag will be $7.8 million,...more
3/20/2023
/ Data Breach ,
Data Privacy ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Healthcare ,
Mental Health ,
PHI ,
Section 5 ,
Targeted Digital Advertising ,
Unfair or Deceptive Trade Practices
The U.S. Securities and Exchange Commission (“SEC” or “Commission”) has published proposed rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and cybersecurity incident...more
9/20/2022
/ Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Form 8-K ,
Proposed Amendments ,
Publicly-Traded Companies ,
Regulation S-K ,
Regulatory Agenda ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
At the IAPP Global Privacy Summit, the Chair of the Federal Trade Commission, Lina Khan, gave her first public address since taking over as chair. Her remarks provide some key insights into the FTC’s areas of focus, including...more
The concept of a “transfer” under Chapter V of the GDPR has always been a bit like obscenity. We didn’t have an authoritative definition, but with apologies to the late Justice Potter Stewart, we knew it when we saw it. And...more
Ending months of anxious speculation from privacy lawyers around the globe, the European Commission announced on Friday that it had adopted final versions of the new Standard Contractual Clauses (the “New SCCs”) for the...more
6/9/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Controller ,
Data Protection ,
EDPS ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses