Philip Yannella

Philip Yannella

Ballard Spahr LLP

Contact  |  View Bio  |  RSS

Latest Publications


European Court Of Justice Rules That Dynamic IP Addresses Can Be Personal Data

In a ruling with significant potential impact, the Court of Justice of the European Union (CJEU) has ruled that a dynamic internet protocol (IP) address may constitute "personal data" under EU Data Protection Directive...more

10/26/2016 - Cyber Attacks Cybersecurity EU EU Data Protection Laws European Court of Justice (ECJ) General Data Protection Regulation (GDPR) Hackers IP Addresses Personal Data Websites

Federal Banking Agencies Propose New Requirements for Managing Cyber Risk

Three federal banking agencies have announced plans to develop new rules that would establish cyber risk management and resiliency standards for large interconnected entities under the agencies' supervision, as well as those...more

10/21/2016 - Advanced Notice of Proposed Rulemaking (ANPRM) Cyber Attacks Cybersecurity FDIC Federal Reserve FFIEC Financial Institutions Financial Sector Financial Services Industry Hackers Handbooks Incident Response Plans OCC Risk Management

UK ICO Offers Guidance on Privacy Notices Under the GDPR and the UK Data Protection Act

In an anticipated guidance, the United Kingdom's Information Commissioner's Office (ICO) updated its code of practice for privacy notices titled Privacy notices, transparency and control (the Code). Significantly, the ICO has...more

10/18/2016 - Best Practices Data Protection Data Transfers Disclosure Requirements General Data Protection Regulation (GDPR) ICO Internet of Things Notice Requirements Privacy Policy Third-Party Risk UK Websites

To (Dis)Close for Comfort–FTC Workshop Seeks Effective Consumer Disclosures

A goal of providing effective disclosures to consumers is to allow consumers to make informed decisions. But what must be done to make disclosures effective? This was the question the Federal Trade Commission (FTC) explored...more

9/27/2016 - Advertising Banking Sector CFPB Consumer Financial Products Disclosure Requirements Financial Institutions FTC Mobile Apps Mobile Devices Native Advertising Popular Social Media Social Networks Tracking Systems Video Games Warner Brothers Entertainment

Plaintiffs Cannot Bring Data Breach Lawsuits Without Evidence That Information Will Be Used To Harm

The latest development in how American courts will handle the standing question for data breach class actions came last week when the U.S. District Court for the District of Columbia dismissed for lack of standing a putative...more

8/17/2016 - Article III Blue Cross Blue Shield CareFirst Class Action Cyber Attacks Cybersecurity Data Breach Hackers Health Insurance Healthcare Identity Theft Injury-in-Fact Personally Identifiable Information Putative Class Actions Standing

Lessons for Businesses from FTC’s Opinion on LabMD’s Data Security Practices

The Federal Trade Commission (FTC) has issued an Opinion and Final Order finding that the data security practices of LabMD, Inc. were unreasonable, and therefore constituted an unfair act or practice in violation of Section 5...more

8/15/2016 - ALJ Data Breach Data Security Enforcement Actions File Sharing FTC FTC Act HIPAA LabMD Likelihood of Harm p2p Popular Section 5

OCR Announces First HIPAA Enforcement Action against a Business Associate

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced an agreement with Catholic Health Services of the Archdiocese of Philadelphia (CHCS), settling allegations that CHCS violated the Health...more

7/25/2016 - Business Associates Corrective Actions Data Breach Enforcement Actions Health Care Providers HIPAA HIPAA Breach iPhone OCR Penalties PHI

Court: Stored Communications Act Warrant Cannot Be Used to Seize Data Held Overseas

In a case that may have significant impact for companies providing public Internet and cloud services, the Second Circuit has ruled that a federal court may not issue a criminal warrant ordering a U.S. company to produce...more

7/20/2016 - Cloud Computing Criminal Investigations e-Discovery Electronically Stored Information Email Extraterritoriality Rules Internet Service Providers (ISPs) Ireland Microsoft Popular Privacy Concerns Search Warrant Stored Communications Act Subpoenas

Ninth Circuit Vastly Expands Scope of Criminal, Civil Liability for Computer Fraud

In a pair of highly anticipated decisions, the Ninth Circuit significantly reshaped criminal and civil liability under the federal Computer Fraud and Abuse Act (CFAA). The court’s recent decisions in United States v. Nosal...more

7/18/2016 - Civil Liability Computer Fraud and Abuse Act (CFAA) Confidential Information Criminal Liability Data Security Economic Espionage Act Electronically Stored Information Facebook Former Employee Misappropriation Passwords Popular Trade Secrets Unauthorized Access US v Nosal Websites

International Regulators Issue Cybersecurity Guidance to the Financial Industry

The Bank for International Settlement (BIS) Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) last week issued the first internationally agreed-upon...more

7/7/2016 - BIS Committee on Payments and Market Infrastructure (CPMI) Corporate Governance Cyber Attacks Cybersecurity Financial Institutions Financial Markets Financial Sector Gramm-Leach-Blilely Act IOSCO New Guidance Risk Management

Cybersecurity, Use of Internet of Things Technology Concern Manufacturers

Powered in part by the growing use of Internet of Things (IoT) technologies, cybersecurity has surged to become one of the leading concerns for global manufacturers, according to a recently released study....more

6/28/2016 - Cyber Attacks Cybersecurity Data Breach Hackers Internet of Things Malware Manufacturers Popular Supply Chain

Class Certification Improper in Data Breach Case, PA Appellate Court Finds

The Pennsylvania Superior Court has affirmed a trial court's decision denying class certification in a data breach case against two health plans, reversing its own earlier ruling in the same case that the plaintiff did not...more

5/5/2016 - Class Action Class Certification Corporate Counsel Data Breach Data Security Health Insurance Insurance Industry Personally Identifiable Information PHI

European Parliament Adopts EU General Data Protection Regulation; 12 Steps Businesses Should Take Now

The European Parliament has voted to adopt the draft text of the General Data Protection Regulation (GDPR), which imposes enhanced requirements on organizations processing personal data in the European Union and transferring...more

4/21/2016 - EU EU Data Protection Laws General Data Protection Regulation (GDPR) International Data Transfers Personal Data Policies and Procedures Popular

EU-U.S. Privacy Shield Framework Text Published: Imposes New Obligations on U.S. Entities that Seek Data Transfers from the EU

The European Commission (EC) has released details of the EU-U.S. Privacy Shield, a new framework under which personal data may be transferred from the European Union (EU) to the United States. The Privacy Shield replaces the...more

3/9/2016 - Data Protection Data Protection Authority EU EU-US Privacy Shield European Commission FTC International Data Transfers Personal Data

CFPB Initiates Its First Data Security Enforcement Action

The Consumer Financial Protection Bureau (CFPB) has announced its first data security enforcement action. Since the 1990s, the Federal Trade Commission (FTC) has primarily taken on the role as the de facto federal regulator...more

3/4/2016 - CFPB Data Security Dwolla Enforcement Actions Gramm-Leach-Blilely Act Online Payments PCI-DSS Standard UDAAP

California Data Breach Report Defines “Reasonableness” Standard for Data Protection

Nearly three in five Californians were victims of a data breach in 2015, according to a report released by state Attorney General Kamala D. Harris. The report adopts minimum standards of ''reasonable security'' for personal...more

3/4/2016 - Cyber Attacks Data Breach Data Security Personally Identifiable Information PHI Popular Risk Management

President Obama Gives EU Citizens Judicial Redress for Privacy Violations

The Judicial Redress Act (Act), signed into law on February 24, 2016, by President Obama, extends the privacy protections offered to U.S. citizens under the Privacy Act of 1974 to citizens of ''covered countries'' overseas....more

3/2/2016 - EU EU-US Privacy Shield International Data Transfers Judicial Redress Act Personal Data US-EU Safe Harbor Framework

President Creates Cybersecurity National Action Plan and Commission on Enhancing National Cybersecurity

President Obama's Cybersecurity National Action Plan (CNAP), a comprehensive plan to address the nation's cybersecurity challenges through increased funding, a more robust cybersecurity workforce, and education initiatives,...more

2/25/2016 - CISO Cybersecurity Cybersecurity National Action Plan (CNAP) Data Protection Executive Orders Information Technology Obama Administration Popular

DOJ/DHS Issue Interim Guidance on Implementation of Cybersecurity Information Sharing Act

The Department of Homeland Security (DHS) and the Department of Justice (DOJ) have released Interim Guidance Documents (Guidance Documents) to implement the Cybersecurity Information Sharing Act of 2015 (CISA). The Act...more

2/24/2016 - Cybersecurity Cybersecurity Information Sharing Act (CISA) DHS DOJ Information Sharing Interim Guidance NCCIC Popular

From Safe Harbor to Privacy Shield: New EU-U.S. Agreement for Transatlantic Data Flows

The European Commission (EC) and the U.S. Department of Commerce have reached an agreement to create a framework for transfers of personal data from the European Union to the United States. The framework, named the EU-U.S....more

2/10/2016 - Article 29 Working Party (WP29) CJEU Data Protection Authority EU EU-US Privacy Shield FTC International Data Transfers Personal Data Safe Harbors Schrems v Data Protection Commissioner

FDA Issues Draft Guidance on Cybersecurity for Postmarket Medical Devices

The Food and Drug Administration's (FDA) most recent draft guidance focuses on cybersecurity in postmarket medical devices and makes recommendations for identifying, assessing, and responding to cybersecurity vulnerabilities....more

1/28/2016 - Cybersecurity FDA Medical Devices

Use of Big Data May Violate Federal Consumer Protection Laws, FTC Report Warns

A new Federal Trade Commission (FTC) report, "Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues," warns that certain uses of big data consisting of consumer information may implicate various federal...more

1/27/2016 - Analytics Big Data Discrimination ECOA FCRA FTC Popular

LifeLock to Pay $100 Million to Settle Charges it Violated 2010 Court Order

The Federal Trade Commission (FTC) recently approved a $100 million settlement with LifeLock, Inc. to resolve allegations that it violated a 2010 federal court order by failing to take steps required to protect its users’...more

12/28/2015 - Contempt Data Protection False Advertising FTC LifeLock Settlement Unfair or Deceptive Trade Practices

FTC Takes Action against App Developers on COPPA Allegations Involving Persistent Identifiers

The FTC has announced enforcement actions against two app developers that allegedly violated the Children’s Online Privacy Protection Act (COPPA) by using persistent identifiers to serve advertising to children. The...more

12/28/2015 - COPPA Data Collection Enforcement Actions FTC Mobile Apps Online Safety for Children Persistent Identifiers Popular

ACC releases largest study of its kind on cybersecurity preparedness among in-house counsel

The Association of Corporate Counsel Foundation (ACC) released a State of Cybersecurity report on December 9, 2015. Ballard Spahr was the only law firm that served on the advisory board for the study and helped to formulate...more

12/10/2015 - Corporate Counsel Cybersecurity Framework In-House Perspective

60 Results
View per page
Page: of 3

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.