Just two weeks into the year, 2025 is already shaping up to be a busy year for privacy lawyers, especially those tasked with helping covered entities and business associates comply with the HIPAA Security Rule. As we...more
1/14/2025
/ Business Associates ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
OCR ,
PHI ,
Risk Management ,
Settlement Agreements
We’ve talked before about the FTC’s focus on consumer health privacy. In cases against BetterHelp and GoodRx, a blog post announcing rules it intends to enforce in the space, and a report summarizing its recent privacy and...more
4/18/2024
/ Corporate Counsel ,
Data Management ,
Data Privacy ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Information Technology ,
Patient Privacy Rights ,
PHI
The FTC announced an action last week against location data broker X-Mode Social and its corporate successor Outlogic (collectively, “X-Mode”) based on several alleged violations of Section 5 of the FTC Act. According to FTC...more
1/17/2024
/ Consent Order ,
Consumer Information ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Brokers ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Geolocation ,
Location Data ,
Location Privacy ,
Mobile Apps ,
National Security ,
Privacy Concerns ,
Section 5 ,
Statutory Violations
European data protection authorities kicked 2023 off with a bang when, on January 4, the Irish Data Protection Commission (DPC) announced that Meta Platforms Ireland would be fined a total of €390 million (roughly $414...more
1/19/2023
/ Behavioral Advertising ,
Civil Monetary Penalty ,
Data Collection ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
Facebook ,
General Data Protection Regulation (GDPR) ,
Instagram ,
Ireland ,
Personal Data ,
Privacy Notice Rule ,
Statutory Violations
As we discussed last year, the California Attorney General’s Office (“OAG”) has been wielding its enforcement authority under the California Consumer Privacy Act since the law became enforceable in July 2020. But for two...more
9/21/2022
/ Adtech ,
California Consumer Privacy Act (CCPA) ,
Civil Monetary Penalty ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Enforcement Actions ,
Opt-Outs ,
Permanent Injunctions ,
Personal Information ,
Privacy Policy ,
Retail Tracking ,
Retailers ,
Sephora ,
Statutory Violations
Last week the Federal Trade Commission announced a privacy and data security enforcement action against the online retail platform CafePress. The allegations in the FTC’s complaint read like a list of worst practices,...more
3/24/2022
/ CafePress ,
Consent Order ,
Corporate Counsel ,
Corporate Sales Transactions ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Liability ,
Popular ,
Regulatory Violations ,
Section 5 ,
Settlement Agreements ,
Unfair or Deceptive Trade Practices
Consumer-directed health apps are experiencing a boom thanks to COVID-19, as consumers seeking to avoid doctors’ office waiting rooms are increasingly relying on apps to measure and maintain their health. That trend is...more
9/30/2020
/ California Consumer Privacy Act (CCPA) ,
Confidential Information ,
Corporate Counsel ,
Data Management ,
Data Protection ,
Digital Health ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
Patient Access ,
PHI ,
Popular ,
Settlement Agreements ,
State Attorneys General