In an increasing trend, the Federal Trade Commission (FTC) joined other federal regulators seeking to hold individuals – not just companies – liable in enforcement proceedings. The most recent target was San Francisco-based...more
5/30/2019
/ Antitrust Provisions ,
Automatic Enrollment ,
E-Commerce ,
Enforcement Actions ,
Failure To Disclose ,
Federal Trade Commission (FTC) ,
Free Trials ,
Misrepresentation ,
Online Endorsements ,
Online Reviews ,
ROSCA ,
Subscription Services ,
Terms of Service ,
Unfair or Deceptive Trade Practices
At the beginning of this month, more than 4,000 privacy professionals from around the globe gathered in Washington, D.C. for the International Association of Privacy Professionals’ Global Privacy Summit 2019....more
5/17/2019
/ California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Risk Management
In June 2018, medical laboratory LabMD obtained the first-ever court decision overturning a Federal Trade Commission (FTC) cybersecurity enforcement action. (The team directing that effort – led by Doug Meal and Michelle...more
3/14/2019
/ Cease and Desist Orders ,
Corporate Counsel ,
Cybersecurity ,
Data Security ,
Enforcement Actions ,
Enforcement Authority ,
Federal Trade Commission (FTC) ,
FTC Act ,
Injunctive Relief ,
LabMD ,
Popular ,
Remediation
This week, a high profile plaintiffs’ firm (Edelson) stated that “if done right,” the data breach class actions against Equifax should yield more than $1 billion in cash going directly to more than 143 million consumers...more
10/16/2017
/ Corporate Counsel ,
Credit Reporting Agencies ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Actions ,
Equifax ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Hackers ,
Identity Theft ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Settlement ,
Vulnerability Assessments
Earlier this month, privacy and security professionals from around the globe gathered for “Privacy. Security. Risk. 2015”—the second joint conference between the International Association of Privacy Professionals and the...more
10/15/2015
/ Big Data ,
Cloud Computing ,
Compliance ,
Covered Entities ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Department of Health and Human Services (HHS) ,
Dropbox ,
Edward Snowden ,
Enforcement Actions ,
Ethics ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
FCC ,
Federal Trade Commission (FTC) ,
Google ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
International Data Transfers ,
Internet of Things ,
Ireland ,
Microsoft ,
National Security ,
National Security Agency (NSA) ,
OCR ,
Personal Data ,
Popular ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II ,
Security Risk Assessments ,
US-EU Safe Harbor Framework
Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called “Phase 2 Audits” are set to commence...more
9/21/2015
/ Audits ,
Breach Notification Rule ,
Business Associates ,
Compliance ,
Corrective Actions ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Incident Response Plans ,
OCR ,
Personally Identifiable Information ,
Privacy Policy ,
Privacy Rule ,
Risk Assessment ,
Security Rule
Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called "Phase 2 Audits" are set to commence...more
9/21/2015
/ Breach Notification Rule ,
Cloud Computing ,
Corrective Actions ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Hospitals ,
OCR ,
Personally Identifiable Information ,
PHI ,
Privacy Rule ,
Risk Assessment
On Monday, the Third Circuit issued a highly anticipated opinion affirming the Federal Trade Commission's authority to regulate "unfair" cybersecurity practices under Section 5 of the FTC Act. In allowing the data breach...more
8/27/2015
/ Credit Cards ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Debit Cards ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Fraudulent Charges ,
FTC v Wyndham ,
Hackers ,
Section 5 ,
Wyndham
Earlier this month, the U.S. Department of Health and Human Services Office for Civil Rights (HHS OCR) announced that it had entered into a settlement agreement with St. Elizabeth's Medical Center (SEMC) in Brighton,...more
7/31/2015
/ Compliance ,
Corporate Counsel ,
Corporate Governance ,
Corrective Actions ,
Cybersecurity ,
Data Security ,
De-Identified Protected Health Information ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
EHR ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Personally Identifiable Information ,
Security Rule ,
Settlement
On May 20, 2015, Federal Trade Commission Assistant Director Mark Eichorn of the Bureau of Consumer Protection’s Division of Privacy and Identity Protection (DPIP) offered an inside look into the FTC’s investigative process...more