The FTC has updated its HBNR to clarify that the rule also restricts marketing practices involving personal health information. This update to the HBNR was announced on April 26, 2024, and follows several recent enforcement...more
4/29/2024
/ Breach Notification Rule ,
Data Breach ,
Data Privacy ,
Data Protection ,
Digital Health ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
PHI ,
Regulatory Agenda ,
Regulatory Reform ,
Technology
In a very comprehensive post from the Federal Trade Commission’s Office of Technology, the FTC takes what it calls “[a] deep dive into the technical side of FTC’s recent cases on digital health platforms, GoodRx &...more
3/17/2023
/ Advertising ,
Data Collection ,
Data Privacy ,
Data Protection ,
Digital Platforms ,
Federal Trade Commission (FTC) ,
Health Information Technologies ,
Healthcare ,
Information Sharing ,
Personal Information ,
Technology Sector ,
Third-Party ,
Web Tracking ,
Websites
Every October, in recognition of National Cybersecurity Awareness Month, the federal government and its partners work to educate stakeholders on cybersecurity awareness and how best to protect the privacy and security of...more
10/26/2022
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Enforcement ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
Incident Response Plans ,
Personally Identifiable Information
If your company creates health-related apps, the Federal Trade Commission (FTC) has set out some key considerations:
- Make accurate representations. Clearly explain how people’s information will be used and shared and then...more
4/26/2022
/ App Developers ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Federal Trade Commission (FTC) ,
Healthcare ,
Information Sharing ,
Mobile Apps ,
Mobile Devices ,
Popular ,
Privacy Concerns ,
Privacy Policy ,
Risk Management
Since Massachusetts becoming a trailblazer among states with the passage of privacy legislation in 2007 and subsequent regulations, Massachusetts’ own privacy laws have been passed by those of other states, most notably...more
On July 7, 2021, Governor Jared Polis signed into law the Colorado Privacy Act (CPA), making Colorado the most recent state to enact comprehensive privacy legislation. While the CPA does not take effect until July 1, 2023,...more
On June 10, 2021, China adopted a new Data Security Law that will impact every business operating in or doing business with China. The law, which will take effect in less than a month (September 1, 2021), is sweeping in...more
On March 2, 2021, Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law. This made Virginia the second state to enact a consumer privacy and data security law, and follows hot the heels of...more
Massachusetts Attorney General Maura Healey recently announced the creation of the Data Privacy and Security Division within her office, with the stated goal of “protect[ing] consumers from the surge of threats to the privacy...more
On July 16, 2020, the European Court of Justice issued one of its most important decisions on data privacy law (Schrems II), holding that the EU-US Privacy Shield is no longer a viable mechanism for EU-US data transfers under...more
7/17/2020
/ Corporate Counsel ,
Data Privacy ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Security ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
InfoTrax Systems, a Utah-based technology company, has agreed to implement a comprehensive data security program to settle Federal Trade Commission allegations that the company failed to put in place reasonable security...more
12/2/2019
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Hackers ,
Information Security ,
Personally Identifiable Information ,
Popular ,
Settlement ,
Websites
What do pumpkin spice lattes and National Cybersecurity Awareness Month have in common? Not much, other than both should be top of mind in October, but that doesn’t mean that it’s wrong to think about them both in August....more
If you are doing business in California, the way you handle personal data could soon change in significant ways. The California Consumer Privacy Act (“CCPA”) goes into effect on January 1, 2020, and the time to start...more
In a Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties issued on April 23, 2019, the Department of Health and Human Services (HHS) exercised “its discretion in how it applies HHS regulations...more
In 2018, privacy and data security crossed a number of thresholds. In the public mind, through high-profile data breaches and revelations about unexpected uses of personal information, questions of privacy became much more...more
4/26/2019
/ Attorney General ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Cryptocurrency ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Energy Sector ,
Enforcement Actions ,
FCC ,
FERC ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Political Advertising ,
Popular ,
Privacy Concerns ,
Securities and Exchange Commission (SEC)
"Open the pod door, HAL"
• Commercial voice-activated intelligent personal assistants from Amazon, Apple, Google, and Microsoft, among others, are growing in popularity.
• A report from NPR and Edison Research states...more
2/28/2019
/ Confidential Communications ,
Connected Items ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
Mobile Apps ,
Oral Communications ,
Patient Privacy Rights ,
Personal Assistants ,
Physicians ,
Privacy Concerns ,
Security Rule ,
Smart Devices ,
Technology Sector ,
Telecommunications
Editors’ Note: This is the seventh and last in our third annual series examining important trends in data privacy and cybersecurity during the new year. Our previous entries were on political advertising, cryptocurrency,...more
The concept that one is known by the company one keeps dates back to ancient times (the particular phrase is attributed to both Aesop and the Book of Proverbs). But this simple aphorism continues to be true. A recent example...more
The California Consumer Privacy Act of 2018 (the “CCPA”) was signed into law on June 28, 2018. Although it is a state law, it has national and international ramifications. ...more
The California Consumer Privacy Act of 2018 (the “CCPA”) was signed into law on June 28, 2018. Although it is a state law, it has national and international ramifications. Here are some key aspects to be aware of....more
All That Data! -
..Therapies, diagnostics, and connected devices now gather huge amounts of data
..That data can be more valuable than the “thing” that is treating, diagnosing, or connecting, provided you have the...more
The late rapper known as The Notorious B.I.G. recorded a song called, “Mo Money, Mo Problems.” Many of the lyrics can’t be repeated here, but the refrain can:
“It’s like the more money we come across
The more problems we...more
It took three days, but I finally found a panel at BIO 2018 that addressed the current challenges in privacy and security regarding health data. This panel, Realizing the Potential of Clinical and Consumer Genomics, was...more
On October 16, 2015, EU authorities gave the U.S. and European Union until the end of January 2016 6o find a replacement for the former US-EU Safe Harbor regime, or enforcement actions could begin. The full statement of the...more
10/19/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
International Data Transfers ,
Personal Data ,
SCC ,
Schrems I & Schrems II ,
Surveillance ,
US-EU Safe Harbor Framework
The European Court of Justice has just issued a decision (ECJ 6 October 2015 Case C-362/14, Maximillian Schrems v. Data Protection Commissioner) that invalidates the so-called US-EU “Safe Harbor” system. Suddenly, what 3,500...more
10/7/2015
/ Binding Corporate Rules ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
Edward Snowden ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
International Data Transfers ,
Personal Data ,
SCC ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework