The chapter 11 bankruptcy cases of 23andMe Holding Co. and its affiliated debtors (collectively, “23andMe”), the company that provides direct-to-consumer genetic testing and ancestry services, has prompted a wave of panicked...more
3/28/2025
/ 23andMe ,
Bankruptcy Code ,
California Consumer Privacy Act (CCPA) ,
Chapter 11 ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Genetic Testing ,
Privacy Laws ,
Privacy Policy
The FTC has updated its HBNR to clarify that the rule also restricts marketing practices involving personal health information. This update to the HBNR was announced on April 26, 2024, and follows several recent enforcement...more
4/29/2024
/ Breach Notification Rule ,
Data Breach ,
Data Privacy ,
Data Protection ,
Digital Health ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
PHI ,
Regulatory Agenda ,
Regulatory Reform ,
Technology
On December 21, 2023, the Federal Communications Commission released an order updating its data breach rules. These updated rules require telecommunications providers to report breaches of customer proprietary network...more
NordPass (the purveyor of a password manager) has assembled a list of the top 20 passwords in healthcare, based on usage by the world’s largest companies. According to NordPass’s analysis, the “top” 20 passwords are:
-...more
In the FTC’s first case focused on the privacy and security of genetic information, the FTC alleges that San Francisco-based Vitagene, Inc. – now known as 1Health.io – failed to live up to its promises and unfairly changed...more
6/21/2023
/ Cloud Storage ,
Confidential Information ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Protection ,
Data Use Policies ,
DNA ,
Federal Trade Commission (FTC) ,
Genetic Testing ,
Life Sciences ,
Personal Information ,
Privacy Laws
It’s been several years since I have written about password hygeine. I have been hoping that a better security solution would be widely adopted and while I hear rumors in that regard, passwords still reign supreme. So when I...more
In a very comprehensive post from the Federal Trade Commission’s Office of Technology, the FTC takes what it calls “[a] deep dive into the technical side of FTC’s recent cases on digital health platforms, GoodRx &...more
3/17/2023
/ Advertising ,
Data Collection ,
Data Privacy ,
Data Protection ,
Digital Platforms ,
Federal Trade Commission (FTC) ,
Health Information Technologies ,
Healthcare ,
Information Sharing ,
Personal Information ,
Technology Sector ,
Third-Party ,
Web Tracking ,
Websites
With the adoption of new technology, including the quick and unexpected shift to virtual learning because of the COVID-19 pandemic, K-12 institutions are at an increased risk of cyberattacks and threats thereof. The rise in...more
As more and more of us return to the office, it’s a good time to revisit the passwords you use. It is therefore timely that the U.S. Department of Health and Human Services, Health Sector Cybersecurity Coordination Center...more
On March 2, 2021, Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law. This made Virginia the second state to enact a consumer privacy and data security law, and follows hot the heels of...more
On July 16, 2020, the European Court of Justice issued one of its most important decisions on data privacy law (Schrems II), holding that the EU-US Privacy Shield is no longer a viable mechanism for EU-US data transfers under...more
7/17/2020
/ Corporate Counsel ,
Data Privacy ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Security ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
InfoTrax Systems, a Utah-based technology company, has agreed to implement a comprehensive data security program to settle Federal Trade Commission allegations that the company failed to put in place reasonable security...more
12/2/2019
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Hackers ,
Information Security ,
Personally Identifiable Information ,
Popular ,
Settlement ,
Websites
A recent report from the Mass Digital Health Council includes a cybersecurity toolkit created by MDHC’s Cybersecurity Group of Experts (CGE). The toolkit will enable faster clinical adoption of new digital health products,...more
What do pumpkin spice lattes and National Cybersecurity Awareness Month have in common? Not much, other than both should be top of mind in October, but that doesn’t mean that it’s wrong to think about them both in August....more
If you are doing business in California, the way you handle personal data could soon change in significant ways. The California Consumer Privacy Act (“CCPA”) goes into effect on January 1, 2020, and the time to start...more
In 2018, privacy and data security crossed a number of thresholds. In the public mind, through high-profile data breaches and revelations about unexpected uses of personal information, questions of privacy became much more...more
4/26/2019
/ Attorney General ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Cryptocurrency ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Energy Sector ,
Enforcement Actions ,
FCC ,
FERC ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Political Advertising ,
Popular ,
Privacy Concerns ,
Securities and Exchange Commission (SEC)
"Open the pod door, HAL"
• Commercial voice-activated intelligent personal assistants from Amazon, Apple, Google, and Microsoft, among others, are growing in popularity.
• A report from NPR and Edison Research states...more
2/28/2019
/ Confidential Communications ,
Connected Items ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
Mobile Apps ,
Oral Communications ,
Patient Privacy Rights ,
Personal Assistants ,
Physicians ,
Privacy Concerns ,
Security Rule ,
Smart Devices ,
Technology Sector ,
Telecommunications
The concept that one is known by the company one keeps dates back to ancient times (the particular phrase is attributed to both Aesop and the Book of Proverbs). But this simple aphorism continues to be true. A recent example...more
As noted recently in the Wall Street Journal, “New cybersecurity rules will give Chinese authorities sweeping powers to inspect companies’ information technology and access proprietary information—steps that are likely to...more
In a recent trip to Ireland, I was surprised to see two subjects that Ireland is known for — GDPR and rugby — coming into conflict. As reported in the Sunday Business Post, World Rugby was lobbying the Irish government to...more
To understand GDPR, you must see the cultural gap between EU and US -
EU Data Protection Rules (aka GDPR) -
Why should you care about those rules?
• They aren’t going away: in fact, similar rules will start coming...more
The California Consumer Privacy Act of 2018 (the “CCPA”) was signed into law on June 28, 2018. Although it is a state law, it has national and international ramifications. ...more
The California Consumer Privacy Act of 2018 (the “CCPA”) was signed into law on June 28, 2018. Although it is a state law, it has national and international ramifications. Here are some key aspects to be aware of....more
As if having to deal with all the EU’s Data Protection Authorities wasn’t challenge enough for companies trying to comply with GDPR, the FTC has now asserted that it has a role in GDPR enforcement. In particular, the FTC says...more
All That Data! -
..Therapies, diagnostics, and connected devices now gather huge amounts of data
..That data can be more valuable than the “thing” that is treating, diagnosing, or connecting, provided you have the...more