Last week, in a significant win for the American Hospital Association plaintiff, the U.S. District Court for the Northern District of Texas issued an opinion vacating the Department of Health and Human Services’ (“HHS”)...more
ARTIFICIAL INTELLIGENCE -
What is the Privacy Impact of the White House AI Order for Businesses? Posted November 28, 2023
Biden’s sweeping AI Executive Order sought to have artificial intelligence used in accordance...more
2/7/2024
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Healthcare ,
Legislative Agendas ,
New Legislation ,
New Regulations ,
Online Safety for Children ,
Privacy Acts ,
Privacy Laws ,
State and Local Government ,
State Privacy Laws
On November 2, 2023, the American Hospital Association and Texas Hospital Association, in conjunction with the Texas Health Resources and United Regional Health Care System, filed suit against the Secretary of the Department...more
11/8/2023
/ American Hospital Association ,
Class Action ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Privacy Laws ,
Third-Party ,
Tracking Systems ,
Web Tracking
With the ongoing BIPA litigation activity in Illinois surrounding collection of biometrics, it can be easy to forget that other issues might surround this practice. Last month the FTC reminded companies not to forget general...more
6/14/2023
/ Biometric Information ,
Data Collection ,
Data Privacy ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
Machine Learning ,
Privacy Laws ,
Section 5 ,
Tracking Systems ,
Unfair or Deceptive Trade Practices
EyeMed recently entered into a settlement with the Attorneys General of Oregon, New Jersey, Florida and Pennsylvania around a 2020 breach of an EyeMed email account that contained the data of more than 2 million individuals....more
5/18/2023
/ California ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Florida ,
New Jersey ,
Oregon ,
Pennsylvania ,
Privacy Laws ,
Settlement ,
State Privacy Laws
Just as we thought 2022 was going to be significantly different than 2021, December 2021 and January 2022 events have thrown us for another (pandemic) loop. We anticipate that some of the privacy and cybersecurity...more
1/12/2022
/ Artificial Intelligence ,
Auto-Dialed Calls ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CAN-SPAM Act ,
CARU ,
CDPA ,
Consumer Privacy Rights ,
COPPA ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Employee Tracking ,
EU ,
FCC ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Identity Theft ,
Machine Learning ,
Mobile Privacy ,
Ransomware ,
SCOTUS ,
TCPA
The New York State Department of Financial Services recently issued recommendations to financial institutions in the aftermath of the SolarWinds cyberattack. In that attack, hackers inserted malware into SolarWinds software...more
5/26/2021
/ Cybersecurity ,
Cybersecurity Framework ,
Data Security ,
Financial Institutions ,
Financial Services Industry ,
New York ,
NYDFS ,
Popular ,
Software ,
SolarWinds ,
Supply Chain ,
Third-Party Service Provider
The FTC recently settled with Ascension Data & Analytics for failure to oversee service providers. Ascension provides services to mortgage companies within its corporate family of entities. According to the complaint,...more
Legislation directing the National Institute of Standards and technology (“NIST”) to create standards and guidelines for securing Internet of Things (“IoT”) devices used by Federal agencies and their contractors recently...more
12/1/2020
/ Compliance ,
Contractors ,
Data Security ,
Data-Sharing ,
Electronic Communications ,
Federal Contractors ,
Internet of Things ,
New Legislation ,
NIST ,
Regulatory Standards ,
Subcontractors
NIST has now finalized its guidance providing important information on selecting both security and privacy control baselines for the Federal Government. The guidance is available here: Special Publication 800-53B, Control...more
Israel’s Privacy Protection Authority recently announced that Privacy Shield can no longer be relied on for data transfers between Israel and the United States. Israel did not have a direct Privacy Shield arrangement with the...more
After many years of being in draft form, NIST recently released its final version of Revision 5 of Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations to address a need for a...more
NIST recently released the final public draft of SP 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171 (formerly Draft NIST SP...more
Maine’s internet privacy law has survived its first challenge from internet service providers earlier this month. As we previously discussed... this law prohibits the sale of certain information about customers’ internet use...more
As a part of its Cybersecurity for IoT Program, NIST recently released two publications with the goal of providing cybersecurity guidance and best practices specific for companies manufacturing IoT devices. These publications...more
Illinois has updated its breach notice law to require, effective January 1, 2020, notice to the Illinois Attorney General of a data breach involving more than 500 Illinois residents.
The law contains specific requirements...more
As we recently reported, New York’s new SHIELD Act contains data security provisions. It also contains a number of key changes to New York’s existing breach notification obligations. These changes will become effective...more
New York recently passed the SHIELD Act, which, among other things, newly establishes data security requirements for companies that collect private information about New York residents. The data security protections required...more
8/27/2019
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
New Legislation ,
Personally Identifiable Information ,
Policies and Procedures ,
Security Risk Assessments ,
SHIELD Act ,
State Data Breach Notification Statutes
Maryland has amended its breach notification law to require businesses that maintain data, not just those that own or license the data, to conduct “a reasonable and prompt investigation” into whether personal information has...more
7/3/2019
/ Amended Legislation ,
Cooperation ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Duty to Investigate ,
Personally Identifiable Information ,
State Data Breach Notification Statutes ,
Vendors
New requirements to the Texas data breach statute, including a requirement to notify the Texas attorney general of a breach, are set to go into effect January 1, 2020. The legislation, signed by Texas Governor, Greg Abbot, on...more
Maine entered the privacy fray last week when Governor Janet T. Mills signed legislation targeting internet service providers by prohibiting the sale of information about customers’ internet use. The new restriction covers,...more
6/13/2019
/ Consent ,
Consumer Privacy Rights ,
Customer Information ,
Data Collection ,
Data Privacy ,
Data Security ,
Data Use Policies ,
Governor Mills ,
Internet Service Providers (ISPs) ,
New Legislation ,
Notice Requirements ,
Privacy Legislation ,
Privacy Policy
“Internet of Things” devices are listening. And now the federal government is taking notice. As we reported in our Government Contracts and Investigations blog, to date, federal cybersecurity regulations for government...more
5/23/2019
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Contractors ,
Government Agencies ,
Hackers ,
Information Security ,
Internet of Things ,
NIST ,
Proposed Legislation ,
Vendors
In 2019, cybersecurity has become top-of-mind for most federal government contractors and agencies that share sensitive information. In addition to updated Department of Defense guidance and procedures for evaluating...more
4/30/2019
/ Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Government Agencies ,
Information Security ,
Internet of Things ,
NIST ,
Policies and Procedures ,
Popular ,
Proposed Legislation ,
Risk Assessment ,
Sensitive Business Information ,
Vendors
Ohio recently followed South Carolina as the second state to adopt cybersecurity legislation modeled after the NAIC’s Insurance Data Security Model Law. The Ohio law, Senate Bill 273, applies to insurers authorized to do...more
3/21/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Information Security ,
Insurance Industry ,
Insurer Liability ,
New Legislation ,
Personally Identifiable Information ,
Risk Assessment ,
State Data Breach Notification Statutes ,
Third-Party Service Provider
Citing cybersecurity concerns with a children’s smartwatch, the European Commission recently issued a recall of the device. The Safe-KID-One is a smartwatch that gives parents the ability to track and communicate with their...more
2/14/2019
/ Children's Toys ,
Connected Items ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
European Commission ,
GPS ,
Hackers ,
Internet of Things ,
Popular ,
Smart Devices ,
Technology Sector ,
Toy Recalls