On January 18, the New Hampshire legislature passed on a bipartisan basis its version of the state comprehensive privacy law first adopted by Virginia in 2021 and subsequently by more than ten other states, most recently New...more
The Vermont Legislature is considering its version (S.173) of Washington’s My Health My Data Act to regulate non-HIPAA health data. If enacted, the Vermont law would take effect on January 1, 2025. The bill is premised on a...more
1/26/2024
/ Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Healthcare ,
Patient Privacy Rights ,
Pending Legislation ,
Personal Data ,
Regulatory Agenda ,
Regulatory Reform ,
State Data Privacy Laws ,
Vermont
On the second to last business day of last year, the U.S. Court of Appeals for the Eighth Circuit addressed when a private organization can invoke the federal officer removal statute, 28 U.S.C. § 1442. If a private...more
1/19/2024
/ Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Information Technologies ,
HITECH Act ,
Incentives ,
Motion To Remove ,
Officer Removal ,
Patient Privacy Rights ,
Portal ,
Removal Proceedings ,
Tracking Systems
Balancing cybersecurity incident disclosures has been a challenge for those in the trenches for years. That has not changed, and recent regulatory activity should not alter the challenges breach counsel confront. In short,...more
12/15/2023
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Federal Breach Notification Standard ,
Financial Institutions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
NYDFS ,
Popular ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
State Data Breach Notification Statutes
The plaintiff’s bar continues to bring new wiretapping claims over pixels and analytics programs in courts around the country, including against hospitals and other entities covered by the Health Insurance Portability and...more
8/22/2023
/ Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Metadata ,
OCR ,
Privacy Rule
Wiretapping claims have become the focus of the privacy plaintiff’s bar. These cases are everywhere, and the hospital industry in particular has been in the crosshairs of recent filings (with as many as a couple of dozen new...more
Synopsis: While certain industries have been able to navigate the explosion of privacy laws in recent times through express statutory exemptions or exceptions (often due to other regulatory regimes being in place, such as the...more
3/6/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Data Privacy ,
Financial Institutions ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Information Technology ,
State Privacy Laws ,
Vendors
Synopsis. The Ohio Supreme Court ruled last week that insurance coverage was not available to a cloud-based medical software provider because, under the applicable insurance policy, “[c]omputer software cannot experience...more
What Is the Current Status of Federal and State Privacy Law?
Federal Privacy Law -
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the primary federal law that protects patients’ health care...more
Recent events illustrate that the e-gaming industry—developers, publishers, esports leagues and teams, and the financial machinations behind them—are significant targets for cyberattacks, theft and cyber-criminality....more
5/3/2022
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
eSports ,
Malware ,
Metaverse ,
Online Gaming ,
Online Platforms ,
Popular ,
Risk Mitigation ,
Video Games ,
Vulnerability Assessments ,
Websites
To close out 2021, the European Data Protection Board (EDPB) adopted additional General Data Protection Regulation (GDPR) data breach notification guidelines in Guidelines 01/2021 on Examples regarding Personal Data Breach...more
3/7/2022
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Personal Data ,
Popular ,
Reporting Requirements
On November 18, the Office of the Comptroller of the Currency, the Federal Reserve and the Federal Deposit Insurance Corporation (FDIC) adopted a rule that will require banking organizations and their bank service providers...more
Last year, as employees clicked away at home amid the COVID-19 pandemic lockdown, ransomware attacks surged, with hospitals and other health care providers the top target. This year will be worse—2021 has already seen more...more
11/12/2021
/ Bitcoin ,
Cryptocurrency ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Economic Sanctions ,
Hackers ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Risk Management ,
Virtual Currency
This month, Colorado became the third U.S. state to enact a comprehensive cross-industry privacy law. Colorado is following an international trend. Many foreign countries have adopted similar privacy laws, inspired by the...more
On June 2, 2021, Nevada Governor Steve Sisolak signed SB260, which expands Nevada consumers’ right to opt out of the sale of personal data to include data brokers in addition to website owners. The revised law—the first of...more
On March 2, Virginia Governor Ralph Northam signed the Consumer Data Protection Act (CDPA), making Virginia the latest state to enact a cross-industry privacy rights law. The CDPA displays a blend of concepts from two leading...more
3/5/2021
/ Consumer Privacy Rights ,
Data Collection ,
Data Controller ,
Data Management ,
Data Privacy ,
Information Governance ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
State Privacy Laws ,
Virginia
Underwriting is critical to insurance profits: Identify, qualify, and quantify the risk that an insurance policy covers and set the premiums across a pool of the policies to cover the risk. It is the original hedge fund, in...more
While global media outlets have focused attention on election security, major U.S. healthcare facilities have been under direct cyberattacks in recent months. This follows disruptive cyberattacks on municipalities earlier...more
Alleged violations of privacy laws continue to bedevil the federal courts—in particular, with respect to determining whether an alleged violation creates a sufficiently concrete and redressable grievance to permit the federal...more
12/4/2020
/ Article III ,
Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Data Privacy ,
Data Retention ,
Employee Privacy Rights ,
Injury-in-Fact ,
Jurisdiction ,
LMRA ,
Standing
Insider threats continue to be pervasive and real. Last month’s indictment of a Russian national accused of conspiring to recruit a U.S. company’s employee to carry out a cyberattack is a sharp reminder of that. According to...more
10/30/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Employee Training ,
Foreign Governments ,
Foreign Nationals ,
IP Addresses ,
Malware ,
National Security ,
Remote Working
Recent action by the U.S. government reminds us that engaging in the cryptocurrency markets continues to present counterparty risk in the context of with whom you are doing business. Whether a company is buying cryptocurrency...more
Insurance coverage often turns on strange questions. The Eleventh Circuit’s decision this summer in AEGIS Electric & Gas International Services Limited v. ECI Management LLC, 967 F.3d 1216 (11th Cir. 2020), is one of those...more
10/8/2020
/ Attorney's Fees ,
Class Action ,
Compensatory Damages ,
Disgorgement ,
Landlords ,
Policy Exclusions ,
Professional Liability ,
Professional Liability Insurance ,
Security Deposits ,
Tenants ,
Treble Damages
Picture this: At some point in the next six months, you lose access to your files. Even worse, your company loses access to its files. And you are told that if you want access to them again, you will have to pay a sizable...more
Key Takeaways:
- EU-U.S. Privacy Shield Framework invalidated
- Standard Contractual Clauses governing transfers between controllers and processors upheld, but arguably may not be valid on their face without additional...more
7/17/2020
/ Court of Justice of the European Union (CJEU) ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
Facebook ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Risk Management ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On May 4, 2020, the European Data Protection Board (EDPB) adopted updated guidelines on consent under the General Data Protection Regulation (GDPR), in Guidelines 05/2020. The Guidelines clarify existing guidance issued in...more