Latest Publications

Share:

New Hampshire Poised to Enact New England’s Second State Comprehensive Privacy Law

On January 18, the New Hampshire legislature passed on a bipartisan basis its version of the state comprehensive privacy law first adopted by Virginia in 2021 and subsequently by more than ten other states, most recently New...more

Vermont Considers Bringing Its Version of Washington’s ‘My Health My Data Act’ To New England

The Vermont Legislature is considering its version (S.173) of Washington’s My Health My Data Act to regulate non-HIPAA health data. If enacted, the Vermont law would take effect on January 1, 2025. The bill is premised on a...more

Using Government Incentive Funds Does Not Create a Right to Remove: Eighth Circuit

On the second to last business day of last year, the U.S. Court of Appeals for the Eighth Circuit addressed when a private organization can invoke the federal officer removal statute, 28 U.S.C. § 1442. If a private...more

Balancing New Federal & State Cyber Reporting Rules on Health Care & Financial Services Industries

Balancing cybersecurity incident disclosures has been a challenge for those in the trenches for years. That has not changed, and recent regulatory activity should not alter the challenges breach counsel confront. In short,...more

Is OCR Correct That Website Metadata Is Regulated by HIPAA? Chicago Federal Court Asks

The plaintiff’s bar continues to bring new wiretapping claims over pixels and analytics programs in courts around the country, including against hospitals and other entities covered by the Health Insurance Portability and...more

Federal Wiretap Act: Illinois Court Rejects Claim Over Hospital Deploying Website Analytics Tools

Wiretapping claims have become the focus of the privacy plaintiff’s bar. These cases are everywhere, and the hospital industry in particular has been in the crosshairs of recent filings (with as many as a couple of dozen new...more

Client Alert: Illinois’s Biometric Law (BIPA) Reminds Us Again of Privacy and Security Vendor Risks

Synopsis: While certain industries have been able to navigate the explosion of privacy laws in recent times through express statutory exemptions or exceptions (often due to other regulatory regimes being in place, such as the...more

Health Care Industry Reminded Again About Cybersecurity Risks With Cloud Vendors

Synopsis. The Ohio Supreme Court ruled last week that insurance coverage was not available to a cloud-based medical software provider because, under the applicable insurance policy, “[c]omputer software cannot experience...more

Telehealth and Digital Health Privacy Regulations

What Is the Current Status of Federal and State Privacy Law? Federal Privacy Law - The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the primary federal law that protects patients’ health care...more

Cyber Beware: E-Gaming and Cyber-Criminality

Recent events illustrate that the e-gaming industry—developers, publishers, esports leagues and teams, and the financial machinations behind them—are significant targets for cyberattacks, theft and cyber-criminality....more

GDPR: EDPB’s New Breach Guidelines Present Additional Challenges for Legal & Security Professionals

To close out 2021, the European Data Protection Board (EDPB) adopted additional General Data Protection Regulation (GDPR) data breach notification guidelines in Guidelines 01/2021 on Examples regarding Personal Data Breach...more

U.S. Cyber Regulations Expand: Banking Agencies Approve New Incident Notification Requirements

On November 18, the Office of the Comptroller of the Currency, the Federal Reserve and the Federal Deposit Insurance Corporation (FDIC) adopted a rule that will require banking organizations and their bank service providers...more

OFAC Speaks Again on Ransomware: Mature Cybersecurity Programs Are Important

Last year, as employees clicked away at home amid the COVID-19 pandemic lockdown, ransomware attacks surged, with hospitals and other health care providers the top target. This year will be worse—2021 has already seen more...more

An Update on Discovery in U.S. Litigation of Information Subject to International Privacy Laws

This month, Colorado became the third U.S. state to enact a comprehensive cross-industry privacy law. Colorado is following an international trend. Many foreign countries have adopted similar privacy laws, inspired by the...more

Nevada Expands Do-Not-Sell Right to Cover Data Brokers

On June 2, 2021, Nevada Governor Steve Sisolak signed SB260, which expands Nevada consumers’ right to opt out of the sale of personal data to include data brokers in addition to website owners. The revised law—the first of...more

Virginia’s Consumer Data Protection Act Has Passed: What’s in It?

On March 2, Virginia Governor Ralph Northam signed the Consumer Data Protection Act (CDPA), making Virginia the latest state to enact a cross-industry privacy rights law. The CDPA displays a blend of concepts from two leading...more

Considerations in Machine Learning-Led Programmatic Underwriting

Underwriting is critical to insurance profits: Identify, qualify, and quantify the risk that an insurance policy covers and set the premiums across a pool of the policies to cover the risk. It is the original hedge fund, in...more

Security Implications of Foreign Funding and Access at U.S. Colleges and Universities

While global media outlets have focused attention on election security, major U.S. healthcare facilities have been under direct cyberattacks in recent months. This follows disruptive cyberattacks on municipalities earlier...more

Retention of Biometric Data Beyond Stated Period Creates Article III Standing: Seventh Circuit

Alleged violations of privacy laws continue to bedevil the federal courts—in particular, with respect to determining whether an alleged violation creates a sufficiently concrete and redressable grievance to permit the federal...more

Insider Cyber Threats From Outside the Office

Insider threats continue to be pervasive and real. Last month’s indictment of a Russian national accused of conspiring to recruit a U.S. company’s employee to carry out a cyberattack is a sharp reminder of that. According to...more

Security Implications of Extraterritorial Application of U.S. Law on Cryptocurrency Markets

Recent action by the U.S. government reminds us that engaging in the cryptocurrency markets continues to present counterparty risk in the context of with whom you are doing business. Whether a company is buying cryptocurrency...more

Not So Powerful: When a Compensatory Damages Award Becomes an Excluded Disgorgement

Insurance coverage often turns on strange questions. The Eleventh Circuit’s decision this summer in AEGIS Electric & Gas International Services Limited v. ECI Management LLC, 967 F.3d 1216 (11th Cir. 2020), is one of those...more

An Intersection Between Ransomware and U.S. National Security: OFAC Speaks

Picture this: At some point in the next six months, you lose access to your files. Even worse, your company loses access to its files. And you are told that if you want access to them again, you will have to pay a sizable...more

Schrems II Decision: Immediate Considerations for U.S. Businesses

Key Takeaways: - EU-U.S. Privacy Shield Framework invalidated - Standard Contractual Clauses governing transfers between controllers and processors upheld, but arguably may not be valid on their face without additional...more

EDPB Updates Guidelines on Consent Under the GDPR

On May 4, 2020, the European Data Protection Board (EDPB) adopted updated guidelines on consent under the General Data Protection Regulation (GDPR), in Guidelines 05/2020. The Guidelines clarify existing guidance issued in...more

27 Results
 / 
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide