In Webb v. Injured Workers Pharmacy, LLC, the First Circuit recently reversed a lower court’s dismissal of class action claims brought by former pharmacy patients alleging that their sensitive personal information had been...more
With another legislative session set to close, the Massachusetts Legislature has yet again punted the issue of comprehensive consumer data privacy to a future term. This development may come as a disappointment or relief,...more
On February 2, 2022, the Joint Committee on Advanced Information Technology, the Internet and Cybersecurity advanced an amended comprehensive data privacy bill, the Massachusetts Information Privacy and Security Act,...more
COVID-19 measures have driven workplace operations beyond what most businesses ever planned. The constructs of a remote workforce and virtual interactions between teams and customers are going to be major components for how...more
Due to COVID-19, Maine’s attorney general agreed to delay until August 1, 2020 enforcement of the state’s new internet privacy law, “An Act to Protect the Privacy of Online Customer Information” (Act), which officially went...more
This post is part four in a series examining privacy and transparency issues in the context of public access to digital court records, building on my essay “Digital Court Records Access, Social Justice and Judicial...more
Maine state courts plan to start rolling out a new electronic filing and case management system by year’s end. When it’s fully operational, approximately 85% of the electronic documents submitted by filers will be...more
Given the significant risk of harm to individuals stemming from data re-identification, it is imperative that the SJC account for data identifiability in determining which information in court records will be made accessible...more
In its proposed electronic court records access rules, the Maine Supreme Judicial Court (SJC) imposes on litigants new and extensive filing obligations, including requiring litigants to redact certain categories of sensitive...more
Massachusetts consumers and businesses now know that the Commonwealth will likely not be the next jurisdiction to adopt sweeping consumer data privacy legislation. Earlier last week, the Joint Committee on Consumer Protection...more
2/10/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Legislative Agendas ,
Online Platforms ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Legislation ,
Proposed Regulation ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government
On October 7, 2019, the Joint Committee on Consumer Protection and Professional Licensure held a hearing on pending legislation, including An Act Relative to Consumer Data Privacy (S.120). Modeled on the California Consumer...more
10/14/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Cybersecurity ,
Data Privacy ,
Fair Credit Reporting Act (FCRA) ,
Gramm-Leach-Blilely Act ,
Legislative Agendas ,
Non-Discrimination Rules ,
Pending Legislation ,
Personal Data ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Reform ,
Rulemaking Process ,
State and Local Government
Last week, Maine enacted an internet privacy law requiring broadband internet service providers (ISPs) to obtain a customer’s express, affirmative consent before using their personal information, including browsing history....more
6/17/2019
/ Commercial Speech ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
First Amendment ,
Internet Service Providers (ISPs) ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Preemption ,
Prior Express Consent ,
Privacy Laws ,
State and Local Government ,
Telecommunications
Earlier this year, Massachusetts state senators introduced a consumer data privacy bill with a private right of action that could become the broadest in the country. ...more
To predict the Privacy Shield’s future, it’s helpful to recall its origins and to understand the high bar it must meet – namely, ensuring “an adequate level of protection” under the Data Protection Directive.
...more
8/7/2017
/ Court of Justice of the European Union (CJEU) ,
Data Security ,
Edward Snowden ,
EU ,
EU Cybersecurity Directives ,
EU-US Privacy Shield ,
European Commission ,
International Data Transfers ,
National Security Agency (NSA) ,
Personal Data ,
PRISM Program ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework
It’s been almost one year since the EU-U.S. Privacy Shield (Privacy Shield) came into existence. Its upcoming annual review in September by the European Commission (Commission) and the U.S. Department of Commerce (DOC) – its...more
7/20/2017
/ Department of Transportation (DOT) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Oversight ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
With respect to Internet privacy, as a result of recent U.S. government action, Americans now have less protection and are more at risk of government surveillance and potential misuse of their personal information, as...more
Now that the U.S. government has overturned the FCC’s privacy regulations, are courts more likely to step in to protect the Internet privacy rights of individuals?...more
4/20/2017
/ Data Collection ,
ECPA ,
FCC ,
Fourth Amendment ,
Internet ,
Internet Service Providers (ISPs) ,
Net Neutrality ,
Personal Data ,
Reasonable Expectation of Privacy ,
Stored Communications Act ,
Warrantless Searches
The U.S. government’s action this week overturning the FCC’s recently passed privacy regulations and stripping the FCC’s authority to implement similar privacy regulations in the future, whether one agrees or disagrees with...more
4/6/2017
/ Data Collection ,
ECPA ,
FCC ,
Fourth Amendment ,
International Data Transfers ,
Internet ,
Internet Service Providers (ISPs) ,
Net Neutrality ,
Personal Data ,
Reasonable Expectation of Privacy ,
Stored Communications Act ,
Websites
The First Circuit Court of Appeals, in its recent decision in Yershov v. Gannett Satellite Information Network, Inc., breaks new ground, extending the reach of the Video Privacy Protection Act of 1988 (VPPA) to video content...more
2014 has been called the “Year of the Data Breach.” In the wake of many high-profile data breaches, including the recent Sony breach, 2015 promises a continued focus on privacy and cybersecurity issues. This week, President...more
1/16/2015
/ Cybersecurity ,
Data Breach ,
Federal Trade Commission (FTC) ,
Information Sharing ,
LabMD ,
OCC ,
Privacy Policy ,
Proposed Legislation ,
Sony ,
Student Privacy ,
Wyndham
The FTC recently released its report, “Data Brokers: A Call for Transparency and Accountability.” The report is the result of a study of nine data brokers and provides legislative recommendations...more
6/2/2014
/ Data Brokers ,
Data Collection ,
Data Protection ,
Data Retention ,
Data-Sharing ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Legislative Agendas ,
Popular ,
Risk Assessment ,
Risk Mitigation ,
Transparency
The new HIPAA rules issued by the Department of Health and Human Services have made substantial changes to the way in which covered entities (e.g., hospitals, health insurers, etc…) and their business associates (entities...more
If your company is subject to HIPAA, new rules published by the Department of Health and Human Services (“HHS”) will require changes in your policies and practices regarding data breaches....more
2/4/2013
/ Business Associates ,
Compliance ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Notice Requirements ,
PHI ,
Subcontractors