The U.S. Court of Appeals for the Third Circuit has vacated a district court's dismissal of a data breach class action filed against Horizon Healthcare Services Inc., in the wake of the 2013 theft of two computer laptops...more
1/24/2017
/ Appeals ,
Article III ,
Class Action ,
Data Breach ,
Electronic Medical Records ,
Fair Credit Reporting Act (FCRA) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Injury-in-Fact ,
Laptop Computers ,
Personally Identifiable Information ,
PHI ,
Standing
The European Commission's proposed e-privacy regulation sets forth obligations on handling electronic communications and clarifies obligations for seeking consent for the use of cookies. Meant to bring the e-privacy directive...more
1/13/2017
/ Cookies ,
Corporate Counsel ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
e-Privacy Directive ,
Electronic Communications ,
EU ,
Facebook ,
Fines ,
General Data Protection Regulation (GDPR) ,
Google ,
Metadata ,
Mobile Apps ,
Prior Express Consent ,
Privacy Laws ,
Telecommunications ,
WhatsApp
The Federal Trade Commission (FTC) has entered into a multimillion dollar settlement with the owners and operators of AshleyMadison.com, a dating website for people interested in having discreet affairs, related to the...more
12/16/2016
/ Adultery ,
Ashley Madison ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Dating Services ,
Federal Trade Commission (FTC) ,
Fines ,
Hackers ,
Internet ,
Marriage ,
Misrepresentation ,
Online Platforms ,
Personally Identifiable Information ,
Popular ,
Settlement ,
Spouses ,
Website Owner Liability ,
Websites
Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more
11/7/2016
/ Breach Notification Rule ,
Business Associates ,
Cloud Computing ,
Cloud Service Providers (CSPs) ,
Covered Entities ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Encryption ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Risk Assessment ,
Service Agreements
Vehicle-related cyber incidents could have devastating and deadly effects, particularly as cars and trucks become more highly automated and rely more heavily on wireless technologies. To combat this threat, the U.S....more
10/28/2016
/ Automotive Industry ,
Connected Cars ,
Cybersecurity ,
Department of Transportation (DOT) ,
Driverless Cars ,
Internet of Things ,
NHTSA ,
Privacy Concerns ,
Regulatory Oversight ,
Smart Car ,
Technology
In a ruling with significant potential impact, the Court of Justice of the European Union (CJEU) has ruled that a dynamic internet protocol (IP) address may constitute "personal data" under EU Data Protection Directive...more
Three federal banking agencies have announced plans to develop new rules that would establish cyber risk management and resiliency standards for large interconnected entities under the agencies' supervision, as well as those...more
10/21/2016
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Cyber Attacks ,
Cybersecurity ,
FDIC ,
Federal Reserve ,
FFIEC ,
Financial Institutions ,
Financial Services Industry ,
Hackers ,
Handbooks ,
Incident Response Plans ,
OCC ,
Risk Management
In an anticipated guidance, the United Kingdom's Information Commissioner's Office (ICO) updated its code of practice for privacy notices titled Privacy notices, transparency and control (the Code). Significantly, the ICO has...more
10/18/2016
/ Best Practices ,
Data Protection ,
Data Transfers ,
Disclosure Requirements ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Internet of Things ,
Notice Requirements ,
Privacy Policy ,
Third-Party Risk ,
UK ,
Websites
A goal of providing effective disclosures to consumers is to allow consumers to make informed decisions. But what must be done to make disclosures effective? This was the question the Federal Trade Commission (FTC) explored...more
9/27/2016
/ Advertising ,
Banking Sector ,
Consumer Financial Products ,
Consumer Financial Protection Bureau (CFPB) ,
Disclosure Requirements ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Mobile Apps ,
Mobile Devices ,
Native Advertising ,
Popular ,
Social Media ,
Social Networks ,
Tracking Systems ,
Video Games ,
Warner Brothers Entertainment
The latest development in how American courts will handle the standing question for data breach class actions came last week when the U.S. District Court for the District of Columbia dismissed for lack of standing a putative...more
8/17/2016
/ Article III ,
Blue Cross ,
Blue Shield ,
CareFirst ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Healthcare ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Putative Class Actions ,
Standing
The Federal Trade Commission (FTC) has issued an Opinion and Final Order finding that the data security practices of LabMD, Inc. were unreasonable, and therefore constituted an unfair act or practice in violation of Section 5...more
8/15/2016
/ Administrative Law Judge (ALJ) ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
File Sharing ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
LabMD ,
Likelihood of Harm ,
p2p ,
Popular ,
Section 5
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced an agreement with Catholic Health Services of the Archdiocese of Philadelphia (CHCS), settling allegations that CHCS violated the Health...more
7/25/2016
/ Business Associates ,
Corrective Actions ,
Data Breach ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
iPhone ,
OCR ,
Penalties ,
PHI
In a case that may have significant impact for companies providing public Internet and cloud services, the Second Circuit has ruled that a federal court may not issue a criminal warrant ordering a U.S. company to produce...more
7/20/2016
/ Cloud Computing ,
Criminal Investigations ,
e-Discovery ,
Electronically Stored Information ,
Email ,
Extraterritoriality Rules ,
Internet Service Providers (ISPs) ,
Ireland ,
Microsoft ,
Popular ,
Privacy Concerns ,
Search Warrant ,
Stored Communications Act ,
Subpoenas
In a pair of highly anticipated decisions, the Ninth Circuit significantly reshaped criminal and civil liability under the federal Computer Fraud and Abuse Act (CFAA). The court’s recent decisions in United States v. Nosal...more
7/18/2016
/ Civil Liability ,
Computer Fraud and Abuse Act (CFAA) ,
Confidential Information ,
Criminal Liability ,
Data Security ,
Economic Espionage Act ,
Electronically Stored Information ,
Facebook ,
Former Employee ,
Misappropriation ,
Passwords ,
Popular ,
Trade Secrets ,
Unauthorized Access ,
US v Nosal ,
Websites
The Bank for International Settlement (BIS) Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) last week issued the first internationally agreed-upon...more
7/7/2016
/ Bureau of Industry and Security (BIS) ,
Committee on Payments and Market Infrastructure (CPMI) ,
Corporate Governance ,
Cyber Attacks ,
Cybersecurity ,
Financial Institutions ,
Financial Markets ,
Gramm-Leach-Blilely Act ,
IOSCO ,
New Guidance ,
Risk Management
Powered in part by the growing use of Internet of Things (IoT) technologies, cybersecurity has surged to become one of the leading concerns for global manufacturers, according to a recently released study....more
The Pennsylvania Superior Court has affirmed a trial court's decision denying class certification in a data breach case against two health plans, reversing its own earlier ruling in the same case that the plaintiff did not...more
The European Parliament has voted to adopt the draft text of the General Data Protection Regulation (GDPR), which imposes enhanced requirements on organizations processing personal data in the European Union and transferring...more
The European Commission (EC) has released details of the EU-U.S. Privacy Shield, a new framework under which personal data may be transferred from the European Union (EU) to the United States. The Privacy Shield replaces the...more
The Consumer Financial Protection Bureau (CFPB) has announced its first data security enforcement action. Since the 1990s, the Federal Trade Commission (FTC) has primarily taken on the role as the de facto federal regulator...more
Nearly three in five Californians were victims of a data breach in 2015, according to a report released by state Attorney General Kamala D. Harris. The report adopts minimum standards of ''reasonable security'' for personal...more
The Judicial Redress Act (Act), signed into law on February 24, 2016, by President Obama, extends the privacy protections offered to U.S. citizens under the Privacy Act of 1974 to citizens of ''covered countries'' overseas....more
President Obama's Cybersecurity National Action Plan (CNAP), a comprehensive plan to address the nation's cybersecurity challenges through increased funding, a more robust cybersecurity workforce, and education initiatives,...more
The Department of Homeland Security (DHS) and the Department of Justice (DOJ) have released Interim Guidance Documents (Guidance Documents) to implement the Cybersecurity Information Sharing Act of 2015 (CISA). The Act...more
The European Commission (EC) and the U.S. Department of Commerce have reached an agreement to create a framework for transfers of personal data from the European Union to the United States. The framework, named the EU-U.S....more