The Food and Drug Administration's (FDA) most recent draft guidance focuses on cybersecurity in postmarket medical devices and makes recommendations for identifying, assessing, and responding to cybersecurity vulnerabilities....more
A new Federal Trade Commission (FTC) report, "Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues," warns that certain uses of big data consisting of consumer information may implicate various federal...more
The Federal Trade Commission (FTC) recently approved a $100 million settlement with LifeLock, Inc. to resolve allegations that it violated a 2010 federal court order by failing to take steps required to protect its users’...more
The FTC has announced enforcement actions against two app developers that allegedly violated the Children’s Online Privacy Protection Act (COPPA) by using persistent identifiers to serve advertising to children. The...more
The Association of Corporate Counsel Foundation (ACC) released a State of Cybersecurity report on December 9, 2015. Ballard Spahr was the only law firm that served on the advisory board for the study and helped to formulate...more
The Association of Corporate Counsel Foundation (ACC) released a State of Cybersecurity report underwritten by Ballard Spahr on December 9, 2015. The report provides valuable insights on cybersecurity issues from more than...more
An amendment creating an exception to the annual privacy notice delivery requirement for financial institutions has been signed into law by President Obama as part of the “Fixing America’s Surface Transportation Act” (FAST...more
A recent decision by the Federal Trade Commission (FTC) Chief Administrative Law Judge (ALJ) dismissed the FTC’s complaint against LabMD, Inc. (LabMD) asserting the company’s alleged failure to protect consumer data in two...more
The New York Department of Financial Services (NYDFS) has distributed a letter to various federal and state regulatory agencies and associations proposing the development of new cybersecurity regulations for financial...more
Three bills that will update California’s data breach notification requirements have been signed into law by Governor Jerry Brown. The bills impose specific requirements on providing breach notification to consumers, add a...more
10/20/2015
/ Automatic License Plate Readers ,
Breach Notification Rule ,
Compliance ,
Cyber Attacks ,
Cyber Crimes ,
Data Breach ,
Encryption ,
Hackers ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Posting Requirements ,
Privacy Laws ,
Surveillance
The Court of Justice of the European Union (CJEU) has held that the EU Commission's decision establishing the Safe Harbor data transfer framework is invalid because the Commission failed to determine that the protection...more
10/8/2015
/ Binding Corporate Rules ,
Cybersecurity ,
Data Protection Authority ,
Edward Snowden ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Ireland ,
National Security ,
National Security Agency (NSA) ,
Personal Data ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework
A federal judge in Pennsylvania has allowed a data breach class action against Coca-Cola and several bottling companies to proceed, finding that the plaintiff has Article III standing even though he had left Coca-Cola’s...more
10/7/2015
/ Article III ,
Civil Conspiracy ,
Clapper v. Amnesty International ,
Class Action ,
Coca Cola ,
Data Breach ,
Fraudulent Charges ,
Identity Theft ,
Injury-in-Fact ,
Misrepresentation ,
Motion to Dismiss ,
Personally Identifiable Information ,
Standing
In a landmark decision that threatens to undo the process by which American companies handle personal data flowing from the European Union, the Advocate General (AG) of the European Court of Justice (ECJ) issued an advisory...more
10/1/2015
/ Advocate General ,
Better Business Bureau ,
Cybersecurity ,
Data Protection ,
Data Security ,
Data Transfers ,
Edward Snowden ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
Facebook ,
Federal Trade Commission (FTC) ,
National Security Agency (NSA) ,
Personal Data ,
PRISM Program ,
Safe Harbors ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
In 2013 alone, the U.S. Department of Homeland Security (DHS) and its Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to more than 256 cyber-incident reports—more than half of them in the energy...more
8/24/2015
/ Aerospace ,
Automotive Industry ,
C-Suite Executives ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Energy Sector ,
Hackers ,
Information Technology ,
Internet ,
Manufacturers ,
NIST ,
Oil & Gas ,
Pharmaceutical Industry ,
Popular ,
Transportation Corridor ,
Wastewater ,
Water
An increase in data breach class actions could be the result of a recent decision of the Seventh Circuit holding that allegations of future harm stemming from a data breach can establish Article III standing. The majority of...more
7/29/2015
/ Adobe ,
Article III ,
Class Action ,
Credit Cards ,
Cyber Attacks ,
Cyber Crimes ,
Data Breach ,
Hackers ,
Identity Theft ,
Invasion of Privacy ,
Negligence ,
Neiman Marcus ,
Standing
The Department of Justice (DOJ) recently announced the largest coordinated international law enforcement effort ever directed at an online cyber-criminal forum. Financial institutions and other companies should consider...more
7/24/2015
/ Best Practices ,
Criminal Prosecution ,
Cyber Crimes ,
Cybersecurity ,
Department of Justice (DOJ) ,
Enforcement Actions ,
FBI ,
Financial Institutions ,
Hackers ,
Malware ,
New Guidance ,
NIST
A recently released study from scientists at the University of Pennsylvania suggests a link between hydraulic fracturing ("fracking") for gas and oil and cardiac and neurological illnesses. Whether the report triggers a rash...more
The Federal Trade Commission (FTC) recently proposed amendments to its Gramm-Leach-Bliley Act (GLBA) rules requiring motor vehicle dealers to send their customers an annual privacy notice. The amendments would allow motor...more
6/23/2015
/ Automotive Industry ,
Car Dealerships ,
Consumer Financial Protection Bureau (CFPB) ,
Disclosure Requirements ,
Federal Trade Commission (FTC) ,
Gramm-Leach-Blilely Act ,
Notice Requirements ,
Privacy Policy ,
Proposed Amendments ,
Rulemaking Process ,
Websites
A Pennsylvania judge has dismissed a class action arising out of the breach of confidential employee information, adding to a growing body of state courts that have found that negligence claims alleging failure to provide...more
The Federal Trade Commission recently announced a proposed settlement with a retail tracking company to resolve charges that the company’s privacy policy misled consumers about their ability to opt out of the company’s...more
The New York State Department of Financial Services (NYDFS) recently issued a report identifying common cybersecurity issues and concerns caused by the failure of some banks to sufficiently manage vulnerabilities posed by...more
The Food and Drug Administration’s recent guidance on mobile medical applications illustrates the FDA’s growing efforts to combat emerging cybersecurity issues that affect patient safety. The guidance, issued in February...more
President Obama has finally revealed the text of draft legislation that would establish “baseline protections” for consumers under a proposed Consumer Privacy Bill of Rights. The bill would impose new legal requirements on...more
With the news of the breach of security at Anthem health plans, many employers have been wondering whether their employees are affected and how they should respond. The breach extends to members in Anthem-affiliated plans and...more
The recently released Federal Trade Commission staff report, Internet of Things: Privacy & Security in a Connected World, provides companies with insight into the FTC's consumer privacy and data security expectations for the...more