In the past few years, cybersecurity has taken on increasing importance in the eyes of lawmakers and regulators. Traditionally, cybersecurity compliance that is tied to the protection of personal information generally has...more
Shook Weighs in on Updated CCPA Regulations - In response to extensive public comment, the California Attorney General’s office released modified draft regulations under the CCPA on February 7. Shook has provided initial...more
“Reasonable” and “adequate” seem like benign terms — until you have to litigate using them as a standard for adequate data security. Over the coming years, the definition of “reasonable security” (and the alleged failure of...more
Earlier this month, Andrew Smith, the FTC’s Director of the Bureau of Consumer Protection, announced that the Commission had made “three major changes” to its data security orders. Citing recent hearings at the FTC, as well...more
Synopsis: On January 6, 2020, Andrew Smith, director of the Federal Trade Commission’s Bureau of Consumer Protection, outlined in a blog post the agency’s new approach to data security orders. The agency implemented this...more
Amidst mounting pressure to pursue cybersecurity more aggressively, the Federal Trade Commission (“FTC”), the federal government’s most active enforcer in the space, has recently imposed increasingly stringent cybersecurity...more
In June 2018, medical laboratory LabMD obtained the first-ever court decision overturning a Federal Trade Commission (FTC) cybersecurity enforcement action. (The team directing that effort – led by Doug Meal and Michelle...more
In LabMD v. FTC, the Eleventh Circuit vacated an order requiring a company to implement a data security program “reasonably designed” to protect information. Following the LabMD decision, the FTC announced a series of public...more
Features - International Updates (Excluding the EU) - India’s Draft Data Protection Bill: Another GDPR Around the Corner? India recently introduced the Personal Data Protection Bill 2018. ...more
Privacy protection is an issue that will always be at the forefront of the legal world. Consumers expect that companies will protect their medical and other private identifying information. While the increase in digital data...more
Editor’s Note: This blog post was originally published last week. Since then, the U.S. Court of Appeals for the District of Columbia has summarily rejected LabMD’s request to reconsider its earlier ruling that two Federal...more
Did LabMD, the now-defunct cancer testing company, expose sensitive patient information with shoddy data security practices as U.S. regulations have charged, or was the company victimized by a private forensics firm extorting...more
Our Privacy & Data Security Group reviews the Eleventh Circuit’s decision narrowing the FTC’s authority to impose broad cybersecurity measures on defendants, but cautions it would be a mistake to interpret the ruling as...more
The U.S. Court of Appeals for the Eleventh Circuit on June 6 issued its long-awaited decision in LabMD v. Federal Trade Commission, vacating a Federal Trade Commission cease and desist order directing LabMD to overhaul its...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the Eleventh Circuit's decision to vacate an order against LabMD regarding FTC cease-and-desist orders, new data breach notification laws in three U.S....more
Earlier this month, in a much anticipated decision, the 11th U.S. Circuit Court of Appeals vacated the Federal Trade Commission’s (FTC) cease and desist order against LabMD, Inc. The 11th Circuit concluded that the FTC’s...more
In This Issue: - FTC Enforcement Action Slain by 11th Circuit - Chris Farley IP Holder Settles With Bike Company - California Pushes Auto-Renewal Regs in New Directions - Plaintiff Should Cop to COPPA, Google Claims -...more
In a significant ruling that calls into question the Federal Trade Commission’s (“FTC”) authority to regulate a private company’s data security program, a federal appellate court of appeals ruled that the agency’s cease and...more
The U.S. Court of Appeals for the Eleventh Circuit recently released its highly anticipated decision in the long-running case pitting the now-defunct medical laboratory LabMD against the Federal Trade Commission (FTC),...more
Companies have a responsibility to protect the sensitive employee and consumer data they hold, but we do not know how much of their revenues must be spent on this effort before it is considered enough. We do not know what...more
In a landmark decision, the United States Court of Appeals for the Eleventh Circuit vacated a Federal Trade Commission (“FTC”) cease and desist order which directed LabMD, a relatively small and now-defunct cancer testing...more
In the latest episode of a long running saga, the Eleventh Circuit has ruled against the Federal Trade Commission (FTC) in its years-long battle with LabMD Inc. The Court vacated the FTC’s order requiring LabMD to implement a...more
On June 6, the U.S. Court of Appeals for the Eleventh Circuit vacated a cease-and-desist order by the Federal Trade Commission (FTC) issued against LabMD, Inc. (LabMD) arising from an FTC enforcement action alleging that...more
We previously reported that the FBI has warned consumers about a nasty malware, known as VPNFilter and believed to have been launched by a Russian government hacking group, which is infecting hundreds of thousands of small...more
We have been watching the LabMD/FTC case for a long time. We have written about it, read the book about it that was hand delivered to our office by the CEO of LabMD, debated it in privacy law class and marveled at the energy...more