The obligation on controllers to pay a fee will remain in place following the implementation of the General Data Protection Regulation, the GDPR, on 25 May 2018. The fees act as the main source of funding for the UK’s data protection supervisory authority, the Information Commissioner’s Office (the ‘ICO’). The Government, which has a statutory duty to ensure the ICO is adequately funded, has proposed a new funding structure based on the relative risk to the data processed by organisations. Continue Reading
Eduardo Guzmán has written an article for Law360 regarding the Telephone Consumer Protection Act (TCPA) with relation to voice over internet protocol (VoIP) services.
Much like the explosion in the use of mobile devices dramatically changed how the TCPA has been enforced and applied, emerging technologies like VoIP threaten to alter the TCPA landscape in ways that would have been unpredictable when the statute was enacted in 1991. The TCPA does not mention VoIP or VoIP calls, but the proliferation of VoIP services and their ability to mirror traditional telephony has made them a favorite target of the TCPA plaintiffs’ bar. Continue Reading
On February 27, 2018 the Supreme Court heard arguments surrounding the privacy of data stored abroad and the reach of U.S. search warrants to retrieve such data. While the Supreme Court decides the merits of United States v. Microsoft, Congress will debate on overhauling the Stored Communications Act (“SCA”) to reflect technological advances that were not contemplated back in 1986 – the year of SCA’s enactment. For a fuller examination of the arguments see the post on the Anticorruption blog. The SCA governs the proper disclosure of electronic communications to third parties and provides civil and criminal penalties for improper disclosure. This decision involves the data privacy expectations of U.S. and non-U.S. citizens alike and could impact a number of companies that store or facilitate the transmission of electronic communications.
The HHS Office of Civil Rights announced earlier this month that a court appointed receiver for Illinois moving and storage company, Filefax, has entered into a resolution agreement and corrective action plan to settle alleged violations of the HIPAA Privacy and Security Rules. The receiver for Filefax, which went out of business during OCR’s investigation, has agreed to pay $100,000 for alleged mishandling and improper disclosure of medical records containing protected health information for approximately 2,150 patients. OCR Director Roger Severino has pointed to the settlement agreement as a reminder to companies that HIPAA still applies regardless of whether a covered entity is opening or closing its doors. For more information, please see our Triage Health Law blog post.
Last week, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations released its enforcement priorities for 2018. Making the list for the fifth year in a row, cybersecurity was emphasized as a focus for the SEC in the coming year.
In a recent post on Squire Patton Boggs’ anticorruption blog, Coates Lear, Tara Swaminath, and Elizabeth Weil Shaw discuss the announcement, as well as the implications of the SEC’s recent and continued emphasis on cybersecurity. Click here to read the post.
What is CCTV?
CCTV means closed-circuit television, also known as video surveillance. Video surveillance systems monitors the behavior, activities, or other changing information, usually, of people from a distance by means of electronic equipment.
Video surveillance can include anything from closed circuit television or automatic number-plate recognition systems, to any other system for recording, storing, receiving or viewing visual images for surveillance purposes.
In 2016, it was estimated that there were approximately 350 million video surveillance cameras installed worldwide. Continue Reading
As 2018 picks up steam from its start, we are beginning to see traction in relation to various new regional data privacy and cybersecurity laws. Many of the provisions seem designed to enable countries to seek an EU Adequacy Finding, which is akin to the Privacy Shield provisions between the EU and the US. This would allow the easier transfer of EU data between the countries. Continue Reading
Last month, the Department of Health and Human Services Office for Civil Rights (“OCR”) issued two helpful new HIPAA guidance documents regarding research uses and disclosures of PHI, fulfilling a mandate in the 21st Century Cures Act (Public Law 114-255) (the “Act”). Although the documents merely reaffirm prior guidance in many places, the documents also contain helpful new information and serve to collect prior guidance spread in numerous places into a single location. The first document focuses on research authorizations and revocations: Continue Reading
In her second installment of “Cybersecurity Law” for CSO, Tara Swaminatha considers the most noteworthy cybersecurity and data privacy-related cases and pieces of legislation in the year ahead. Continue Reading
The two attacks affect nearly 90 percent of the world’s computers.
Recent reports suggest that computers – personal, business, and cellular alike – are susceptible to two newly discovered major security flaws. These flaws, colloquially known as “Meltdown” and “Spectre,” could open the door for hackers to access the contents of almost any computer.
Meltdown could provide hackers the ability to become squatters on cloud-based services, but more importantly provide them access to other consumers’ information, including passwords. In cloud-based services where consumers generally share servers, there are protocols in place to protect each customer’s information from being accessible to the others. Meltdown provides a way for hackers to circumvent those protocols, read sensitive data or gain access to other applications running on a shared server. Continue Reading