Archives: US

Subscribe to US RSS Feed

Illinois Supreme Court to Resolve the Conflict over the Scope of BIPA’s Private Right of Action.

In Illinois, the courts are grappling with an issue akin to the Article 3 standing issues that courts have been analyzing in post-breach cases for years, that is, whether a plaintiff must claim actual harm as a result of a statutory violation or whether the violation is sufficient by itself to support standing to sue.… Continue Reading

Digital Health Update: Recent FDA Cyber Initiatives

The Food and Drug Administration (FDA) has recently issued several cybersecurity and medical device initiatives as part of the agency’s increased focus on digital health. These initiatives include draft cybersecurity guidance for medical devices, increased coordination with the Department of Homeland Security, and the promotion of artificial intelligence. Elliot Golding and Jennifer Tharp provided an … Continue Reading

Amendments to the California Consumer Privacy Act of 2018: Progress toward Clarity

Amendments to California’s expansive Consumer Privacy Act of 2018 (“the Act”) include new provisions that may significantly impact the timing of enforcement and provide exemptions for large amounts of personal data regulated by other laws. The Act, signed into law in June, is a sweeping data privacy law that regulates the processing of personal data … Continue Reading

Supreme Court Takes Another Step to Keep Up With the Digital Times: Criminal Procedure and Cell Phone Records in Carpenter

Personal location information held by a third party now receives heightened protection from disclosure to law enforcement Thanks to Timothy Ivory Carpenter, Cell Site Location Information (“CSLI”) is now part of our vernacular.  More important, in light of the Supreme Court’s June 2018 ruling in Carpenter v. United States, a company’s collection and retention of … Continue Reading

California’s Consumer Privacy Act of 2018

California’s newly enacted Consumer Privacy Act of 2018 is the strictest of the US’s patchwork of privacy related regulations. The Act will impact any legal entity that (i) does business in California, (ii) is operated for the profit or financial benefit of its owners, (iii) collects consumers’ personal information and determines the purpose and means … Continue Reading

Law360 Expert Analysis: Health Tech Is The New Focus For Cybersecurity Policy

In an article posted in Law360 Expert Analysis on May 22, 2018, Squire Patton Boggs partner Elliot Golding describes how the rise of health care smart devices and tracking apps has intensified the focus on data privacy and cybersecurity within the health care industry.  Subsequently, new and proposed government and regulatory initiatives are underway. Additional … Continue Reading

Significant Health Care Technology Privacy and Cybersecurity Considerations

Elliot Golding, in a podcast interview with Healthcare InfoSecurity, discusses progressing healthcare privacy and security issues, especially complex issues involving Internet of Things (IoT) devices. Topic points include, new risks when connected devices link to legacy systems, the applicable regulatory environment, and other important issues companies operating in the health care space need to confront … Continue Reading

SEC Fines Yahoo $35 Million for Misleading Investors by Failing to Disclose Cybersecuity Breach

In a first of its kind, the SEC recently fined Yahoo US$35 million for failing to assess and disclose a 2014 data breach that affected over 500 million user accounts. What caused the SEC to charge Yahoo with cybersecurity-related disclosure violations?  Our colleagues Tara Swaminatha and Coates Lear have prepared an analysis of this enforcement action, including … Continue Reading

Data Breach Laws on the Books in Every State; Federal Data Breach Law Hangs in the Balance

With no central federal data breach law, states have taken the reins, passing an increasing number of laws that require both the protection of citizens’ private data and prompt notice of any breach of that privacy.  Governors in the last two holdout states, South Dakota and Alabama, recently signed bills to enact laws governing data … Continue Reading

States Increase HIPAA Enforcement

Overview of Recent Settlement Actions Recent Health Insurance Portability and Accountability Act (“HIPAA”) enforcement settlements for Virtual Medical Group (“VMG”) in New Jersey and EmblemHealth in New York may signal a broader trend of increased state HIPAA enforcement.  Under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act’s amendment to HIPAA, codified at … Continue Reading

Federal Financial Institutions Examination Council Cautions Companies Not to Over-Rely On Cyber Insurance in Lieu of Robust Security Controls

In a Joint Statement issued this week, the Federal Financial Institutions Examination Council (“FFIEC”) – which comprises the principals of the Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, and State Liaison Committee – cautioned the … Continue Reading

The CLOUD Act, Part 2

Our March 22, 2018 our readers were directed to a post published on our sister Anticorruption Blog which discussed the at the time proposed The CLOUD Act.  The act was signed into law as part of the Omnibus Spending Bill on March 23, 2018.  In Part 2 of her article, Ericka Johnson focuses on The … Continue Reading

Clarifying Lawful Overseas Use of Data – The Cloud Act

In Part 1 of an upcoming series of posts on our sister Anticorruption Blog, DC-based associate Ericka Johnson explores the recently proposed CLOUD Act and the increasing gap between technology and the law. Of special interest to our readers, The CLOUD Act updates standards for when governments may be able to obtain information stored outside … Continue Reading

Supreme Court Hears Arguments on Cloud Security

On February 27, 2018 the Supreme Court heard arguments surrounding the privacy of data stored abroad and the reach of U.S. search warrants to retrieve such data.  While the Supreme Court decides the merits of United States v. Microsoft, Congress will debate on overhauling the Stored Communications Act (“SCA”) to reflect technological advances that were … Continue Reading

Recent HHS Settlement Showcases that Alleged HIPAA Liability Attaches Even After a Business Closes its Doors

The HHS Office of Civil Rights announced earlier this month that a court appointed receiver for Illinois moving and storage company, Filefax, has entered into a resolution agreement and corrective action plan to settle alleged violations of the HIPAA Privacy and Security Rules.  The receiver for Filefax, which went out of business during OCR’s investigation, … Continue Reading

HHS Office for Civil Rights Issues Updated HIPAA and Research Guidance in Response to 21st Century Cures Act Mandate

Last month, the Department of Health and Human Services Office for Civil Rights (“OCR”) issued two helpful new HIPAA guidance documents regarding research uses and disclosures of PHI, fulfilling a mandate in the 21st Century Cures Act (Public Law 114-255) (the “Act”).  Although the documents merely reaffirm prior guidance in many places, the documents also … Continue Reading

Increased Recognition to Improve Cybersecurity in Healthcare Sector

There is an increasing recognition of the need to improve cybersecurity in the healthcare sector (particularly relating to medical devices).  For example, the Chairman of the House of Representatives’ Committee on Energy and Commerce recently asked HHS in a formal letter to “develop a plan of action for creating, deploying, and leveraging [bill of materials] … Continue Reading

While Ninth Circuit Finds No Additional Harm Required for Standing Under the VPPA, It Applies a Narrow Reading of What Constitutes PII Under the VPPA

In Eichenberger-v.-ESPN., Case No. 15-35499 (Nov. 29, 2017), the United States Court of Appeals for the Ninth Circuit affirmed the district court judgment holding that the serial numbers on a consumer’s video streaming device and the titles of the videos an individual watches do not constitute personally identifiable information (PII) under the Video Privacy Protection … Continue Reading

Independent Bank Class Action Alleges Specific Equifax Security Failures, Actual Harm and the Threat of Future Harm

In another lawsuit against Equifax, the Independent Community Bankers of America (ICBA), on behalf of thousands of community banks, seeks to hold Equifax accountable for the July 2017 data breach that potentially affected more than 145.5 million consumers. ICBA, along with Bank of Zachary and First State Bank, filed the class action last week in … Continue Reading

Privacy Shield: First Annual Review Report Published

On 18 October 2017, the European Commission (“Commission”) published its first annual report on the functioning of the US-EU Privacy Shield (“the Report”), the successor to the Safe Harbor framework after its invalidation in Schrems. The Report will be widely welcomed by businesses on both sides of the Atlantic as the Commission continues to back … Continue Reading
LexBlog