Amendments to California’s expansive Consumer Privacy Act of 2018 (“the Act”) include new provisions that may significantly impact the timing of enforcement and provide exemptions for large amounts of personal data regulated by other laws. The Act, signed into law in June, is a sweeping data privacy law that regulates the processing of personal data … Continue Reading
Personal location information held by a third party now receives heightened protection from disclosure to law enforcement Thanks to Timothy Ivory Carpenter, Cell Site Location Information (“CSLI”) is now part of our vernacular. More important, in light of the Supreme Court’s June 2018 ruling in Carpenter v. United States, a company’s collection and retention of … Continue Reading
California’s newly enacted Consumer Privacy Act of 2018 is the strictest of the US’s patchwork of privacy related regulations. The Act will impact any legal entity that (i) does business in California, (ii) is operated for the profit or financial benefit of its owners, (iii) collects consumers’ personal information and determines the purpose and means … Continue Reading
In an article posted in Law360 Expert Analysis on May 22, 2018, Squire Patton Boggs partner Elliot Golding describes how the rise of health care smart devices and tracking apps has intensified the focus on data privacy and cybersecurity within the health care industry. Subsequently, new and proposed government and regulatory initiatives are underway. Additional … Continue Reading
Elliot Golding, in a podcast interview with Healthcare InfoSecurity, discusses progressing healthcare privacy and security issues, especially complex issues involving Internet of Things (IoT) devices. Topic points include, new risks when connected devices link to legacy systems, the applicable regulatory environment, and other important issues companies operating in the health care space need to confront … Continue Reading
In a first of its kind, the SEC recently fined Yahoo US$35 million for failing to assess and disclose a 2014 data breach that affected over 500 million user accounts. What caused the SEC to charge Yahoo with cybersecurity-related disclosure violations? Our colleagues Tara Swaminatha and Coates Lear have prepared an analysis of this enforcement action, including … Continue Reading
With no central federal data breach law, states have taken the reins, passing an increasing number of laws that require both the protection of citizens’ private data and prompt notice of any breach of that privacy. Governors in the last two holdout states, South Dakota and Alabama, recently signed bills to enact laws governing data … Continue Reading
Overview of Recent Settlement Actions Recent Health Insurance Portability and Accountability Act (“HIPAA”) enforcement settlements for Virtual Medical Group (“VMG”) in New Jersey and EmblemHealth in New York may signal a broader trend of increased state HIPAA enforcement. Under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act’s amendment to HIPAA, codified at … Continue Reading
In a Joint Statement issued this week, the Federal Financial Institutions Examination Council (“FFIEC”) – which comprises the principals of the Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, and State Liaison Committee – cautioned the … Continue Reading
Our March 22, 2018 our readers were directed to a post published on our sister Anticorruption Blog which discussed the at the time proposed The CLOUD Act. The act was signed into law as part of the Omnibus Spending Bill on March 23, 2018. In Part 2 of her article, Ericka Johnson focuses on The … Continue Reading
In Part 1 of an upcoming series of posts on our sister Anticorruption Blog, DC-based associate Ericka Johnson explores the recently proposed CLOUD Act and the increasing gap between technology and the law. Of special interest to our readers, The CLOUD Act updates standards for when governments may be able to obtain information stored outside … Continue Reading
On February 27, 2018 the Supreme Court heard arguments surrounding the privacy of data stored abroad and the reach of U.S. search warrants to retrieve such data. While the Supreme Court decides the merits of United States v. Microsoft, Congress will debate on overhauling the Stored Communications Act (“SCA”) to reflect technological advances that were … Continue Reading
The HHS Office of Civil Rights announced earlier this month that a court appointed receiver for Illinois moving and storage company, Filefax, has entered into a resolution agreement and corrective action plan to settle alleged violations of the HIPAA Privacy and Security Rules. The receiver for Filefax, which went out of business during OCR’s investigation, … Continue Reading
Last month, the Department of Health and Human Services Office for Civil Rights (“OCR”) issued two helpful new HIPAA guidance documents regarding research uses and disclosures of PHI, fulfilling a mandate in the 21st Century Cures Act (Public Law 114-255) (the “Act”). Although the documents merely reaffirm prior guidance in many places, the documents also … Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 27 November 2017.… Continue Reading
There is an increasing recognition of the need to improve cybersecurity in the healthcare sector (particularly relating to medical devices). For example, the Chairman of the House of Representatives’ Committee on Energy and Commerce recently asked HHS in a formal letter to “develop a plan of action for creating, deploying, and leveraging [bill of materials] … Continue Reading
In Eichenberger-v.-ESPN., Case No. 15-35499 (Nov. 29, 2017), the United States Court of Appeals for the Ninth Circuit affirmed the district court judgment holding that the serial numbers on a consumer’s video streaming device and the titles of the videos an individual watches do not constitute personally identifiable information (PII) under the Video Privacy Protection … Continue Reading
In another lawsuit against Equifax, the Independent Community Bankers of America (ICBA), on behalf of thousands of community banks, seeks to hold Equifax accountable for the July 2017 data breach that potentially affected more than 145.5 million consumers. ICBA, along with Bank of Zachary and First State Bank, filed the class action last week in … Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 6 November 2017.… Continue Reading
We would like to congratulate Tara Swaminatha for being honored as a Cybersecurity & Data Privacy Trailblazer by the National Law Journal. Ms. Swaminatha is one of only two women to be recognized by the Journal and the only women of color.… Continue Reading
On 18 October 2017, the European Commission (“Commission”) published its first annual report on the functioning of the US-EU Privacy Shield (“the Report”), the successor to the Safe Harbor framework after its invalidation in Schrems. The Report will be widely welcomed by businesses on both sides of the Atlantic as the Commission continues to back … Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 2 October 2017.… Continue Reading
These days, organizations (including the U.S. Air Force) have been turning to third parties to help hunt for security weaknesses (under “bug bounty” programs) in company software and applications. In July 2017, the Department of Justice released guidance for a structured program (entitled, A Framework for a Vulnerability Disclosure Program for Online Systems) designed to … Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 18 September 2017.… Continue Reading
