Tag Archives: data privacy

Virginia Likely to Become Second State with Comprehensive Privacy Legislation

Photo of Kyle DullPhoto of Kyle R. FathBy Kyle Dull and Kyle R. Fath on Posted in CDPA
With a special session scheduled to begin Feb. 10, Virginia is poised to become the second state to pass comprehensive consumer privacy legislation. The Consumer Data Protection Act (CDPA) passed the Virginia Senate on Friday, Feb. 5, and has been referred back to the Virginia House to be reconciled. Seeing that the House previously passed … Continue Reading

What Can We Learn From the Healthcare Data Breach ‘Wall of Shame’?

Photo of Eric A. PackelBy Eric A. Packel on Posted in HHS, HIPAA/HITECH
In addition to dealing with the public outcry and regulatory scrutiny resulting from a healthcare data breach, covered entities under the Health Insurance Portability and Accountability Act (or their business associates) are required to report breaches to the Department of Health & Human Services’ (HHS) Office for Civil Rights. But the pain doesn’t end there. … Continue Reading

Navigating the State Data Breach Laws? An Enhanced Resource is Available

Photo of Julie HeinBy Julie Hein on Posted in Breach Notification, Data Breach Notification Laws
In large security incidents, the differences among state breach notification laws usually do not come into play. In smaller matters, where individuals in only a few states are potentially affected, the differences sometimes result in having an obligation to notify individuals in some states but not others. And states have been active in amending their … Continue Reading

The Weekly Privacy Rewind

By Aaron Lancaster on Posted in Weekly Privacy Rewind
Class Actions Google Seeks Dismissal of BIPA Class Action • Google has sought dismissal of a putative class action lawsuit alleging violations of Illinois’ Biometric Information Privacy Act (BIPA). • According to the original complaint, Google allegedly violated BIPA by scanning photos of nonusers uploaded to Google Photos and then “extracting geometric data” of the … Continue Reading

Looking Back: The Federal Trade Commission Issues Annual Data Privacy Report for 2017

By John Busch on Posted in Cybersecurity, Enforcement, News
On Jan. 18, 2018, the Federal Trade Commission (FTC) published its Annual Privacy and Data Security Update. The update is helpful to businesses in that it recaps the efforts and areas of involvement the FTC has targeted in the past year as well as guides data protection strategies for 2018. The report provides a detailed … Continue Reading

SAMHSA Updates Privacy Regulations to Reflect Advancements in Healthcare

Photo of Lynn SessionsPhoto of Kathryn CareyBy Lynn Sessions and Kathryn Carey on Posted in HIPAA/HITECH, Privacy Litigation
On Jan. 3, 2018, the Substance Abuse and Mental Health Services Administration (SAMHSA) issued its final rule regarding the Confidentiality of Substance Use Disorder Patient Records Part 2. These changes become effective Feb. 2, 2018. As background, the Confidentiality of Substance Use Discover Patient Records Part 2 protects patient records maintained in connection with any … Continue Reading

When is a Chair not a Chair? Big Data Algorithms, Disparate Impact, and Considerations of Modular Programming

Photo of James A. ShererBy James A. Sherer on Posted in Information Governance, International Privacy Law, Social Media
The DESI VII Workshop titled “Using Advanced Data Analysis in eDiscovery & Related Disciplines to Identify and Protect Sensitive Information in Large Collections” was held on the Strand Campus of King’s College in London on June 12, 2017. DESI VII was particularly focused on privacy, and presented numerous papers that examined emerging protocols and novel … Continue Reading

FTC And ASUS Reach Settlement Over Risk To Consumer Privacy In ASUS-Branded Routers

By Kathryn Mellinger and Suchismita Pahi on Posted in Online Privacy
To date, the U.S. Federal Trade Commission has brought over 60 enforcement actions regarding company data security practices, and 2016 is already no different. On February 23, 2016, the FTC and Taiwanese computer hardware manufacturer ASUSTeK Computer, Inc., settled the FTC’s charges that ASUS-branded wireless routers, which were manufactured for home use and allowed consumers … Continue Reading

Australia Introduces Draft Privacy Act Amendment Addressing Notification

By Kathryn Mellinger on Posted in Data Breaches, Online Privacy
In 2015, several countries introduced new data privacy regulations and approved new data protection regulators. As the year draws to a close, Australia joins the list of countries advancing new data privacy legislation with the Australian government’s recent release of a draft bill amending its Privacy Act to implement a new security incident notification framework. … Continue Reading

Trans-Pacific Partnership Would Promote Cross-Border Data Transfers and Restrict Data Localization

By David M. Brown on Posted in International Privacy Law
As U.S. and European regulators and businesses work toward solutions in the wake of last month’s decision by the Court of Justice of the European Union that invalidated the EU-U.S. Safe Harbor framework for cross-border data transfers – previously discussed here and here – the Trans-Pacific Partnership (TPP) trade agreement seeks to facilitate cross-border data … Continue Reading

2015 BakerHostetler Security Incident Response Report Provides Insight Beyond Technical Incidents

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Cybersecurity, Data Breaches, HIPAA/HITECH, Incident Response, Information Security, Infrastructure, Retail Industry
There is no longer a debate – security incidents are inevitable. Organizations are working to be better prepared to respond when the first sign of an incident is detected (often at 4:30 p.m. on a Friday). So what kind of incidents should they prepare for and how should they prepare? Annual reports from forensic investigation … Continue Reading

An Ounce of Prevention Is Better (and Cheaper) Than a Pound of Cure: It’s time for a data protection checkup.

By Alan L. Friel on Posted in Cybersecurity, Incident Response, Information Governance, Online Privacy
We recently released the first BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our law firm advised on in 2014. The report shows that human error was the number one cause of data security incidents we worked on last year, with employee negligence responsible … Continue Reading

Data Security Risk Assessments

By Randal L. Gainer on Posted in Cybersecurity
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. BakerHostetler lawyers have helped hundreds of businesses and other organizations respond to security incidents each year, many of which lead to regulatory investigations, class action lawsuits, or both. We see … Continue Reading

Congress Steps Up its Scrutiny of Data Brokers

Photo of Pamela Jones HarbourBy Pamela Jones Harbour on Posted in Online Privacy
In keeping with Congress’s heightened focus on privacy practices in the data broker industry, Senators Jay Rockefeller (D-W.Va.) and Ed Markey (D-Mass.) introduced a bill that would require increased transparency and accountability in the collection and sale of private consumer data.  Describing data brokers as operating a “shadow industry” with “very little scrutiny and oversight,” … Continue Reading

Massachusetts Follows California in Finding Retailers Vulnerable to Suit for Collecting Zip Codes in Credit Card Transactions

By Michael Young on Posted in Payment Card Industry, State Legislation
Earlier this month, the Massachusetts Supreme Court issued an opinion holding that zip codes “may well qualify” as personally identifiable information under the Massachusetts law controlling the treatment of PII in credit card transactions. The Massachusetts case echoes a 2011 ruling from the California Supreme Court which similarly held zip codes to be PII. Like the earlier California case, the … Continue Reading

International Compendium of Data Privacy Laws

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Online Privacy
Privacy and data protection issues confront all organizations—whether you handle employee information, credit card data, sensitive financial information or trade secrets. Securing data is a daunting task that is further complicated by cross-border transfer issues and the differences in privacy laws around the world. These laws are complex and can pose myriad and sometimes conflicting … Continue Reading

Congressional Update on Data Privacy & Security

By William Weber on Posted in Data Breaches, Online Privacy
The rumors of the death (or at least “dearth” — of activity) of the 112th Congress are somewhat exaggerated, to morph a phrase from Mark Twain; at least regarding the last couple weeks prior to the Independence Day recess. Not only did Congress pass major legislation related to the FDA, transportation programs and student loans … Continue Reading

Privacy Across Borders: Concerns Surfacing in Trans-Pacific Partnership

By William Weber on Posted in International Privacy Law
Opening markets and removing barriers to trade are touted by many in Washington, DC and well beyond as a cornerstone of economic expansion.  In the information age, ensuring the free flow of data across borders, and not simply goods and services, is increasingly important.  But just as problems can arise with differing foreign laws on … Continue Reading

SEC and CFTC Propose Identity Theft Prevention Rules

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Financial Privacy, Identity Theft
Reflective of an increased interest in data privacy concerns, on February 28, 2012, the Securities and Exchange and Commodity Futures Trading commissions jointly released proposed rules designed to protect investors from identity theft by mandating the creation of programs to detect potential security threats.  The proposed rules are meant to implement Title X of the … Continue Reading

White House Releases Consumer Online “Privacy Bill of Rights”

Photo of Erica Gann KitaevBy Erica Gann Kitaev on Posted in Federal Legislation, Online Privacy
The Obama Administration today unveiled a report entitled Consumer Data Privacy in a Networked World:  A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.  A central component of the report, which is directed at improving online privacy protections, is a “Consumer Privacy Bill of Rights.”  The Consumer Privacy Bill of Rights … Continue Reading

Baker Hostetler Data Breach Emergency Response Team Launches Data Breach Hotline

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches
After you learn of a potential data breach, the clock is ticking and potential liabilities are mounting. Quickly identifying the right team to guide your company through the complexities of the response is paramount. Baker Hostetler’s Privacy, Security & Social Media Emergency Response Team has launched a dedicated hotline so it can be reached at … Continue Reading

Focus on Behavioral Advertising, Part 2

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Behavioral Advertising
Last week we reviewed recent tracking litigation.  As part of our ongoing focus on behavioral advertising, below is a summary of recent developments regarding Do Not Track legislation, industry self-regulatory efforts in the United States and abroad, and the FTC’s plan to update its Dot Com Disclosures guidelines.    FTC Commissioner J. Thomas Rosch, concerned with … Continue Reading

California Social Networking Privacy Act Stalls

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Online Privacy
California SB 242 (Social Networking Privacy Act), which we covered here, would require social networking websites to design default privacy settings that prevent information about a user from being displayed without affirmative consent from the user.  On May 27, 2011, the bill failed to receive enough votes to pass the California Senate.      The bill faced … Continue Reading
LexBlog