In addition to dealing with the public outcry and regulatory scrutiny resulting from a healthcare data breach, covered entities under the Health Insurance Portability and Accountability Act (or their business associates) are required to report breaches to the Department of Health & Human Services’ (HHS) Office for Civil Rights. But the pain doesn’t end there. … Continue Reading
In large security incidents, the differences among state breach notification laws usually do not come into play. In smaller matters, where individuals in only a few states are potentially affected, the differences sometimes result in having an obligation to notify individuals in some states but not others. And states have been active in amending their … Continue Reading
Class Actions Google Seeks Dismissal of BIPA Class Action • Google has sought dismissal of a putative class action lawsuit alleging violations of Illinois’ Biometric Information Privacy Act (BIPA). • According to the original complaint, Google allegedly violated BIPA by scanning photos of nonusers uploaded to Google Photos and then “extracting geometric data” of the … Continue Reading
On Jan. 18, 2018, the Federal Trade Commission (FTC) published its Annual Privacy and Data Security Update. The update is helpful to businesses in that it recaps the efforts and areas of involvement the FTC has targeted in the past year as well as guides data protection strategies for 2018. The report provides a detailed … Continue Reading
On Jan. 3, 2018, the Substance Abuse and Mental Health Services Administration (SAMHSA) issued its final rule regarding the Confidentiality of Substance Use Disorder Patient Records Part 2. These changes become effective Feb. 2, 2018. As background, the Confidentiality of Substance Use Discover Patient Records Part 2 protects patient records maintained in connection with any … Continue Reading
The DESI VII Workshop titled “Using Advanced Data Analysis in eDiscovery & Related Disciplines to Identify and Protect Sensitive Information in Large Collections” was held on the Strand Campus of King’s College in London on June 12, 2017. DESI VII was particularly focused on privacy, and presented numerous papers that examined emerging protocols and novel … Continue Reading
By Kathryn Mellinger and Suchismita Pahi on Posted in Online Privacy
To date, the U.S. Federal Trade Commission has brought over 60 enforcement actions regarding company data security practices, and 2016 is already no different. On February 23, 2016, the FTC and Taiwanese computer hardware manufacturer ASUSTeK Computer, Inc., settled the FTC’s charges that ASUS-branded wireless routers, which were manufactured for home use and allowed consumers … Continue Reading
In 2015, several countries introduced new data privacy regulations and approved new data protection regulators. As the year draws to a close, Australia joins the list of countries advancing new data privacy legislation with the Australian government’s recent release of a draft bill amending its Privacy Act to implement a new security incident notification framework. … Continue Reading
As U.S. and European regulators and businesses work toward solutions in the wake of last month’s decision by the Court of Justice of the European Union that invalidated the EU-U.S. Safe Harbor framework for cross-border data transfers – previously discussed here and here – the Trans-Pacific Partnership (TPP) trade agreement seeks to facilitate cross-border data … Continue Reading
There is no longer a debate – security incidents are inevitable. Organizations are working to be better prepared to respond when the first sign of an incident is detected (often at 4:30 p.m. on a Friday). So what kind of incidents should they prepare for and how should they prepare? Annual reports from forensic investigation … Continue Reading
We recently released the first BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our law firm advised on in 2014. The report shows that human error was the number one cause of data security incidents we worked on last year, with employee negligence responsible … Continue Reading
Our Privacy and Data Protection team has been shortlisted by Chambers and Partners for a Chambers USA Award as “Privacy & Data Security Team of the Year” in recognition of our “outstanding work, strategic growth, and client service excellence” over the past year. We are one of only seven privacy and data security teams in … Continue Reading
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. BakerHostetler lawyers have helped hundreds of businesses and other organizations respond to security incidents each year, many of which lead to regulatory investigations, class action lawsuits, or both. We see … Continue Reading
In keeping with Congress’s heightened focus on privacy practices in the data broker industry, Senators Jay Rockefeller (D-W.Va.) and Ed Markey (D-Mass.) introduced a bill that would require increased transparency and accountability in the collection and sale of private consumer data. Describing data brokers as operating a “shadow industry” with “very little scrutiny and oversight,” … Continue Reading
Earlier this month, the Massachusetts Supreme Court issued an opinion holding that zip codes “may well qualify” as personally identifiable information under the Massachusetts law controlling the treatment of PII in credit card transactions. The Massachusetts case echoes a 2011 ruling from the California Supreme Court which similarly held zip codes to be PII. Like the earlier California case, the … Continue Reading
Privacy and data protection issues confront all organizations—whether you handle employee information, credit card data, sensitive financial information or trade secrets. Securing data is a daunting task that is further complicated by cross-border transfer issues and the differences in privacy laws around the world. These laws are complex and can pose myriad and sometimes conflicting … Continue Reading
The rumors of the death (or at least “dearth” — of activity) of the 112th Congress are somewhat exaggerated, to morph a phrase from Mark Twain; at least regarding the last couple weeks prior to the Independence Day recess. Not only did Congress pass major legislation related to the FDA, transportation programs and student loans … Continue Reading
Opening markets and removing barriers to trade are touted by many in Washington, DC and well beyond as a cornerstone of economic expansion. In the information age, ensuring the free flow of data across borders, and not simply goods and services, is increasingly important. But just as problems can arise with differing foreign laws on … Continue Reading
Reflective of an increased interest in data privacy concerns, on February 28, 2012, the Securities and Exchange and Commodity Futures Trading commissions jointly released proposed rules designed to protect investors from identity theft by mandating the creation of programs to detect potential security threats. The proposed rules are meant to implement Title X of the … Continue Reading
The Obama Administration today unveiled a report entitled Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy. A central component of the report, which is directed at improving online privacy protections, is a “Consumer Privacy Bill of Rights.” The Consumer Privacy Bill of Rights … Continue Reading
After you learn of a potential data breach, the clock is ticking and potential liabilities are mounting. Quickly identifying the right team to guide your company through the complexities of the response is paramount. Baker Hostetler’s Privacy, Security & Social Media Emergency Response Team has launched a dedicated hotline so it can be reached at … Continue Reading
Last week we reviewed recent tracking litigation. As part of our ongoing focus on behavioral advertising, below is a summary of recent developments regarding Do Not Track legislation, industry self-regulatory efforts in the United States and abroad, and the FTC’s plan to update its Dot Com Disclosures guidelines. FTC Commissioner J. Thomas Rosch, concerned with … Continue Reading
California SB 242 (Social Networking Privacy Act), which we covered here, would require social networking websites to design default privacy settings that prevent information about a user from being displayed without affirmative consent from the user. On May 27, 2011, the bill failed to receive enough votes to pass the California Senate. The bill faced … Continue Reading
California state senator Ellen Corbett proposed an amended version of the Social Networking Privacy Act (SB 242) on May 10, 2011. SB 242 would require social networking websites to design default privacy settings that prevent any information about a user (other than name and city) from being displayed to the public or other users without … Continue Reading