Tag Archives: data privacy

US Facial Recognition Firm Ordered to Stop Processing UK and Australian Data and Pay Fine Over Privacy Law Violations

ICO and OAIC Find ‘Serious Breaches’ of Privacy Law On Nov. 29, 2021, the U.K. Information Commissioner’s Office (ICO) announced a provisional intent to fine Clearview AI over £17 million, alleging several privacy violations related to the company’s use of “scraped” data and biometrics of individuals. More significantly, the provisional order would require the company … Continue Reading

California Privacy Protection Agency Board Chair Discusses CPRA Rulemaking Process and Agency Authority

By Justin T. Yedor and Jeewon Serrato on October 15, 2021 Posted in CCPA, Consumer Data, CPRA, Data Privacy, Data Protection, Uncategorized

Justin T. Yedor and Jeewon Serrato On October 5, 2021, Jennifer Urban, who serves as Chair of the Board the California Privacy Protection Agency (the CPPA) spoke with members of the California Lawyer’s Association about the Board’s work to get the new Agency off the ground, the challenges it faces in doing so and the … Continue Reading

The Impact of Data Security Incident Trends on Commercial Transactions: Part II – Development Agreements

By Craig Carpenter on October 12, 2021 Posted in Cybersecurity, Data Breach Notification Laws, Data Breaches, Information Security, Uncategorized

The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report – a report based on the firm’s experience with data security incident response and litigation over the past year – features a number of important insights previously covered in this blog, including trends in global breach notification, healthcare industry risks and ransomware. The report is … Continue Reading

CPRA Rulemaking Begins with an Invitation by the New California Privacy Protection Agency

By Justin T. Yedor, Stanton Burke and Jeewon Serrato on September 23, 2021 Posted in CCPA, CPRA, Information Security, Online Privacy, Uncategorized

By Justin Yedor, Stanton Burke, and Jeewon K. Serrato For businesses awaiting guidance on how to comply with the California Privacy Rights Act (the “CPRA”), the new California Privacy Protection Agency (“CPPA”) began the rulemaking process on September 22, 2021 with an Invitation for Preliminary Comments on Proposed Rulemaking (the “Invitation for Comment”). In the … Continue Reading

Craig Carpenter Discusses His Career Path on “Careers in Data Privacy” Podcast

By Craig Carpenter on September 10, 2021 Posted in Data Privacy

On September 9, Craig Carpenter joined an episode of “Careers in Data Privacy,” a podcast that interviews data privacy professionals to learn about the journey they took to get to where they are today. During the episode, Craig talked about his science background and his time at Clemson University, his decision to go to law … Continue Reading

Ohio Proposes Comprehensive Privacy Legislation

By Damon C. Barhorst and William Berglund on September 7, 2021 Posted in Consumer Data, Data Protection, Enforcement, Privacy, State Legislation

Ohio recently became the latest state to consider enacting comprehensive privacy legislation. On July 13, 2021, the Ohio Personal Privacy Act (House Bill 376) was introduced into the Ohio House of Representatives with the backing of Ohio Governor Mike DeWine and Lt. Governor Jon Husted. If passed, OPPA would establish consumer data rights for natural … Continue Reading

The Impact of Data Security Incident Trends on Commercial Transactions: Part I – M&A

By Craig Carpenter on August 25, 2021 Posted in Data Security Incident Response

The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report – a report based on the firm’s experience with data security incident response and litigation over the past year – features a number of important insights previously covered on this blog including trends in global breach notification, healthcare industry risks and ransomware. The Report is … Continue Reading

Virginia Likely to Become Second State with Comprehensive Privacy Legislation

By Kyle Dull and Kyle R. Fath on February 11, 2021 Posted in CDPA

With a special session scheduled to begin Feb. 10, Virginia is poised to become the second state to pass comprehensive consumer privacy legislation. The Consumer Data Protection Act (CDPA) passed the Virginia Senate on Friday, Feb. 5, and has been referred back to the Virginia House to be reconciled. Seeing that the House previously passed … Continue Reading

What Can We Learn From the Healthcare Data Breach ‘Wall of Shame’?

By Eric A. Packel on February 4, 2019 Posted in HHS, HIPAA/HITECH

In addition to dealing with the public outcry and regulatory scrutiny resulting from a healthcare data breach, covered entities under the Health Insurance Portability and Accountability Act (or their business associates) are required to report breaches to the Department of Health & Human Services’ (HHS) Office for Civil Rights. But the pain doesn’t end there. … Continue Reading

Navigating the State Data Breach Laws? An Enhanced Resource is Available

By Julie Hein on September 21, 2018 Posted in Breach Notification, Data Breach Notification Laws

In large security incidents, the differences among state breach notification laws usually do not come into play. In smaller matters, where individuals in only a few states are potentially affected, the differences sometimes result in having an obligation to notify individuals in some states but not others. And states have been active in amending their … Continue Reading

Looking Back: The Federal Trade Commission Issues Annual Data Privacy Report for 2017

By John Busch on February 6, 2018 Posted in Cybersecurity, Enforcement, News

On Jan. 18, 2018, the Federal Trade Commission (FTC) published its Annual Privacy and Data Security Update. The update is helpful to businesses in that it recaps the efforts and areas of involvement the FTC has targeted in the past year as well as guides data protection strategies for 2018. The report provides a detailed … Continue Reading

SAMHSA Updates Privacy Regulations to Reflect Advancements in Healthcare

By Lynn Sessions and Kathryn Carey on January 31, 2018 Posted in HIPAA/HITECH, Privacy Litigation

On Jan. 3, 2018, the Substance Abuse and Mental Health Services Administration (SAMHSA) issued its final rule regarding the Confidentiality of Substance Use Disorder Patient Records Part 2. These changes become effective Feb. 2, 2018. As background, the Confidentiality of Substance Use Discover Patient Records Part 2 protects patient records maintained in connection with any … Continue Reading

FTC And ASUS Reach Settlement Over Risk To Consumer Privacy In ASUS-Branded Routers

By Kathryn Mellinger and Suchismita Pahi on March 3, 2016 Posted in Online Privacy

To date, the U.S. Federal Trade Commission has brought over 60 enforcement actions regarding company data security practices, and 2016 is already no different. On February 23, 2016, the FTC and Taiwanese computer hardware manufacturer ASUSTeK Computer, Inc., settled the FTC’s charges that ASUS-branded wireless routers, which were manufactured for home use and allowed consumers … Continue Reading

Australia Introduces Draft Privacy Act Amendment Addressing Notification

By Kathryn Mellinger on December 11, 2015 Posted in Data Breaches, Online Privacy

In 2015, several countries introduced new data privacy regulations and approved new data protection regulators. As the year draws to a close, Australia joins the list of countries advancing new data privacy legislation with the Australian government’s recent release of a draft bill amending its Privacy Act to implement a new security incident notification framework. … Continue Reading

Trans-Pacific Partnership Would Promote Cross-Border Data Transfers and Restrict Data Localization

By David M. Brown on November 10, 2015 Posted in International Privacy Law

As U.S. and European regulators and businesses work toward solutions in the wake of last month’s decision by the Court of Justice of the European Union that invalidated the EU-U.S. Safe Harbor framework for cross-border data transfers – previously discussed here and here – the Trans-Pacific Partnership (TPP) trade agreement seeks to facilitate cross-border data … Continue Reading

2015 BakerHostetler Security Incident Response Report Provides Insight Beyond Technical Incidents

By Craig A. Hoffman on August 27, 2015 Posted in Cybersecurity, Data Breaches, HIPAA/HITECH, Incident Response, Information Security, Infrastructure, Retail Industry

There is no longer a debate – security incidents are inevitable. Organizations are working to be better prepared to respond when the first sign of an incident is detected (often at 4:30 p.m. on a Friday). So what kind of incidents should they prepare for and how should they prepare? Annual reports from forensic investigation … Continue Reading

An Ounce of Prevention Is Better (and Cheaper) Than a Pound of Cure: It’s time for a data protection checkup.

By Alan L. Friel on June 8, 2015 Posted in Cybersecurity, Incident Response, Information Governance, Online Privacy

We recently released the first BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our law firm advised on in 2014. The report shows that human error was the number one cause of data security incidents we worked on last year, with employee negligence responsible … Continue Reading

BakerHostetler Named Finalist for Chambers USA Awards “Team of the Year”

By BakerHostetler on March 29, 2015 Posted in News

Our Privacy and Data Protection team has been shortlisted by Chambers and Partners for a Chambers USA Award as “Privacy & Data Security Team of the Year” in recognition of our “outstanding work, strategic growth, and client service excellence” over the past year. We are one of only seven privacy and data security teams in … Continue Reading

Data Security Risk Assessments

By Randal L. Gainer on November 6, 2014 Posted in Cybersecurity

Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. BakerHostetler lawyers have helped hundreds of businesses and other organizations respond to security incidents each year, many of which lead to regulatory investigations, class action lawsuits, or both. We see … Continue Reading

Congress Steps Up its Scrutiny of Data Brokers

By Pamela Jones Harbour on February 17, 2014 Posted in Online Privacy

In keeping with Congress’s heightened focus on privacy practices in the data broker industry, Senators Jay Rockefeller (D-W.Va.) and Ed Markey (D-Mass.) introduced a bill that would require increased transparency and accountability in the collection and sale of private consumer data. Describing data brokers as operating a “shadow industry” with “very little scrutiny and oversight,” … Continue Reading

Massachusetts Follows California in Finding Retailers Vulnerable to Suit for Collecting Zip Codes in Credit Card Transactions

By Michael Young on March 15, 2013 Posted in Payment Card Industry, State Legislation

Earlier this month, the Massachusetts Supreme Court issued an opinion holding that zip codes “may well qualify” as personally identifiable information under the Massachusetts law controlling the treatment of PII in credit card transactions. The Massachusetts case echoes a 2011 ruling from the California Supreme Court which similarly held zip codes to be PII. Like the earlier California case, the … Continue Reading