Tag Archives: PII

FERPA Disclosures in Response to COVID-19

Photo of Lynn SessionsPhoto of Benjamin WellsBy Lynn Sessions and Benjamin Wells on Posted in Education
The United States Department of Education (ED) Student Privacy Policy Office (SPPO), on March 13, 2020, issued Frequently Asked Questions related to the serious novel coronavirus disease (COVID-19) that the world is now grappling with. This FAQ document mirrors in large part the same line of advice found in ED’s prior Joint Guidance with Health … Continue Reading

Deeper Dive: The Landscape of Healthcare Data Breaches

Photo of Lynn SessionsPhoto of Patrick H. HaggertyPhoto of Kimberly GordyBy Lynn Sessions, Patrick H. Haggerty and Kimberly Gordy on Posted in HIPAA/HITECH, Medical Privacy
Healthcare was the industry most affected by data breaches in 2018. We worked on nearly 200 healthcare matters involving multispecialty academic medical centers, hospital systems, small and large physician practices, small and large health insurers, and biotech and pharmaceutical companies. In 2018, health information alone was just behind Social Security numbers (which can also be … Continue Reading

FCC’s Final Privacy Rule – How Final Is It?

By Alan L. Friel and Suchismita Pahi on Posted in Cybersecurity
The Federal Communications Commission (FCC) adopted an order on Oct. 27, 2016, which started to go into effect this month, regarding privacy and data security obligations for broadband internet access service (BIAS) providers and other telecommunications carriers under its jurisdiction, which were expanded in 2015 by the Open Internet rules (Privacy rule). Buzz around the … Continue Reading

New Cop on the Block – FCC’s Proposed Data Privacy and Security Rulemaking for Broadband Internet Access Providers

By Alan L. Friel and Suchismita Pahi on Posted in Cybersecurity
In 2015, the Federal Communications Commission (FCC or global Commission) issued its Open Internet Order, applying Section 222 of the federal Communications Act to broadband Internet access services (BIAS), and in doing so took jurisdiction over privacy and data security matters for Internet Service Providers (ISPs). In doing so, it declined requests by some advocacy … Continue Reading

Wyoming Broadens Data Breach Notification Law

By Charles Shih and Will R. Daugherty on Posted in Data Breach Notification Laws
Wyoming recently joined the list of states passing laws that broaden the scope of their data breach notification laws. On March 2, 2015, Wyoming signed into law two bills (S.F. 35 and S.F. 36) that expand the definition of personally identifiable information (PII) and require additional minimum content requirements for notifications to affected individuals. Specifically, … Continue Reading

National Highway Traffic Safety Administration Considers Privacy Implications for New Vehicle-to-Vehicle Technology

By Charles Shih on Posted in Federal Legislation, Geolocation
The Department of Transportation’s National Highway Traffic Safety Administration (“NHTSA”) announced in 2014 that it would begin steps toward implementing vehicle-to-vehicle (“V2V”) technology with an aim toward decreasing the number of traffic accidents on the nation’s roads.  V2V technology allows communication between cars on the road to alert drivers of potential accident situations.  However, with … Continue Reading

Once Again, Clapper Defeats Data Breach Class Action

By Judy Selby on Posted in Data Breaches, Identity Theft, Online Privacy, Privacy Litigation
Article III standing has once again proved to be an insurmountable hurdle for data breach class action plaintiffs whose personal information hasn’t been misused.  In Galaria v. Nationwide Mutual Insurance Co., an Ohio federal court relied on the United States Supreme Court’s decision in Clapper v. Amnesty Intern. USA, 133 S.Ct. 1138 (2013), and held … Continue Reading

Massachusetts Follows California in Finding Retailers Vulnerable to Suit for Collecting Zip Codes in Credit Card Transactions

By Michael Young on Posted in Payment Card Industry, State Legislation
Earlier this month, the Massachusetts Supreme Court issued an opinion holding that zip codes “may well qualify” as personally identifiable information under the Massachusetts law controlling the treatment of PII in credit card transactions. The Massachusetts case echoes a 2011 ruling from the California Supreme Court which similarly held zip codes to be PII. Like the earlier California case, the … Continue Reading

It’s Raining PII in New York

By Judy Selby on Posted in Identity Theft
On November 25, 2012, the front page of the New York Post blasted the headline, “Drop Secret. Shred Alert! Covert cop files used as parade confetti.” The Post reported that shredded files appearing to contain material from Long Island’s Nassau County Police Department were dropped during this year’s Thanksgiving Day parade. The confetti reportedly contains … Continue Reading

Kerry & McCain Release Commercial Privacy Bill of Rights

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Behavioral Advertising, Federal Legislation, Online Privacy
Senators John Kerry and John McCain introduced the Commercial Privacy Bill of Rights at a press conference today.  The stated purpose of the bill is to “establish rights to protect every American when it comes to the collection, use, and dissemination of their personally identifiable information (PII).”  According to a summary of the bill released by … Continue Reading
LexBlog