Not only the last Monday in June, but the last day of June. There are quite a few privacy-related things taking effect tomorrow, July 1. Some reminders: Florida Amendments to Data Breach Notification Law The Florida Information Protection Act of 2014 (“FIPA”) takes effect tomorrow. The FIPA essentially repeals Florida’s existing data breach notification law and… Continue Reading
Monthly Archives: June 2014
Wyndham Gets Life Preserver in Data Breach Case
Posted in Data Breach, Data Breach Notification, Federal Trade Commission, Privacy LitigationWritten by Adam Veness New Jersey U.S. District Judge Esther Salas agreed to allow Wyndham Hotels and Resorts LLC to immediately appeal to the Third Circuit a ruling affirming the FTC’s authority to bring data security cases. We have been following this case since the beginning, and you can see our last post here. Judge Salas… Continue Reading
SCOTUS to Police on Cellphone Searches: “Get a warrant”
Posted in Privacy LitigationFinding that cellphones contain the “privacies of life”, the U.S. Supreme Court issued a broad endorsement of cell phone privacy, unanimously holding that law enforcement may not search digital information seized from an arrestee’s person without first obtaining a warrant. The high court was persuaded by the massive quantity of evidence, distinct types of information… Continue Reading
D’oh! OCR Confirms that Medical Records Should Not be Left in the Driveway
Posted in Data Breach, Data Breach Notification, HIPAA/HITECHWritten by Dianne J. Bourque (reprinted from Mintz Levin’s Health Law Policy Matters blog) The most recent Office for Civil Rights (“OCR”) HIPAA enforcement action serves as an important reminder to health care providers of the security risks associated with a mishandled medical records custody transfer and the risks of leaving paper records in the… Continue Reading
To our US Readers: Your Privacy & Security Matters Blog Public Service for Thursday, June 26
Posted in UncategorizedMassachusetts High Court Permits Compelled Decryption of Seized Digital Evidence
Posted in Privacy LitigationWritten by Matthew D. Levitt Today, in Commonwealth v. Gelfgatt, No. SJC-11358 (Mass. June 25, 2014), a divided Massachusetts Supreme Judicial Court held that under certain circumstances, a court may compel a criminal defendant to provide the password to encrypted digital evidence seized by the government without violating either the Fifth Amendment or Article Twelve… Continue Reading
Privacy Monday – June 23, 2014
Posted in Cybersecurity, Data Breach, Data Compliance & Security, Privacy MondayDC Update from Politico Morning Tech “DATA BREACH DRAFT DELAYED – The thorny issue of FTC enforcement has slowed efforts to release a draft of Rep. Lee Terry’s data breach bill, according to sources close to the process. Terry had hoped to release the draft he’s been working on with Democrats John Dingell and Peter… Continue Reading
Five Lessons from OCR’s Report to Congress on Breaches and HIPAA Rules Compliance
Posted in Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy Regulation, SecurityWritten by Stephanie D. Willis and Dianne J. Bourque (republished from Mintz Levin’s Health Law Policy Matters blog) Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured Protected Information… Continue Reading
Round Two for Snapchat: Agreement with the Maryland Attorney General Settling Claims of Consumer Deception and COPPA Violations
Posted in Children, Privacy RegulationWritten by Julia Siripurapu, CIPP Just a little over a month after settling charges of false promises of disappearing user messages (among other things) with the Federal Trade Commission (“FTC”), mobile app developer Snapchat, Inc. (“Snapchat” or “Company”) announced (blog post) that on June 12th the Company entered into an agreement with the Office of… Continue Reading
“May I have your ZIP Code?” Retailers may want to read this….
Posted in Cyber Risks Boardroom Series, Insurance, Privacy LitigationWritten by Nancy Adams, CPCU There are only a handful of decisions addressing whether a commercial general liability (CGL) policy provides coverage for lawsuits brought against retailers allegedly collecting their customers’ ZIP code information. Thus, when a decision is issued in this area, particularly a decision denying coverage, it is noteworthy. Recently, in OneBeacon American… Continue Reading
Privacy Tuesday – June 17, 2014
Posted in Cybersecurity, HIPAA/HITECH, Privacy MondayWhat’s that old saying … “a day late and a dollar short?” Here is our Privacy Monday roundup … on Tuesday. Office for Civil Rights HIPAA Crackdown? The Office for Civil Rights (OCR) — the enforcement arm of the Department of Health and Human Services — has been quite busy since June of 2013. Nine settlements… Continue Reading
Calling All Boards of Directors: Four Recommendations from the SEC
Posted in Cyber Risks Boardroom Series, Cybersecurity, Privacy RegulationWritten by Adam Veness SEC Commissioner Luis Aguilar recently spoke at the New York Stock Exchange Conference “Cyber Risks and the Boardroom.” In his speech, Commissioner Aguilar emphasized the importance of cybersecurity and how fast the need for cybersecurity has grown in such a short time period, pointing out that U.S. companies experienced a 42%… Continue Reading
Privacy Monday: June 9, 2014
Posted in Privacy MondayWelcome to another week, and our Privacy Monday look at top issues. California Attorney General Puts the Focus on the Consumer As we have discussed here, the California Online Privacy Protection Act was amended, effective January 1, 2014 — and the amendment raised more questions than it answered. The California Attorney General’s office has published… Continue Reading
Health Data Breach Victims Have Standing to Sue Says WV Supreme Court
Posted in Data Breach, HIPAA/HITECH, Privacy LitigationThe most common defense against class actions for data breach has itself been breached in a ruling last week by the West Virginia Supreme Court. The Court’s opinion held that representatives of the class of medical clinic patients whose names, contact details, social security numbers and medical information had been accidentally posted to a publicly… Continue Reading
Protecting Attorney-Client Privilege: Making Sure What’s Said In House Stays In House
Posted in HIPAA/HITECH, UncategorizedAttorney-client privilege, and how to ensure that advice and counsel to their clients is covered by the privilege, is always a top-of-mind issue for in-house counsel, particularly with respect to compliance questions. The privacy office does not always report into the legal department in all companies. Therefore, when it comes to data breach compliance and privacy advice, privacy… Continue Reading
Privacy Monday – June 2, 2014
Posted in Privacy MondayThe first Monday in June is also the first Monday of meterological summer -and a welcome sight after a brutally-long winter for many of our readers. So, here’s to a happy Summer! Google Receives 12,000 Take-Down Requests on Day One According to Agence France Presse, as a result of the European Court of Justice’s decision in… Continue Reading
