Perspectives on Privacy, Data Protection & Data Security

The Federal Trade Commission recently asserted its data security authority in two recent back-to-back enforcement actions, only a day apart from each other.

On June 24, 2016, the non-profit Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule with the U.S. Department of Health and Human Services (HHS).

Ransomware is old news – it has been around at least since 1989 – but it has only now started to attract widespread attention.

The GDPR lays out requirements for organizations that process EU residents’ data and generally provides people increased control over their personal data.

After months of negotiations, it’s official: the EU-US Privacy Shield has been formally approved on both sides of the Atlantic, by the EU Commission and the US Commerce Department, despite concerns surrounding the adequacy of its earlier version.

Recent reports indicate that advertising fraud is not only increasing but is now being run by groups alongside otherwise legitimate advertising businesses. 

On Monday, July 11, 2016, the Office for Civil Rights (OCR) released a fact sheet with guidance for covered entities and business associates on HIPAA and ransomware.

Mobile advertising company InMobi, whose advertising network reaches more than one billion devices worldwide through thousands of apps, has settled with the Federal Trade Commission over charges that it “deceptively tracked” the locations of hundreds of millions of consumers without their knowledge

In St. Paul Mercury Insurance Company v. Tessera, Inc., the federal court held that a lawsuit against an insured alleging a breach of a license agreement did not constitute a violation of an intellectual property right.

Data breaches continue to complicate the interpretation and understanding of commercial insurance policies. But even as courts confront thorny questions presented by cyber security policies, they continue to rely on long-standing principles of insurance and contract law.

Consumer advocate groups—Public Knowledge, Consumer Watchdog, Center for Digital Democracy, Consumer Action, TURN-The Utility Reform Network and Consumer Federation of America—recently filed a complaint with the Federal Trade Commission and a petition with the Federal Communications Commission agai

From automated cars, syncing software, to wearable devices that interact with a vehicle, it is clear that our time in the car is under an era of rapid change.

A German data protection regulator reportedly fined 3 companies—Adobe Systems, Punica, and Unilever—a total of 28,000 euros ($32,000) for continuing to rely on the Safe Harbor framework.

On May 25, 2016, the White House released its much anticipated Data Security Policy Principles and Framework (Security Framework) for President Obama’s Precision Medicine Initiative (PMI).

The concept of standing – that a plaintiff must have suffered a concrete injury in order to bring a lawsuit – is a bedrock legal principle. But, like so many other fundamental legal concepts, the rise and importance of the internet and digital commerce has consistently complicated its application.

On Monday, the US Supreme Court sent a potential class action case back to the Ninth Circuit for reconsideration, marking an intermediary win for Spokeo Inc., which uses a “people search engine” to find, compile, and sell publicly available personal information.

The California Office of the Attorney General (OAG) recently released a report detailing a comprehensive analysis of the data breaches reported to the OAG between 2012 and 2015.

The Federal Trade Commission recently issued warning letters to companies whose mobile applications contain cutting-edge software that can monitor consumers’ television viewing habits.

Anthony Lupo will speak on a panel at the 2016 Legal & Regulatory Conference hosted by the Personal Care Products Council.

On April 14, 2016, the European Union formally adopted a new scheme – known as the EU General Data Protection Regulation (GDPR) – to protect the personal data of European residents.

Data breach notifications may be more common in Tennessee. Notably, the Governor recently signed into law a bill updating the current breach notification requirements by (a) requiring notice even where data is encrypted, (b) requiring notice within 45 days of discovery of the breach (barring a law e

On April 13, 2016, the Article 29 Working Party released its opinion on the EU-US Privacy Shield.