Privacy & Cybersecurity

The European Commission has finally made the draft text of the EU-US Privacy Shield program available. The Privacy Shield program, which was agreed to in principle by US and EU negotiators nearly four weeks ago, will replace the Safe Harbor program that was struck down last autumn by the Court of Justice of the EU.

Yesterday, we reviewed the staggering numbers in California Attorney General Kamala Harris' 2016 Data Breach Report.

California Attorney General Kamala Harris has released a report of the data breaches that have been reported to her office from 2012 until 2015.

In a chain of events that should be a wake-up call to any entity using and storing critical health information (and indeed, ANY kind of critical information), Hollywood Presbyterian Medical Center (“HPMC”) has announced that it paid hackers $17,000 to end a ransomware attack on the hospital’s computer systems.

This week, the Federal government took the first steps toward implementation of the The Cybersecurity Information Sharing Act (CISA), enacted into law last December. 

The amended Judicial Redress Act has passed the House and is on its way to the president to be signed into law.  

The US Senate passed the amended version of the Judicial Redress Act on February 9. The amendments, which tie the Umbrella Agreement to Safe Harbor 2.0 (now dubbed the US-EU "Privacy Shield"), now go back to the House for approval.

As we’ve discussed previously, the GDPR significantly limits user consent as a basis for processing personal data. One interesting question is whether the new rules on consent will kill free apps in Europe. 

Recent enforcement actions by the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) have highlighted that, not surprisingly, covered Entities should not leave medical records in a physician’s driveway and should not dispose of protected health information (“PHI”) in a dumpster from an action against a home health care provider announced yesterday, we can now add to that list the fact that PHI should not be stored under an employee’s bed or in a kitchen drawer.

The European Commission has issued a press release that gives an outline of some key changes to the EU-US safe harbor, now dubbed the "Privacy Shield."

No news is not good news this time. The January 31 deadline for getting a new Safe Harbor Agreement in place came and went last weekend.  

According to press reports, European Union and U.S. negotiators in Brussels finalized what is being called a "political agreement" on a new Safe Harbor transatlantic data transfer agreement. European Union justice commissioner Vera Jourová will present the agreement to the European Commission's 28 commissioners today.

If you would like to learn more about the politics and law behind the current Safe Harbor 2.0 negotiations, download the podcast of Running Aground in the Surveillance Safe Harbor, a teleforum hosted by the Federalist Society.  

One of the fascinating aspects of the privacy-related negotiations between the EU and the US over the past couple of years has been the EU’s efforts to decouple trade (e.g, TTIP) and security-related negotiations from the Safe Harbor 2.0 negotiations.

There’s no doubt businesses in the EU and US would breathe a sigh of relief if a new Safe Harbor agreement is put in place between before European data protection authorities start prosecuting companies for potentially illegal personal data transfers to the US. 

We may only be three weeks into 2016, but the Telephone Consumer Protection Act (“TCPA”) has already received a considerable amount of attention this year.

The European Court of Human Rights recently ruled in Bărbulescu v. Romania (Application no. 61496/08) that a Romanian employer did not violate its employee’s fundamental right of privacy when the employer accessed personal messages in the employee’s Yahoo! Messenger account.

“Wetware” – coder slang for biological life forms (i.e., people) – is the weak link in most companies’ data security protections, according to a new data security report issued by the Association of Corporate Counsel (ACC). 

The 2016 lists are starting to be released by regulatory agencies in the United States, giving a heads' up to covered entities as to what compliance issues will take front and center this year.  Once again, the Office of Compliance Inspection (OCIE) of the US Securities & Exchange Commission (SEC) has put cybersecurity on the top of its examination priorities.

A Massachusetts Superior Court judge held that a plaintiff has standing to sue for money damages based on the mere exposure of plaintiff’s private information in an alleged data breach.