Skip to main content

Privacy & Cybersecurity

Viewpoints

Filter by:

The European Parliament passed a resolution today strongly criticizing Privacy Shield and recommending that Privacy Shield be suspended as of September 1, 2018, if the US doesn’t shape up by that deadline.  Should US companies that rely on Privacy Shield panic?
The Supreme Court ruled, at the end of June, that seizing cell-site location information—data that tracks cell phone users’ movements—constitutes a search under the Fourth Amendment.
In its most recent Cybersecurity Newsletter, OCR focuses on the intersection of HIPAA and information security.  To be sure, HIPAA requires covered entities and business associates to address their organizations’ information security.
June 28, 2018 will be a watershed day in the history of U.S. data privacy legislation.   California has become the first state to move away from the U.S. approach of legislating data privacy in slow bits.  
Manufacturers of wireless devices used for Internet of Things (IoT) applications should take heed of new Trump Administration proposals aimed at reducing the cybersecurity threats from botnets and other automated and distributed attacks.
In the latest decision concerning standing in data breach cases, the Fourth Circuit has vacated a district court’s dismissal and reinstated putative class action data breach litigation against the National Board of Examiners in Optometry Inc. (“NBEO”).

HIPAA Tips from the Trenches

June 14, 2018| Blog

Earlier this week, I moderated a panel discussion at an event hosted by the New York chapter of the Health Information and Management Systems Society (HIMSS). The panel was comprised of private sector health information technology and security experts and was tasked with discussing challenges related to the interoperability and security of health information systems.
The Federal Communications Commission (“FCC”) is reconsidering several issues central to TCPA liability, including what equipment constitutes an automatic telephone dialing system ((“ATDS”) and who the “called party” is when a wireless number has been reassigned.
The Federal Communications Commission (“FCC”) is reconsidering several issues central to TCPA liability, including what equipment constitutes an automatic telephone dialing system ((“ATDS”) and who the “called party” is when a wireless number has been reassigned.
Our previous post discussed the decision in Marshall v. CBE Group, Inc., which completely rejected the FCC’s broad interpretation of an ATDS and found in favor of the defendant. Since then, another district court in the Ninth Circuit has followed suit, but three others in the Eleventh Circuit have concluded that the FCC’s 2003 Order survives ACA Int’l. It could behoove some TCPA defendants to seek stays while this circuit split is sorted out or until after the FCC clarifies its position on the ATDS issue following ACA Int’l.
Recently, a new bill was signed by Colorado Governor John Hickenlooper, creating far reaching new requirements for entities that collect or maintain personal identifying information of Colorado residents. These requirements, which will create one of the strictest state based privacy and data breach laws in the country, will go into effect September 1, 2018. 
The May 2018 cyber security newsletter from the U.S. Department of Health and Human Services Office for Civil Rights (OCR) focused on a topic often overlooked by covered entities and their business associates: physical security.

HAPPY GDPR DAY!!

May 25, 2018| Blog

If you glance at the “countdown clock” in the left hand sidebar of our blog, you’ll see that it has reached 00:00:00. GDPR Day is here. But, unlike Y2K (for those of you old enough to remember the near-hysteria), 25 May 2018 is only the beginning of the GDPR compliance road and not a “completion date.”

Still Thinking about GDPR?

May 15, 2018| Blog

We are now in the 10-day countdown to the GDPR enforcement date that we’ve been talking about since 2015. If you are a charter member of Procrastinators Anonymous, or just secretly hoped that this would all go away, the sands in the hourglass are running low.
Comments on the FCC’s Second Further Notice of Proposed Rulemaking (FNPRM) are due on June 7, and replies are due by July 9. The second FNPRM was adopted at the March Commission Meeting and seeks input on the adoption of a reassigned numbers database that businesses could check to avoid making unwanted calls to a new subscriber whose number was previously assigned to a consumer who had consented to receiving their calls.

On May 3, the Peer-to-Peer Alliance (P2P Alliance) filed a Petition for Clarification asking the FCC to clarify that P2P text messages to mobile numbers are not subject to TCPA restrictions. It explained that P2P messaging is often used by universities, nonprofits, businesses, and political organizations to communicate with individuals with whom they already have a relationship.
On April 23, the FCC and FTC hosted a joint expo aimed at stopping illegal robocalls through technological solutions. The expo showcased innovative technologies, devices, and applications that minimize or eliminate the number of illegal robocalls consumers receive. The expo was held one month after the FCC and FTC’s Joint Policy Forum on fighting illegal robocalls, and in between the Senate Commerce and House Energy & Commerce Committee hearings on the same topic.
As we wrote in a previous post, on March 16, 2018 the US Court of Appeals for the District of Columbia Circuit released its highly anticipated decision in ACA International v. Federal Communications Commission. Among other things, the DC Circuit set aside the Commission’s explanation of which devices qualified as Automatic Telephone Dialing Systems under the Telephone Consumer Protection Act. Though the decision has been out for less than two months, courts in the Ninth Circuit have taken notice.
The North American Numbering Council (NANC), a federal advisory committee established by the FCC, delivered a call authentication report to the FCC on May 3. The report was developed by the Call Authentication Trust Anchor Working Group (CATA WG) and approved by NANC on April 27. It “details a framework for call authentication that can more quickly be established than various alternatives, while obtaining the broadest participation of industry.”
Every month, robocalls make up the majority of Do Not Call registry complaints at the Federal Trade Commission (FTC). The FCC estimated that in March 2018 approximately 3 billion robocalls were placed. In an effort to combat these illegal robocalls, the Senate Commerce Committee and the House Energy & Commerce Committee each held a hearing regarding these illegal robocalls and asked witnesses for ideas on how to combat this rampant problem.

Explore Other Viewpoints: