Privacy & Cybersecurity

There’s no doubt businesses in the EU and US would breathe a sigh of relief if a new Safe Harbor agreement is put in place between before European data protection authorities start prosecuting companies for potentially illegal personal data transfers to the US. 

We may only be three weeks into 2016, but the Telephone Consumer Protection Act (“TCPA”) has already received a considerable amount of attention this year.

The European Court of Human Rights recently ruled in Bărbulescu v. Romania (Application no. 61496/08) that a Romanian employer did not violate its employee’s fundamental right of privacy when the employer accessed personal messages in the employee’s Yahoo! Messenger account.

“Wetware” – coder slang for biological life forms (i.e., people) – is the weak link in most companies’ data security protections, according to a new data security report issued by the Association of Corporate Counsel (ACC). 

The 2016 lists are starting to be released by regulatory agencies in the United States, giving a heads' up to covered entities as to what compliance issues will take front and center this year.  Once again, the Office of Compliance Inspection (OCIE) of the US Securities & Exchange Commission (SEC) has put cybersecurity on the top of its examination priorities.

A Massachusetts Superior Court judge held that a plaintiff has standing to sue for money damages based on the mere exposure of plaintiff’s private information in an alleged data breach.

Just at the end of 2015, the Cybersecurity Information Sharing Act (CISA) was enacted into law as part of the omnibus spending measure passed by Congress and signed by President Obama at right before Christmas. 

The European Union Commission has issued a fact sheet on the new General Data Protection Regulation (final post-trilogue text available via Statewatch).  The Commission claims that the Regulation is good for individuals and good for business.

Don’t forget to join us tomorrow afternoon – Tuesday – at 1 PM ET for a webinar discussion on the New EU General Data Protection Regulation. What's next? What are the key changes? What do you need to do to prepare?

As expected, the EU Parliament's Committee on Civil Liberties, Justice and Home Affairs (also known as LIBE) voted today to adopt the new General Data Protection Regulation.

The new General Data Protection Regulation is effectively a “done deal” following the final trilogue meeting on December 15. One might assume based on UK media coverage that the biggest change in EU privacy law is that kids under 16 will need their parent’s consent to sign up for social media services and apps.

The EU has announced that the Commission, Parliament and Council have reached agreement on the final shape of the General Data Protection Regulation. The official version will be available early in 2016, but we will be reviewing the details that have been made available so far and providing further information here over the next couple of days.

As the year winds down, we look back with a mixture of nostalgia and queasiness on the major Health Insurance Portability and Accountability Act (HIPAA) events that defined 2015. Incredibly large data breaches became disturbingly routine, calling into question the ability of insurers and providers to protect their increasingly large troves of sensitive health information.

The years-long saga of the Federal Trade Commission’s suit against Wyndham Hotels over data breaches that occurred at least as early as April 2008 is finally coming to an end with a proposed settlement filed today with the court. 

Industry groups representing a diverse range of companies in the retail, technology, financial, and utility industries filed eight amicus briefs last week in the D.C. Circuit supporting challenges to the Federal Communications Commission’s (“FCC”) recently adopted order that expanded the agency’s rules under the Telephone Consumer Protection Act (“TCPA”).

The negotiations between the EU and the US for a new data transfer agreement to replace the struck-down Safe Harbor program continue as the clock ticks down to the enforcement deadline of January 31, 2016 (as declared by the EU’s national data protection authorities via the Article 29 Working Party).

The recent data breach of Hong Kong-based electronic toy manufacturer VTech Holdings Limited (“VTech” or the “Company”) is making headlines around the world for good reason: it exposed sensitive personal information of over 11 million parents and children users of VTech’s Learning Lodge app store, Kid Connect network, and PlanetVTech in 16 countries!

Two years after the massive holiday season theft of customers’ payment card data from Target point of sale terminals, the Target data breach litigation appears to be entering its final act. 

The webinar on Post-Safe Harbor Update & Cross-Border Data Transfer Issues for Life Sciences Companies that was originally scheduled for today is being postponed and will take place after the holidays. We will announce a new date shortly.

In a decision almost a year in the making, the Third Circuit’s recent opinion in In re Google Inc. Cookie Placement Privacy Litig. (3d Cir. Nov. 10, 2015),  (“Google”), reversed a trial court order dismissing a lawsuit alleging that Google and other internet advertising companies circumvented cookie-blocking technology in Safari and Internet Explorer web browsers.