In a recent decision from the District of Massachusetts, the alleged perpetrator of cyber-attacks against Wayside Youth and Family Support Network and Boston Children’s Hospital (“BCH”) failed in his attempt to assert a novel defense: necessity. In what most would view as a positive development, the court found that the defendant and alleged hacker did not “offer competent evidence that it was objectively reasonable to anticipate a causal relationship between the alleged cyber attack and the purported harm to be averted.”… More
On July 19, the Federal Energy Regulatory Commission (“FERC” or “Commission”), pursuant to its authority under section 215 of the Federal Power Act, issued a final rule directing the North American Electric Reliability Corporation (“NERC”) to develop modifications to NERC’s Reliability Standards as they relate to cyber security incidents. Issuance of the final rule is timely. A recent news article described hackers’ successful infiltration of the control rooms of multiple electric utilities.… More
Partner Colin Zick will join Naomi Leach, Senior Associate, Data Protection at Stephenson Harwood, and Lana Gladstein, Vice President and General Counsel at Brammer Bio, for a MassBio program on July 31 entitled The Era of GDPR Data Privacy, Two Months In: Do you have a Data Transfer Agreement handy?
The GDPR Data Privacy Law has been in effect since May 25,… More
The California Consumer Privacy Act of 2018 (the “CCPA”) was signed into law on June 28, 2018. Although it is a state law, it has national and international ramifications. Here are some key aspects to be aware of.
1. Effective date
The law is slated to go into effect on January 1, 2020. However, the California State Legislature has the option of offering amendments to alter the law between now and its effective date,… More
We posted earlier this year about increased scrutiny of cryptocurrency advertising, especially the promotion of Initial Coin Offerings, or ICOs. The key takeaway from that post was that the frenzy around cryptocurrencies – including as an investment opportunity for individuals who aren’t otherwise active investors – has led to a number of efforts to curtail cryptocurrency promotion, from both regulators and industry stakeholders.… More
As if having to deal with all the EU’s Data Protection Authorities wasn’t challenge enough for companies trying to comply with GDPR, the FTC has now asserted that it has a role in GDPR enforcement. In particular, the FTC says it has a role in making sure that US companies live up to the GDPR-related promises that they make. This position came to fruition in a proposed FTC settlement with California-based employment training company,… More
The EU-US Privacy Shield, a framework that allows companies to transfer personal data from the EU to the US in compliance with the GDPR, has been under fire for not providing adequate protection to EU citizens. As Foley noted in 2017, the EU’s Article 29 Working Party (now the European Data Protection Board) identified “a number of significant concerns” with the Privacy Shield in the Working Party’s First Annual Joint Review,… More
With legislative activity last month in Louisiana, South Carolina, Vermont, and Colorado adding to activity in South Dakota, Arizona, Oregon, and Alabama earlier in the year, it appears that 2018 could be a significant year for state information privacy law reform. Much has been predicted in this area following the enactment in 2017 of significant regulations in New York and the passage of substantial amendments to a statute in Illinois both of which were aimed at protecting against data breaches.… More
It was my pleasure yesterday to speak at MedInnovation Boston 2018, and deliver a presentation on “The Interplay of HIPAA, Privacy and Data Security Principles, and Health Information Interoperability“. With constantly evolving technology and the new GDPR legal framework. achieving interoperability seems harder than ever. More