Friend or Foe? State Attorneys General Start to Change Their Tune on Industry & Cybersecurity

Should businesses be thought of as victims or bad actors when it comes to data breaches?  State attorneys general are embracing the idea that businesses are not necessarily adversaries in the struggle to protect sensitive consumer information.  Over the past several years state attorneys general have exerted efforts to both educate businesses as to their data privacy responsibilities, and collaborate with businesses in constructing more robust cybersecurity policies.  The spotlight now is on the Ohio Attorney General,… More

Want to Know Why Memorial Healthcare Systems Is Paying HHS OCR $5.5 Million?

On February 16, 2017, HHS OCR announced that Memorial Healthcare Systems (MHS) had paid the U.S. Department of Health and Human Services (HHS) $5.5 million to settle potential violations of HIPAA’s Privacy and Security Rules and agreed to implement a “robust” three year corrective action plan and resolution agreement.  Why did MHS pay so much?  A long-term failure to close security holes that led to identity theft and fraudulent tax returns.… More

Webinar on March 16: Internet Takedowns and Domain Name Disputes for the Generalist In-House Counsel

As all aspects of business inexorably shift toward online, it is not surprising that intellectual property infringement, cybersquatting, and related internet abuses abound. Luckily, there are various procedures available by which aggrieved companies can seek relief short of litigation.

Foley Hoag will present a 60-minute webinar on Thursday, March 16 at 12:30 pm EDT offering guidance for in-house counsel regarding internet takedowns and domain name disputes,… More

Court Declines to Issue Seizure Order under Defend Trade Secrets Act

As we previously reported, the federal Defend Trade Secrets Act (DTSA) enacted last May includes a powerful ex parte seizure proceeding that allows courts in “extraordinary circumstances” to order the seizure of property necessary to prevent the immediate dissemination of trade secrets.

Last month, the Northern District of California issued one of the first (if not the first) decision on an ex parte seizure request under the new statute. … More

Make Cybersecurity Great Again? Cybersecurity Challenges — and Opportunities — for the Trump Administration

The Trump Administration has taken office at a time when cybersecurity has increasingly entered the public consciousness as a major challenge facing both the United States government and the business community.  Cyberattacks from both criminal and state actors have bedeviled businesses and roiled politics over the past year.  Against this backdrop, the administration has professed a strong commitment to cybersecurity, for instance designating former New York City Mayor Rudy Giuliani as a high-profile cybersecurity liaison to the private sector,… More

Hey, Alexa – Tell Me About My Privacy Rights!

For internet-of-things watchers, some information to chew on:  several news outlets have reported on a dispute between Amazon and law enforcement investigators in Bentonville, Arkansas.  Arkansas police are investigating an apparent homicide that took place in November 2015, and have charged one suspect with murder.  Searching the house where the crime took place, investigators uncovered an Amazon Echo device, a personal digital assistant that can be activated by voice commands.… More

The European Watchdogs Issue First Guidelines On GDPR

The new (EU) 2016/679 General Data Protection Regulation (GDPR) will enter into force on 25 May 2018. Its scope is broader than that of the current 95/46/CE Directive, which means that more companies headquartered outside of the EU will have to comply with European data protection rules than under the current regime.

The 95/46/CE Directive set up a European body, the Article 29 Working Party,… More

Cybersecurity Incident Response: Who You Gonna Call?

Who should you call when you suspect, or are certain of, a data breach?  Data breaches and other cybersecurity incidents have become of a fact of life.  Yahoo! recently disclosed that data for over one billion users was compromised in 2013.  Hundreds of incidents affecting millions of records were reported in 2016 alone.  So when — not if — your company suffers a breach,… More

A Privacy Shield Replaces a Safe Harbor for the Swiss, Too

US companies with employees or clients in Switzerland will be interested to hear that the new Swiss-US Privacy Shield was approved on 11 January.

Although Switzerland is not a member of the European Union, its data protection law (Federal law of ‎19 June 1992) is very similar to the European 1995 Data Protection Directive. According to the Federal law, the transfer of personal data outside of the country is not allowed if that would pose a serious threat,… More

Foot-Dragging on HIPAA Breach Notice Costs Illinois Health System

Written by James Swann | This article was originally published in Bloomberg BNA Health Care Daily Report

An Illinois health system has reached a $475,000 settlement over allegations it waited too long to report a data breach, the first time the government has settled over untimely breach notifications.

Presence Health uncovered a data breach on Oct. 22, 2013 affecting 836 individuals,… More