Tag Archives: enforcement

AG Healey Issues Guidance to Schools and Health Care Providers on Immigration Enforcement Issues

In the wake of several executive orders on immigration, ICE—the federal agency responsible for enforcing the nation’s immigration laws—has ramped up enforcement activities. As a result, local public school districts and health care providers in Massachusetts have asked the Attorney General about their rights and obligations with respect to the undocumented students and patients they serve. On May 22, 2017, the AG issued comprehensive guidance to answer their questions.… More

Which U.S. Businesses Must Comply with EU Data Protection laws?

What the recent Amazon decision tells us

On 28 July 2016, the European Court of Justice rendered a decision in a dispute between an Austrian Consumer Protection organization known as VKI (Verein für Konsumenteninformation) and Amazon EU Sàrl, a subsidiary of Amazon registered in Luxembourg. The main issue in this case is whether Amazon General Conditions were enforceable under Consumer Law; however; one of the questions referred to the European Court was about the territorial scope (Article 4) of the 95/46/EC Directive on Data Protection.… More

At Long Last, US-EU Privacy Shield Adopted By EU Member States

Key takeaways:

  • The Privacy Shield will now go into effect.
  • The preliminary start date for companies to be certified under the Privacy Shield is August 1, 2016.
  • Expect more challenges to the Privacy Shield before all is said and done.

The Details:

Following the invalidation of the US-EU Safe Harbor by the European Court of Justice in the Schrems case,… More

OCR Releases Video Guidance on Provision of Medical Records

The summer movie season is now officially in full swing, with the release of three informational videos regarding HIPAA and the right of individuals to access their medical records, published by the Office of Civil Rights of the Department of Health and Human Services. 

The video trilogy, and accompanying infographic, are the eagerly-awaited sequel to OCR’s guidance “Individuals’ Right under HIPAA to Access their Health Information 45 CFR § 164.525,” issued earlier this year. … More

Details of the EU-U.S. Privacy Shield Framework Unveiled

The content of the Privacy Shield was made public yesterday and today.us eu

The new framework dedicated to the EU / US flow of personal data is in fact a combination of several documents issued by the US and the EU.

On the US side, we have a letter sent by the U.S. Secretary of Commerce Penny Pritzker on 23 February 2016 to EU Commissioner Věra Jourová including the “package of EU-US Privacy Shield materials” (of 128 pages) which is made of 6 letters issued by various US officials (see details at the end of this article).… More

In Cybersecurity, No Harm Does Not Necessarily Mean No Foul

This article was originally published in Law360 with permission to reprint.

How much does the question of harm matter in cybersecurity law? The answer is: It depends on who is bringing the claim.

Businesses confronting data breaches can face litigation from private consumers as well as from governmental entities. Managing litigation risk varies in these contexts because of the limitations of bringing private rights of action.… More

EU Commission and United States agree on new framework for transatlantic data flows: EU-US Privacy Shield

What follows below is the EU’s press release regarding the agreement on a replacement for the EU-US Safe Harbor.  We are working to get details and will schedule a webinar on the new framework shortly.

***

The European Commission and the United States have agreed on a new framework for transatlantic data flows: the EU-US Privacy Shield.

Today, the College of Commissioners approved the political agreement reached and has mandated Vice-President Ansip and Commissioner Jourová to prepare the necessary steps to put in place the new arrangement.… More

European Union Agrees On a New Data Protection Framework To Replace the 95/46/CE Directive: Meet the “General Data Protection Regulation”

On 15 December 2015, the three main European institutions, the Commission, the Parliament and the Council, agreed on the final text of the General Data Protection Regulation (GDPR) which has been on the table since January 2012. This is a major achievement, given the number of obstacles that still needed to be overcome a few weeks ago in order to meet the end of 2015 deadline for finalizing the GDPR. … More

Wyndham and FTC Settle Data Breach Lawsuit: Implications

Today, Wyndham and the FTC settled the enforcement action brought by the FTC that had led to a significant decision by the Third Circuit in August of this year.  (Wyndham’s statement on the settlement can be found here; the FTC’s statement can be found here; my earlier analysis of the Third Circuit’s decision can be found here.)  While the details of the settlement are interesting in their own right – Wyndham will not be paying anything by way of a fine or monetary damages and is not required to admit liability,… More

The LabMD Case: Further Defining the FTC’s Enforcement Powers

The scaffolding of the FTC’s powers in the realm of cybersecurity continues to be built.  On Monday, the FTC’s Chief Administrative Law Judge D. Michael Chappell issued an initial decision in the FTC’s closely watched enforcement action against LabMD.  The case involves a 2008 incident in which a data security company (Tiversa Holding Co.) discovered a LabMD document containing personal information of 9,300 patients was available on a P2P file sharing network. … More