The coronavirus pandemic has required a rapid and dramatic shift to remote work, raising important implications for workplace privacy and information security. Some of these concerns are new; others are the same concerns that employers have always held, now amplified by the increasingly blurred lines between work and home. All of these concerns will remain as the workplace travels from the office to the home and, in the near future,… More

Chris Hart and Colin Zick, both Partners at Foley Hoag and Co-Chairs of the Privacy and Data Security Practice joined Mass Technology Leadership Council for their regular update on CCPA and other global and state privacy regulations.

This program, which was planned prior to the COVID-19 outbreak in the US, did provide an update on what California is currently enforcing and who is leading the charge.… More

The Supreme Court on May 6, 2020 heard oral argument on a widely-watched First Amendment case that may have broad ramifications for the Telephone Consumer Protection Act and, potentially, government restrictions on telecommunications more broadly.

Originally passed in 1991, the Telephone Consumer Protection Act is enforced by the Federal Communications Commission and contains various restrictions on telemarketing, including the use of auto-dialers (sometimes called “robocallers”).  The FCC has strengthened the law’s restrictions over time and adapted them to newer communications technologies,… More

On March 21, 2020, the last of the features of the NY Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) became effective:  its data security requirements.  The SHIELD Act is a sweeping statute governing individual rights relating to data breaches.  It was adopted in July 2019 and has been rolled out in the months since then:  its breach notification provisions took effect on October 23, 2019, and its data security requirements have now taken effect. … More

What do businesses need to do to comply with privacy and data security laws?  The first place to look is to relevant statutes.  If you store or process the personal information of Massachusetts residents, then you will at least be subject to the Massachusetts Data Breach Notification Statute and related security regulations.  These are important guides that require certain operational activities, such as maintaining a written information security program,… More

Very interesting discussion in the most recent Journal of the American Medical Association, “Information Technology–Based Tracing Strategy in Response to COVID-19 in South Korea—Privacy Controversies.”

The sources of information are staggering in their breadth:  mobile phone carriers, immigration services, law enforcement, credit card companies, public transit companies, government agencies, health insurers and health care providers.  It is difficult to imagine this type of tracing in the United States.… More

Colin Zick, co-chair of Foley Hoag’s Health Care Practice and Chair of the Privacy and Data Security Practice, spoke with Bloomberg Law’s Ayanna Alexander regarding the Department of Health and Human Services’ decision to hold off on enforcing new health information data-sharing rules. His recommendation: prepare now, as the new requirements aren’t going away. “They will go easy on you if you are trying to comply, but the pandemic makes it difficult or impossible,” Zick said.… More

The Federal Energy Regulatory Commission (“FERC” or “Commission”) recently issued an Order approving a request by the North American Electric Reliability Corporation (“NERC”) to defer the implementation of several Reliability Standards scheduled to take effect later this year. This action, along with others discussed in an earlier post here, are the latest measures approved by FERC that demonstrate the Commission’s intent to exercise discretion in easing reliability compliance burdens in light of the national emergency related to the coronavirus pandemic.… More

Businesses scrambling to move their workforces into remote environments are rightly concerned about the smooth and productive flow of information, including question about whether there will be any government support for building out a remote infrastructure, and what limitations are there on the kinds of information employers may obtain or share to minimize the health impacts on their employees (both questions, among many others, that Foley Hoag’s COVID-19 Task Force was built to help answer). … More

Malicious cyber actors have been exploiting the COVID-19 crisis, warn the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC) in a joint release issued April 8. Bad actors have done so in two main ways: first, by grafting COVID-19-related themes onto standard cyberattack practices; second, by exploiting vulnerabilities in services that have seen increased use since the pandemic began.… More