Monthly Archives: June 2018

The EU-US Privacy Shield, a framework that allows companies to transfer personal data from the EU to the US in compliance with the GDPR, has been under fire for not providing adequate protection to EU citizens.  As Foley noted in 2017, the EU’s Article 29 Working Party (now the European Data Protection Board) identified “a number of significant concerns” with the Privacy Shield in the Working Party’s First Annual Joint Review,… More

With legislative activity last month in Louisiana, South Carolina, Vermont, and Colorado adding to activity in South Dakota, Arizona, Oregon, and Alabama earlier in the year, it appears that 2018 could be a significant year for state information privacy law reform. Much has been predicted in this area following the enactment in 2017 of significant regulations in New York and the passage of substantial amendments to a statute in Illinois both of which were aimed at protecting against data breaches.… More

It was my pleasure yesterday to speak at MedInnovation Boston 2018, and deliver a presentation on “The Interplay of HIPAA, Privacy and Data Security Principles, and Health Information Interoperability“.  With constantly evolving technology and the new GDPR legal framework. achieving interoperability seems harder than ever. More

The Washington Post recently reported that the Chinese Ministry of State Security stole a trove of sensitive defense information from a U.S. Navy contractor working for the Naval Undersea Warfare Center.  According to the Post, the information included plans to develop a supersonic anti-ship missile for U.S. submarines, along with “signals and sensor data, submarine radio room information relating to cryptographic systems, and Navy submarine development unit’s electronic warfare library.”

It is no secret that the Chinese government has been building its capacity to project military power in the Pacific ocean for many years,… More

On June 7, 2018, the French Data Protection Authority (the CNIL) published a decision (issued one month earlier) in which it imposed a record 250,000 euros fine on Optical Center (which, although its name does not indicate, is a French company) for having insufficiently secured the personal data of its customers.

The CNIL noted that customers could access more than 300,000 documents (mainly invoices) of other customers on Optical Center’s website site rather easily,… More

As noted in the FTC alert below from Lisa Weintraub Schifferle, an attorney with the FTC’s Division of Consumer & Business Education, thanks to a new federal law, soon you can get free credit freezes and year-long fraud alerts. Here’s what to look forward to when the law takes effect on September 21st:

Free credit freezes

• What is it? A credit freeze restricts access to your credit file,…

More

Co-hosted by Foley Hoag LLP and ACC-Northeast

The emergence of blockchain technology, and its use to create digital tokens and currencies, raises numerous legal questions and challenges, across a wide variety of industries.

This webinar is a chance for in-house counsel to learn what blockchain technology is, the relevant legal and regulatory considerations surrounding blockchain technology and cryptocurrency, how to navigate the various areas affecting digital tokens and currency,… More

It is the last day of Bio 2018 and I am attending a curiously titled session:  Is Biotechnology Drowning in Health Related Data?   The panel’s answer to that question is “no” — in fact, they all agreed there isn’t enough data yet, if we want to achieve “convergence”.  That’s the new buzz word:  convergence.  One speaker described it as “a better quantification of humanity.” … More

The long-anticipated decision in LabMD v. FTC has finally arrived. The 11th Circuit held that the FTC’s cease-and-desist order against LabMD is unenforceable:

In sum, assuming arguendo that LabMD’s negligent failure to implement and maintain a reasonable data-security program constituted an unfair act or practice under Section 5(a), the Commission’s cease and desist order is nonetheless unenforceable. It does not enjoin a specific act or practice.… More

It took three days, but I finally found a panel at BIO 2018 that addressed the current challenges in privacy and security regarding health data.  This panel, Realizing the Potential of Clinical and Consumer Genomics, was focused on all the new genetic tests that are available (with more to come) and all the genetic data those tests are generating.  I was particularly impressed with the approach of Mindstrong Health to privacy and security,… More

The late rapper known as The Notorious B.I.G. recorded a song called, “Mo Money, Mo Problems.”  Many of the lyrics can’t be repeated here, but the refrain can:

“It’s like the more money we come across
The more problems we see.”

This refrain came to mind yesterday as I sat in the BIO 2018 session about digital health:  A Look to the Future: Investors Corner –… More

I am attending BIO 2018 in Boston, just steps from our Boston office. Naturally, I was drawn to yesterday’s session on “Life Sciences Cyber Exposures and Risk Mitigation Considerations.” But I came away disappointed. First of all, the session was held in a small room and even then, it was only one-third full (maybe 30 people of the 16,000 attending BIO 2018 chose to attend).… More

Foley Hoag, along with the Massachusetts Export Center, is hosting an Export Regulatory Compliance Update Conference on Thursday, June 14.  Among the panels will be one on “Navigating the GDPR & Cybersecurity Regulatory Environment.”  Here’s a description of the Panel:

On May 25, 2018, the General Data Protection Regulation (“the GDPR”) went into effect in all Member States of the European Union. However, the GDPR has a broad scope: it applies to organizations established outside the EU that offer goods or services to individuals in the EU and/or monitor the behavior of data subjects within the EU.… More