FERPA 101: Duties, Processes, and Issues to Keep in Mind During Litigation

Posted on April 14th, 2021 by Foley Hoag

As colleges and universities know, higher education institutions have a duty to protect the confidentiality of student records, codified in the Family Educational Rights and Privacy Act (“FERPA”), 20 U.S.C. § 1232g. When such documents are requested in the course of litigation, FERPA dictates the processes and standards a school must apply in response. The discussion that follows answers the following questions:

When if ever must a school provide student information to a third party during litigation?…

More

5th Circ. Creates Roadblocks For New HHS Privacy Enforcers

Posted on February 10th, 2021 by Foley Hoag

The OCR could look to stave off such challenges by moving to issue new regulations that address the issues and ambiguities highlighted in the MD Anderson decision, according to Foley Hoag Privacy & Data Security practice co-chair Colin Zick.

Click here to read the Law360 article. More

Cannabis Data Privacy Issues to Watch in 2021

Posted on February 10th, 2021 by Foley Hoag

Foley Hoag attorneys Chris Hart and Jeremy Meisinger examine legal considerations around data privacy and security in cannabis transactions.

Click here to read the Bloomberg Law article. More

Watch Now: Beyond Compliance: Privacy, Artificial Intelligence, and the Ethical Implications for Businesses

Posted on January 29th, 2021 by Foley Hoag

Rapidly-shifting regulatory requirements affecting data privacy often leave businesses struggling not only to keep up with immediate compliance needs, but also wondering how they can “future proof” their businesses to account for increasingly robust laws. And as the technology around artificial intelligence increases in sophistication and ubiquity, lawmakers and consumers are taking notice and action. How should businesses be thinking about these changes beyond mere compliance? What are the ethical implications around data use affecting how individuals and regulators are thinking about data use?… More

Data Privacy Day Reflections – Compliance, Governance, Ethics (and AI)

Posted on January 28th, 2021 by Christopher Escobedo Hart

January 28 is Data Privacy Day, and on this 14th annual Data Privacy Day, I find myself reflecting on the question of data ethics.

Far from being an academic concept, “data ethics” presents a model for data management with real practical implications for organizations. (I should note that I am focused here on personal data.) To understand what the concept might entail, let’s take a step back and talk about two other models for data management: compliance and governance.… More

Cybersecurity 2021 – The Year in Preview: The FTC’s Enforcement Priorities

Posted on December 31st, 2020 by Veronica Jennings, Austin A.B. Ownbey and August Horvath

Editors’ Note: This is the fourth in our fifth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year. Read our previous posts on Energy, Cannabis, and the GDPR.

As the Trump Administration ends, it is time to look forward to what may be on the horizon with regards to law enforcement at the FTC under the Biden Administration.… More

Cybersecurity 2021 – The Year in Preview: The GDPR’s New Transfer Landmines

Posted on December 30th, 2020 by Foley Hoag

Editors’ Note: This is the third in our fifth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year. Read our previous posts on Energy and Cannabis.

A year ago, transferring data from Europe to the United States was inconvenient but manageable. Thousands of companies participated in the Privacy Shield, an agreement between the United States Department of Commerce and the European Commission where data importers certified that protected Europeans’ data at European levels.… More

Fifth Circuit Addresses Scope of “Use” Under Federal Identity Theft Statute

Posted on December 30th, 2020 by Colin Zick

You may have forgotten that there is a federal criminal identity theft statute, 18 U.S.C. § 1028A, which says:

Whoever, during and in relation to any felony violation enumerated in subsection (c), knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person shall, in addition to the punishment provided for such felony, be sentenced to a term of imprisonment of 2 years.

Section 1028A is not frequently invoked,… More

Cybersecurity 2021 – The Year in Preview: Emerging Issues in Cannabis and Privacy

Posted on December 30th, 2020 by Jeremy Meisinger

Editors’ Note: This is the second in our fifth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year. Read our previous post on Energy.

Though the final results of the 2020 presidential race took a few days to become clear, it was obvious by the morning of November 4 that cannabis legalization had run the table: from deep red Montana,… More

First Circuit Creates Exception to Massachusetts Wiretap Statute Based on First Amendment Rights, Allows Citizens and Press to Record Police Activity Without Permission

Posted on December 28th, 2020 by Colin Zick

The First Circuit’s recent opinion in Project Veritas Action Fund v. Rollins, upheld a challenge to the Massachusetts anti-wiretap law, Mass. Gen. Laws ch. 272, § 99, carving out an exception for certain activity protected by the First Amendment. The opinion begins:

Massachusetts, like other states concerned about the threat to privacy that commercially available electronic eavesdropping devices pose,… More