Consumers and Senators Urge FTC to Investigate New Child-Focused, Voice-Activated Device

On May 9, 2019, a coalition of consumer groups submitted a complaint to the Federal Trade Commission (“FTC”) regarding Amazon’s Echo Dot Kids Edition, arguing that the device runs afoul of the Children’s Online Privacy Protection Act (“COPPA”).  The Echo Dot Kids Edition is a child-focused version of Amazon’s popular voice-activated smart speaker device that utilizes Amazon’s Alexa digital assistant.… More

Partner Colin Zick Quoted in McKnight’s Long-Term Care News Article on Ransomware

Ransomware attacks are the biggest data breach threat facing nursing facilities and other healthcare institutions, a new Bloomberg investigation finds.

“Part of the reason individuals are so vulnerable is that they receive so many emails that each one isn’t carefully reviewed,” partner Colin Zick said.

Click here to read the full article on McKnight’s. More

HHS to Reduce Top HIPAA Fines Based on “Level of Culpability”

In a Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties issued on April 23, 2019, the Department of Health and Human Services (HHS) exercised “its discretion in how it applies HHS regulations concerning the assessment of Civil Money Penalties (CMPs) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as such provision was amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act” to reduce the maximum annual fines it will impose for HIPAA violations.… More

Minimizing Risk and Liability from Man in the Middle Attacks (or, How to Keep Your Company’s Wire Transfers from Going Awry)

Imagine this scenario:  you’ve had a productive and mutually advantageous ongoing contractual relationship of several years with another party.  You have built up quite a bit of trust over the years, and communicate regularly over email.  Your email communications include you receiving invoices and then confirming payment; your email messages might include a note about an upcoming shipment or provision of services, or even a note wishing the family well.… More

Cybersecurity 2019: Data Privacy Trends

In 2018, privacy and data security crossed a number of thresholds. In the public mind, through high-profile data breaches and revelations about unexpected uses of personal information, questions of privacy became much more salient. In the legal and regulatory arena, both the GDPR and the California Consumer Privacy Act became clear catalysts for a global transformation in the coming years of privacy practices. Finally, new technologies suggest that flux and complexity we are currently experiencing will continue,… More

Partner Colin Zick Speaks to Bloomberg Law on Why Companies Are Anxious for a Federal Move on Privacy

Bloomberg Law interviewed partner Colin Zick as part of a Special Report on how businesses are adjusting to recent data and privacy rules. Zick discusses why companies should be prepared to deal not only with GDPR requirements, but also a patchwork of state laws that may carry compliance requirements as well.

“We’re in the midst of a large public policy debate about what we’re going to do when it comes to data privacy laws,”… More

The Paris District Court Invalidates 38 Clauses of Google+ Terms of Use and Privacy Policy

It has been rough weather for Google in France. Three weeks after the French ‎Data Protection Authority imposed a record fine against Google for non-compliance with the GDPR, the Paris District Court (“Tribunal de Grande Instance”) invalidated 38 clauses of Google’s Privacy Policy and Terms of Use for Google+, the Internet-based social media network owned and operated by Google.  This decision was rendered on February 12,… More

Is it weird not to have a privacy policy? (And other thoughts on privacy policy best practices.)

You probably are employed by an organization that has a website privacy policy. I am. That’s because most organizations process personal information through their websites in some way, such as through online forms that ask you to sign up for newsletters or marketing promotions.

What if your organization doesn’t process any personal information through its website? What if you run a B2B startup and just have an informational website that tells the public about what you do,… More

Webinar on April 24 – GDPR: Lessons Learned from the First Year

It’s been nearly a year since the GDPR became enforceable. Now that the dust has settled, it is time to look back and see how and by whom these rules have been enforced. Foley Hoag will present a 60-minute webinar on Wednesday, April 24 at 11:00 am EDT that discusses the impact the rules have had on businesses.

In addition to learning the lessons of this past year,… More

FERC and NERC Talk Grid Resilience and Cybersecurity

On March 22, 2019, Foley Hoag hosted the New England Electricity Restructuring Roundtable, organized by Raab Associates. The roundtable featured keynote addresses by Federal Energy Regulatory Commission (“FERC”) Commissioner Cheryl LaFleur—who recently announced she will be stepping down later this year—and North American Reliability Corporation (“NERC”) CEO and President James Robb. Both took turns addressing the most pressing issues in energy. … More