Privacy Shield No Longer Viable Basis for EU-US Data Transfers

Posted on July 16th, 2020 by Stephen Stich and Christopher Escobedo Hart

On July 16, 2020, the European Court of Justice issued one of its most important decisions on data privacy law (Schrems II), holding that the EU-US Privacy Shield is no longer a viable mechanism for EU-US data transfers under the European General Data Protection Regulation (GDPR). Entities that relied on the Privacy Shield will immediately need to find another basis for their EU-US personal data transfers.… More

A Game of ‘Cat and Mouse’: Hacking Attacks on Hospitals for Patient Data Increase During Coronavirus Pandemic

Posted on July 13th, 2020 by Foley Hoag

Colin Zick, co-chair of Foley Hoag’s Healthcare and Privacy and Data Security Practice Groups, was recently quoted in USA Today about cyberattacks against health care providers. This is a particularly timely issue in the time of COVID-19. Click here to read the full article. More

Watch Now: Maintaining Privacy and Data Security in the Remote Workplace

Posted on June 24th, 2020 by Foley Hoag

The coronavirus pandemic has required a rapid and dramatic shift to remote work, raising important implications for workplace privacy and information security. Some of these concerns are new; others are the same concerns that employers have always held, now amplified by the increasingly blurred lines between work and home. All of these concerns will remain as the workplace travels from the office to the home and, in the near future,… More

Watch Now: CCPA Enactment: What Stays the Same and New Privacy Concerns After COVID-19

Posted on May 12th, 2020 by Foley Hoag

Chris Hart and Colin Zick, both Partners at Foley Hoag and Co-Chairs of the Privacy and Data Security Practice joined Mass Technology Leadership Council for their regular update on CCPA and other global and state privacy regulations.

This program, which was planned prior to the COVID-19 outbreak in the US, did provide an update on what California is currently enforcing and who is leading the charge.… More

Privacy v. Speech? Supreme Court to Weigh in on TCPA Restrictions on Automated Calls

Posted on May 6th, 2020 by Jeremy Meisinger

The Supreme Court on May 6, 2020 heard oral argument on a widely-watched First Amendment case that may have broad ramifications for the Telephone Consumer Protection Act and, potentially, government restrictions on telecommunications more broadly.

Originally passed in 1991, the Telephone Consumer Protection Act is enforced by the Federal Communications Commission and contains various restrictions on telemarketing, including the use of auto-dialers (sometimes called “robocallers”). The FCC has strengthened the law’s restrictions over time and adapted them to newer communications technologies,… More

GDPR, CCPA and Now, the NY SHIELD Act: Additional Data Security Responsibilities for Companies Holding the Private Information of NY Residents

Posted on May 4th, 2020 by Peter Sullivan

On March 21, 2020, the last of the features of the NY Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) became effective: its data security requirements. The SHIELD Act is a sweeping statute governing individual rights relating to data breaches. It was adopted in July 2019 and has been rolled out in the months since then: its breach notification provisions took effect on October 23, 2019, and its data security requirements have now taken effect. … More

The Equifax/Massachusetts Attorney General Consent Judgment: A Guide for Privacy and Security Compliance

Posted on May 2nd, 2020 by Christopher Escobedo Hart

What do businesses need to do to comply with privacy and data security laws? The first place to look is to relevant statutes. If you store or process the personal information of Massachusetts residents, then you will at least be subject to the Massachusetts Data Breach Notification Statute and related security regulations. These are important guides that require certain operational activities, such as maintaining a written information security program,… More

Privacy and COVID-19 Contact Tracing – Lessons from South Korea?

Posted on April 25th, 2020 by Colin Zick

Very interesting discussion in the most recent Journal of the American Medical Association, “Information Technology–Based Tracing Strategy in Response to COVID-19 in South Korea—Privacy Controversies.”

The sources of information are staggering in their breadth: mobile phone carriers, immigration services, law enforcement, credit card companies, public transit companies, government agencies, health insurers and health care providers. It is difficult to imagine this type of tracing in the United States.… More

Colin Zick recommends getting ready for the new data sharing rules now, despite enforcement delay…

Posted on April 24th, 2020 by Colin Zick

Colin Zick, co-chair of Foley Hoag’s Health Care Practice and Chair of the Privacy and Data Security Practice, spoke with Bloomberg Law’s Ayanna Alexander regarding the Department of Health and Human Services’ decision to hold off on enforcing new health information data-sharing rules. His recommendation: prepare now, as the new requirements aren’t going away. “They will go easy on you if you are trying to comply, but the pandemic makes it difficult or impossible,” Zick said.… More

FERC Authorizes Deferred Implementation of Seven NERC Reliability Standards

Posted on April 24th, 2020 by Carol Holahan

The Federal Energy Regulatory Commission (“FERC” or “Commission”) recently issued an Order approving a request by the North American Electric Reliability Corporation (“NERC”) to defer the implementation of several Reliability Standards scheduled to take effect later this year. This action, along with others discussed in an earlier post here, are the latest measures approved by FERC that demonstrate the Commission’s intent to exercise discretion in easing reliability compliance burdens in light of the national emergency related to the coronavirus pandemic.… More