Supreme Court Considers Modern Applicability of TCPA’s Robocall Ban in Duguid v. Facebook

On December 8, 2020, the Supreme Court heard oral argument in Duguid v. Facebook, a landmark case that will determine whether a consumer can sue a company for using automated technology to text or call that consumer at a phone number saved in the company’s system. At issue is the meaning of the federal Telephone Consumer Protection Act (“TCPA”) and its prohibition on using autodialers to transmit communications to cell phones.… More

Cybersecurity 2021 – The Year in Preview: Ransomware, the Latest Threat to the Nation’s Energy Supply

Editors’ Note:  This is the first in our fifth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year.  

The Growing Threat of Ransomware

According to media reports, ransomware attacks against the manufacturing industry have more than tripled compared with last year. This dramatic rise in cyberattacks poses serious concerns about the vulnerability of critical energy infrastructure serving the nation’s electric grid,… More

Proposed Amendments to HIPAA Regulations to “Empower Patients, Improve Coordinated Care, and Reduce Regulatory Burdens”

Nearly 20 years to the day after the first HIPAA privacy regulations were announced, HHS has posted proposed revisions to HIPAA, evidence that even after twenty years, HIPAA privacy remains a work in progress. These proposed revisions are styled by HHS OCR as an attempt “to support individuals’ engagement in their care, remove barriers to coordinated care, and reduce regulatory burdens on the health care industry.”… More

Webinar: State Control of Internet Access, Freedom of Press, and Atrocity Situations

Please join us for an event moderated by Foley Hoag partner Christina Hioureas on December 10, 2020 from 11:00am – 1:00pm.  Register here.

Over the past few years, some States have developed new methods both of limiting access to the internet, and of regulating online content that they deem problematic. These initiatives stand in stark contrast to recent decisions by international tribunals protecting the right to free expression,… More

Boston Bar Privacy & Cybersecurity Conference

The BBA Privacy & Cybersecurity Conference has been adapted to a virtual format and will feature two days of live and on-demand content curated and presented by top privacy, cybersecurity and digital law practitioners and industry experts.

Registration for the conference includes access to both days of the conference: Thursday, December 3rd and Friday, December 4th.

Click here to register, or here for more information.… More

French Data Protection Authority Rules on Transfers of Health Data

The French Conseil d’Etat handed down an important decision October, 13th regarding privacy and personal data protection. This decision comes in the wake of the “Schrems II” ruling of the Court of Justice of the European Union (CJEU), which ruled that the protection of data transferred to the United States by the “Privacy Shield” was insufficient under European law.

A platform managing health data (named “Health Data Hub”) was created in 2019 to facilitate the share of these data in order to promote research.… More

Here Comes a New California Privacy Law! A Preliminary Look at the CPRA.

California voters on Election Day passed the California Privacy Rights Act (CPRA), an update and partial overhaul to the California Consumer Privacy Act (CCPA), the landmark 2018 privacy law.  The new CPRA strengthens existing privacy protections, particularly for certain categories of sensitive personal information, and creates an independent enforcement agency.  However, privacy advocates like the ACLU of Northern California and the Electronic Frontier Foundation came out against or refused to support the measure,… More

CISA Issues Ransomware Alert for Activity Targeting the Healthcare and Public Health Sectors

On October 28, 2020, a joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). This advisory describes the tactics, techniques, and procedures used by cybercriminals against targets in the healthcare and public health sectors to infect their systems with Ryuk ransomware for financial gain.

CISA,… More

Department of Homeland Security Releases Homeland Threat Assessment

On October 6, 2020, the Department of Homeland Security (“DHS”) released a 2020 Homeland Threat Assessment (“HTA”).  According to Acting Secretary Chad F. Wolf, the “first of its kind report” identifies the primary threats facing the nation and analyzes the vast array of information coming from all DHS operational components that crosses his desk on a daily basis.  “When the American people read this HTA they will be more aware of the traditional threats facing the Homeland like terrorism and organized crime.  … More

First A Ransomware Attack, Now Sanctions? New OFAC Advisory Warns of Sanctions Risks for Facilitating Ransomware Payments

On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) released an advisory regarding potential sanctions risks related to facilitating ransomware payments, as covered in this post from Foley Hoag’s Security, Privacy, and the Law blog.

OFAC is the federal agency responsible for implementing and enforcing U.S. sanctions against individuals, entities, and foreign governments involved in terrorism,… More