Foley Hoag presented a discussion and Q&A regarding the growing threat of business email compromises (a.k.a. man-in-the-middle attacks). Attorneys Chris Hart and Yoni Bard, litigators with experience in privacy matters and business disputes, shared what they have learned through successfully representing victims of hacking and phishing attacks that have led companies to misdirect payments to unknown criminal actors. They discussed strategies for preventing these attacks and, if they occur, maximizing the likelihood of recovery through rapid response strategies (involving law enforcement and banks),… More
Tag Archives: privacy
On September 30, 2021, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) issued guidance to help the public understand when the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule applies to disclosures and requests for information about whether a person has received a COVID-19 vaccine.
The guidance reminds the public that the HIPAA Privacy Rule does not apply to employers or employment records.… More
Ransomware payments continue to be a focus of the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”). As previously reported by Foley Hoag, on October 1, 2020, OFAC released an advisory regarding potential sanctions risks related to facilitating ransomware payments. Almost a year later, on September 21, 2021, OFAC updated its advisory to provide additional guidance regarding what OFAC considers to be mitigating factors if facilitating a ransomware payment results in an apparent violation of U.S.… More
On July 7, 2021, Governor Jared Polis signed into law the Colorado Privacy Act (CPA), making Colorado the most recent state to enact comprehensive privacy legislation. While the CPA does not take effect until July 1, 2023, it contains robust provisions that businesses will need some time to prepare for.
On March 2, 2021, Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law. This made Virginia the second state to enact a consumer privacy and data security law, and follows hot the heels of California’s Consumer Privacy Act (CCPA) and the newly-enacted California Privacy Rights and Enforcement Act (CPRA). Virginia will not be the last to regulate the relationship between consumers and businesses holding their data;… More
First Circuit Creates Exception to Massachusetts Wiretap Statute Based on First Amendment Rights, Allows Citizens and Press to Record Police Activity Without Permission
The First Circuit’s recent opinion in Project Veritas Action Fund v. Rollins, upheld a challenge to the Massachusetts anti-wiretap law, Mass. Gen. Laws ch. 272, § 99, carving out an exception for certain activity protected by the First Amendment. The opinion begins:
Massachusetts, like other states concerned about the threat to privacy that commercially available electronic eavesdropping devices pose,… More
Massachusetts AG Creates “Data Privacy and Security Division”; What Enforcement Changes Will Follow?
Massachusetts Attorney General Maura Healey recently announced the creation of the Data Privacy and Security Division within her office, with the stated goal of “protect[ing] consumers from the surge of threats to the privacy and security of their data in an ever-changing digital economy.”
The coronavirus pandemic has required a rapid and dramatic shift to remote work, raising important implications for workplace privacy and information security. Some of these concerns are new; others are the same concerns that employers have always held, now amplified by the increasingly blurred lines between work and home. All of these concerns will remain as the workplace travels from the office to the home and, in the near future,… More
GDPR, CCPA and Now, the NY SHIELD Act: Additional Data Security Responsibilities for Companies Holding the Private Information of NY Residents
On March 21, 2020, the last of the features of the NY Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) became effective: its data security requirements. The SHIELD Act is a sweeping statute governing individual rights relating to data breaches. It was adopted in July 2019 and has been rolled out in the months since then: its breach notification provisions took effect on October 23, 2019, and its data security requirements have now taken effect. … More
Very interesting discussion in the most recent Journal of the American Medical Association, “Information Technology–Based Tracing Strategy in Response to COVID-19 in South Korea—Privacy Controversies.”
The sources of information are staggering in their breadth: mobile phone carriers, immigration services, law enforcement, credit card companies, public transit companies, government agencies, health insurers and health care providers. It is difficult to imagine this type of tracing in the United States.… More