On April 26, 2019, the US Department of Health and Human Services (HHS), Office for Civil Rights (OCR) issued a Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties (the Notice) to inform the public...more
5/10/2019
/ Civil Monetary Penalty ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Eighth Amendment ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HITECH Act ,
OCR ,
Regulatory Agenda ,
Settlement Negotiations
The General Data Protection Regulation (GDPR) was the biggest story of 2018 in the field of global privacy and data protection. The GDPR became enforceable in European Union Member States on May 25, 2018, significantly...more
California’s Senate and Assembly unanimously approved AB 375 (also known as the California Consumer Privacy Act of 2018), on June 28, 2018. This new consumer privacy bill will be the most progressive and comprehensive privacy...more
Lack of a sufficient risk analysis continues to be one of the most commonly alleged violations in Office for Civil Rights (OCR) HIPAA enforcement actions, appearing in half of all OCR settlements announced in the last 12...more
The General Data Protection Regulation (GDPR) establishes protections for the privacy and security of personal data (Personal Data) about individuals in the European Union (EU) single market countries, and potentially affects...more
This article briefly introduces the emerging regulatory framework for autonomous and connected vehicles in the US and in certain key jurisdictions around the world, with particular emphasis on regulations pertaining to...more
1/23/2018
/ Australia ,
China ,
Cybersecurity ,
DRIVE Act ,
Driverless Cars ,
EU ,
France ,
Germany ,
Japan ,
Motor Vehicles ,
NHTSA ,
UK
The validity of Model Clauses for EU personal data transfer to the United States is now in real doubt as a result of a new Irish High Court opinion stating that there are “well founded grounds” to find the Model Clauses...more
The US Department of Transportation’s National Highway Traffic Safety Administration recently released A Vision for Safety 2.0, an update to its prior guidance on automated driving systems. The new guidance adopts a...more
Privacy Shield Implementation and How-To Kit from McDermott Will & Emery -
Japanese companies may have European branches or subsidiaries that send personal data to the US or that may be accessed by entities in the US,...more
New technologies and the expansion of the Internet of Things have allowed children of this generation to experience seamless interactive technologies through microphones, GPS devices, speech recognition, sensors, cameras and...more
In today’s digital age, data privacy and security incident response plans are critical. Companies need to have a well-designed cybersecurity plan to protect their systems from attacks and respond to a crisis when they are...more
In an age where providers are increasingly taking the management of their patient’s health online and out of the doctor’s office, the creation of scalable and nimble patient engagement tools can serve to improve patient...more
On 19 October 2016, the European Court of Justice (ECJ) held (Case C-582/14 – Breyer v Federal Republic of Germany) that dynamic IP addresses may constitute personal data. The ECJ also held that a website operator may collect...more
The European Commission recently determined that the Privacy Shield Framework is adequate to legitimize data transfers under EU law, providing a replacement for the Safe Harbor program. The Privacy Shield is designed to...more
8/31/2016
/ Binding Corporate Rules ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Model Clauses ,
Notice Requirements ,
Personal Data ,
Private Right of Action ,
Self-Certification ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
On January 6, the Federal Trade Commission (FTC) released a report that it hopes will educate organizations on the important laws and research that are relevant to big data analytics. The report, Big Data: A Tool for...more
On September 29, 2015, the U.S. Department of Health & Human Services Office of the Inspector General (OIG), Office of Evaluation and Inspections, released two studies calling on the HHS Office for Civil Rights (OCR) to...more
As we reported on October 19th, the Article 29 Working Party on the Protection of Individuals with Regard to the Processing of Personal Data challenged the EU member states to “open discussions with the US” to find a viable...more
The Judicial Redress Act of 2015 (H.R. 1428) (Judicial Redress Act) is on its way to the U.S. Senate. On October 20th, the U.S. House of Representatives voted in favor of passage.
The Judicial Redress Act extends...more
10/23/2015
/ Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
Information Sharing ,
International Data Transfers ,
Judicial Redress Act ,
Law Enforcement ,
Pending Legislation ,
Personal Data ,
Privacy Legislation ,
US-EU Safe Harbor Framework
As we wrote on October 6, 2015, the Court of Justice of the European Union (CJEU) announced its invalidation of the U.S.-EU Safe Harbor program as a legally valid pathway for transferring personal data of European Union (EU)...more
10/20/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
EU ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
Informed Consent ,
International Data Transfers ,
Personal Data ,
SCC ,
Surveillance ,
US-EU Safe Harbor Framework ,
Vendors
Law enforcement requests for electronic information, particularly from technology companies such as Google and Twitter, have skyrocketed in recent years. In response, several states—Maine and Texas in 2013, Utah in 2014 and...more
10/13/2015
/ Cloud Computing ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Communications ,
ECPA ,
Electronic Communications ,
Electronic Devices ,
Electronically Stored Information ,
Email ,
Internet Service Providers (ISPs) ,
Invasion of Privacy ,
Law Enforcement ,
Location Data ,
Metadata ,
Mobile Devices ,
New Legislation ,
Search Warrant ,
Text Messages ,
Third-Party Service Provider
On October 6, 2015, the Court of Justice of the European Union (CJEU) announced its determination that the U.S.-EU Safe Harbor program is no longer a “safe” (i.e., legally valid) means for transferring personal data of EU...more
10/7/2015
/ Binding Corporate Rules ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
Edward Snowden ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
International Data Transfers ,
Judicial Redress Act ,
Personal Data ,
PRISM Program ,
SCC ,
Schrems I & Schrems II ,
Surveillance ,
US-EU Safe Harbor Framework
In the first few months of 2015, a number of states have introduced data breach notification bills and proposed legislative amendments designed to enhance consumer protection in response to increasingly high profile data...more
On April 29, 2015, the Cybersecurity Unit in the Computer Crime and Intellectual Property Section (CCIPS) of the U.S. Department of Justice released a best practices document (Document) for victims of cyber incidents. The...more
The National Institute of Standards and Technology (NIST) released its Cybersecurity Framework (Framework) almost 15 months ago and charged critical infrastructure companies within the United States to improve their...more
Executive Order 13694 is the Obama Administration’s latest tool to combat cybersecurity threats. On April 1, 2015, President Obama declared a national emergency to address the “increasing prevalence and severity of malicious...more