Archives: Enforcement

Subscribe to Enforcement RSS Feed

OCR Settles Largest HIPAA Violation Against a Single Covered Entity

On August 4, 2016, the U.S. Department of Health and Human Services' Office for Civil Rights entered into a resolution agreement with Advocate Health Care Network over alleged HIPAA violations. The multimillion dollar settlement with Advocate is the largest settlement to date against a single covered entity.… Continue Reading

Article 29 Working Party and EDPS Release Opinions on the ePrivacy Directive

On July 25, 2016, the Article 29 Working Party and the European Data Protection Supervisor released their respective Opinions regarding the evaluation and review of Directive 2002/58/EC on privacy and electronic communications. Both the Working Party and the EDPS stressed that new rules should complement the protections available under the EU General Data Protection Regulation. … Continue Reading

The EU-U.S. Privacy Shield: A How-To Guide

Hunton partner Lisa Sotto and associate Chris Hydak recently published an article in Law360 entitled “The EU-U.S. Privacy Shield: A How-To Guide,” detailing the Privacy Shield principles, the benefits of certification, how the Shield will be enforced, and the challenges and risks associated with the future of the Privacy Shield. This blog post contains a link to the full article. … Continue Reading

Ad Network to Pay Nearly 1 Million in Civil Penalties to Settle FTC Charges That It Geo-Tracked Consumers Without Permission

On June 22, 2016, the Federal Trade Commission announced that it reached a settlement with a mobile advertising company, InMobi, to resolve charges that the company deceptively tracked hundreds of millions of consumers’ locations without their knowledge or consent. Among other requirements, the settlement orders the company to pay 950,000 dollars in civil penalties. … Continue Reading

Will Spokeo Undermine CAFA?

As we previously reported, the Supreme Court’s decision in Spokeo v. Robins, has been nearly universally lauded by defense counsel as a new bulwark against class actions alleging technical violations of federal statutes. But Spokeo also poses a significant threat to defendants by defeating their ability to remove exactly the types of cases that defendants most want in federal court.… Continue Reading

Pharmaceutical Company to Plead Guilty and Settle Drug Marketing Charges

Recently, Aegerion Pharmaceuticals announced that it will enter into several settlements and plead guilty to two misdemeanors in connection with alleged violations of HIPAA, drug marketing regulations and securities laws. The criminal charges stem from the company’s marketing of a cholesterol drug called Juxtapid. Aegerion allegedly failed to comply with risk evaluation and management strategies and … Continue Reading

Supreme Court Finds Consumers Must Prove Injury in Class Actions

On May 16, 2016, the United States Supreme Court issued a decision in Spokeo Inc. v. Thomas Robins, holding that the Ninth Circuit’s ruling applied an incomplete analysis when it failed to consider both aspects of the injury-in-fact requirement under Article III. The Court found that a consumer could not sue Spokeo, Inc., an alleged consumer reporting agency that operates a “people search engine,” for a mere statutory violation without alleging actual injury.… Continue Reading

FTC Announces First APEC Cross-Border Privacy Rules Enforcement Action

On May 4, 2016, the Federal Trade Commission issued a press release announcing its recent settlement with hand-held vaporizers manufacturer Very Incognito Technologies, stemming from charges that the company falsely claimed it had certified under the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules framework.… Continue Reading

Consumer Financial Protection Bureau Imposes First Ever Data Security Fine

On February 27, 2016, the Consumer Financial Protection Bureau reached a settlement with Dwolla, Inc., an online payment system company, to resolve claims that the company made false representations regarding its data security practices in violation of the Consumer Financial Protection Act. Among other things, the consent order imposes a 100,000 dollar fine on Dwolla. This marks the first data security-related fine imposed by the CFPB. … Continue Reading

JIPDEC Named Accountability Agent for APEC Cross-Border Privacy System

On February 25, 2016, the Asia-Pacific Economic Cooperation issued a press release announcing the decision by the Joint Oversight Panel of the APEC Electronic Commerce Steering Group to approve the Japan Institute for Promotion of Digital Economy and Community as a new “Accountability Agent” under the APEC Cross-Border Privacy Rules system.… Continue Reading
LexBlog