On February 1, 2023, the Federal Trade Commission announced that it entered into a proposed order with GoodRx, a telehealth and prescription drug discount provider, for violations of the FTC’s Health Breach Notification Rule stemming from GoodRx’s unauthorized disclosures of consumers’ personal health information to third party advertisers and other companies.
Continue Reading GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action
Information Security
Whole Foods Settles BIPA Voiceprint Class Action
On January 3, 2023, an Illinois state court entered a preliminary approval order for a settlement of nearly $300,000 in a class action lawsuit against Whole Foods for claims that the company violated the Illinois Biometric Information Privacy Act. …
Continue Reading Whole Foods Settles BIPA Voiceprint Class Action
Five Guys Hit with BIPA Class Action
On December 20, 2022, a former employee in Illinois, brought a class action suit against Five Guys Enterprises, LLC, alleging that Five Guys violated the Illinois Biometric Information Privacy Act. …
Continue Reading Five Guys Hit with BIPA Class Action
Claimant to Maintain Anonymity in English High Court Cyber Attack Case
On December 20, 2022, the English High Court has granted the victim of a cyber attack a permanent injunction against cyber attackers whilst the victim organization maintains its anonymity.
Continue Reading Claimant to Maintain Anonymity in English High Court Cyber Attack Case
FTC Announces $520 Million in Settlements with Epic Games
On December 19, 2022, the Federal Trade Commission announced two settlements, amounting to $520 million, with Epic Games, Inc. in connection with alleged violations of the Children’s Online Privacy Protection Act Rule and alleged use of “dark patterns” relating to in-game purchases. …
Continue Reading FTC Announces $520 Million in Settlements with Epic Games
UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge
On December 15, 2022, the UK government and the Dubai International Financial Centre Authority issued a joint statement on the shared commitment to deepening the UK-DIFC data partnership. …
Continue Reading UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge
HHS Releases Bulletin on Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates
On December 1, 2022, the Office for Civil Rights at the U.S. Department of Health and Human Services released a Bulletin on the obligations of HIPAA covered entities and business associates under the HIPAA Privacy, Security, and Breach Notification Rules when using online tracking technologies. …
Continue Reading HHS Releases Bulletin on Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates
FTC Releases Updated Mobile Health App Compliance Tool
On December 7, 2022, the Federal Trade Commission released an updated Mobile Health App Interactive Tool to help developers determine what federal laws and regulations apply to apps that collect and process health data.
Continue Reading FTC Releases Updated Mobile Health App Compliance Tool
European Commission to Start Adequacy Decision Adoption Process for the EU-U.S. Data Privacy Framework
On December 13, 2022, the European Commission launched the process for the adoption of an adequacy decision for the EU-U.S. Data Privacy Framework.
Continue Reading European Commission to Start Adequacy Decision Adoption Process for the EU-U.S. Data Privacy Framework
Illinois Appellate Court Holds Data Retention Policies Required When Collecting Biometric Data
On November 30, 2022, the Second District Appellate Court of Illinois reversed and remanded a grant of summary judgement in favor of defendant, J&M Plating, Inc., for alleged violation of the Illinois Biometric Information Privacy Act.
Continue Reading Illinois Appellate Court Holds Data Retention Policies Required When Collecting Biometric Data