Information Security

GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action

Posted on February 3, 2023

Posted in Cybersecurity, Enforcement, Health Privacy, Information Security, Security Breach

On February 1, 2023, the Federal Trade Commission announced that it entered into a proposed order with GoodRx, a telehealth and prescription drug discount provider, for violations of the FTC’s Health Breach Notification Rule stemming from GoodRx’s unauthorized disclosures of consumers’ personal health information to third party advertisers and other companies.
Continue Reading GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action

Whole Foods Settles BIPA Voiceprint Class Action

Posted on January 18, 2023

Posted in Enforcement, Information Security, U.S. State Law, Workplace Privacy

On January 3, 2023, an Illinois state court entered a preliminary approval order for a settlement of nearly $300,000 in a class action lawsuit against Whole Foods for claims that the company violated the Illinois Biometric Information Privacy Act. …
Continue Reading Whole Foods Settles BIPA Voiceprint Class Action

Five Guys Hit with BIPA Class Action

Posted on January 3, 2023

Posted in Cybersecurity, Enforcement, Information Security, U.S. State Law

On December 20, 2022, a former employee in Illinois, brought a class action suit against Five Guys Enterprises, LLC, alleging that Five Guys violated the Illinois Biometric Information Privacy Act. …
Continue Reading Five Guys Hit with BIPA Class Action

Claimant to Maintain Anonymity in English High Court Cyber Attack Case

Posted on December 22, 2022

Posted in Cybersecurity, European Union, Information Security, International, Security Breach

On December 20, 2022, the English High Court has granted the victim of a cyber attack a permanent injunction against cyber attackers whilst the victim organization maintains its anonymity.
Continue Reading Claimant to Maintain Anonymity in English High Court Cyber Attack Case

FTC Announces $520 Million in Settlements with Epic Games

Posted on December 20, 2022

Posted in Children’s Privacy, Information Security

On December 19, 2022, the Federal Trade Commission announced two settlements, amounting to $520 million, with Epic Games, Inc. in connection with alleged violations of the Children’s Online Privacy Protection Act Rule and alleged use of “dark patterns” relating to in-game purchases. …
Continue Reading FTC Announces $520 Million in Settlements with Epic Games

UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge

Posted on December 19, 2022

Posted in Financial Privacy, Information Security, International

On December 15, 2022, the UK government and the Dubai International Financial Centre Authority issued a joint statement on the shared commitment to deepening the UK-DIFC data partnership. …
Continue Reading UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge

HHS Releases Bulletin on Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates

Posted on December 19, 2022

Posted in Health Privacy, Information Security, Online Privacy, Security Breach

On December 1, 2022, the Office for Civil Rights at the U.S. Department of Health and Human Services released a Bulletin on the obligations of HIPAA covered entities and business associates under the HIPAA Privacy, Security, and Breach Notification Rules when using online tracking technologies. …
Continue Reading HHS Releases Bulletin on Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates

FTC Releases Updated Mobile Health App Compliance Tool

Posted on December 16, 2022

Posted in Health Privacy, Information Security, U.S. Federal Law

On December 7, 2022, the Federal Trade Commission released an updated Mobile Health App Interactive Tool to help developers determine what federal laws and regulations apply to apps that collect and process health data.
Continue Reading FTC Releases Updated Mobile Health App Compliance Tool

European Commission to Start Adequacy Decision Adoption Process for the EU-U.S. Data Privacy Framework

Posted on December 15, 2022

Posted in European Union, Information Security, International

On December 13, 2022, the European Commission launched the process for the adoption of an adequacy decision for the EU-U.S. Data Privacy Framework.
Continue Reading European Commission to Start Adequacy Decision Adoption Process for the EU-U.S. Data Privacy Framework

Illinois Appellate Court Holds Data Retention Policies Required When Collecting Biometric Data

Posted on December 8, 2022

Posted in Information Security, U.S. State Law, Workplace Privacy

On November 30, 2022, the Second District Appellate Court of Illinois reversed and remanded a grant of summary judgement in favor of defendant, J&M Plating, Inc., for alleged violation of the Illinois Biometric Information Privacy Act.
Continue Reading Illinois Appellate Court Holds Data Retention Policies Required When Collecting Biometric Data

Menu

Privacy & Information Security Law Blog