In this second segment from Bloomberg Law’s Second Annual Big Law Business Summit, Hunton partner Lisa Sotto discusses the evolution of privacy over the years. View the video recording now.… Continue Reading
The Office of Management and Budget recently issued updated information management policies for the U.S. federal government. The updated policies are intended "to reflect changes in law and advances in technology, as well as to ensure consistency with Executive Orders, Presidential Directives, and other OMB policy."… Continue Reading
In this first segment from Bloomberg Law’s Second Annual Big Law Business Summit, Hunton partner Lisa Sotto describes the dramatic changes in the legal landscape of privacy over the last 10 to 15 years. View the video recording now. … Continue Reading
On August 4, 2016, the U.S. Department of Health and Human Services' Office for Civil Rights entered into a resolution agreement with Advocate Health Care Network over alleged HIPAA violations. The multimillion dollar settlement with Advocate is the largest settlement to date against a single covered entity.… Continue Reading
On July 29, 2016, the Federal Trade Commission announced that it had issued an opinion and final order reversing the administrative law judge’s decision by finding that LabMD failed to maintain reasonable security practices to protect consumers’ sensitive personal information in violation of Section 5 of the FTC Act.… Continue Reading
The U.S. Department of Health and Human Services’ Office for Civil Rights recently entered into resolution agreements with two large public health centers over alleged HIPAA violations.… Continue Reading
On July 26, 2016, the White House unveiled Presidential Policy Directive PPD-41, which sets forth principles for federal responses to cyber incidents approved by the National Security Council. PPD-41 first focuses on incident response to cyber attacks on government assets, but also outlines federal incident responses to cyber attacks on certain critical infrastructure within the private sector.… Continue Reading
On July 25, 2016, Lisa Sotto, partner and head of the Global Privacy and Cybersecurity practice at Hunton, discussed cybersecurity and the changing regulatory landscape on KUCI’s Privacy Piracy radio show. This blog post contains a link to the full interview. … Continue Reading
On July 26, 2016, the U.S. Department of Commerce announced that it had launched a new website that provides individuals and companies with additional information regarding the EU-U.S. Privacy Shield Framework.… Continue Reading
Hunton partner Lisa Sotto and associate Chris Hydak recently published an article in Law360 entitled “The EU-U.S. Privacy Shield: A How-To Guide,” detailing the Privacy Shield principles, the benefits of certification, how the Shield will be enforced, and the challenges and risks associated with the future of the Privacy Shield. This blog post contains a link to the full article. … Continue Reading
On July 14, 2016, the U.S. Court of Appeals for the Second Circuit held that Microsoft Corporation cannot be compelled to turn over customer emails stored abroad to U.S. law enforcement authorities.… Continue Reading
On June 30, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had settled potential HIPAA Security Rule violations with Catholic Health Care Services of the Archdiocese of Philadelphia. This is the first enforcement action OCR has taken against a business associate since the HIPAA Omnibus Rule was enacted in 2013.… Continue Reading
On June 29, 2015, Politico reported that it has obtained updated EU-U.S. Privacy Shield documents following the latest negotiations between U.S. and EU government authorities. … Continue Reading
On June 22, 2016, the Federal Trade Commission announced that it reached a settlement with a mobile advertising company, InMobi, to resolve charges that the company deceptively tracked hundreds of millions of consumers’ locations without their knowledge or consent. Among other requirements, the settlement orders the company to pay 950,000 dollars in civil penalties. … Continue Reading
The NTIA's multistakeholder process to develop a code of conduct regarding the commercial use of facial recognition technology has concluded with the group reaching a consensus on a best practices document.… Continue Reading
As we previously reported, the Supreme Court’s decision in Spokeo v. Robins, has been nearly universally lauded by defense counsel as a new bulwark against class actions alleging technical violations of federal statutes. But Spokeo also poses a significant threat to defendants by defeating their ability to remove exactly the types of cases that defendants most want in federal court.… Continue Reading
Recently, Aegerion Pharmaceuticals announced that it will enter into several settlements and plead guilty to two misdemeanors in connection with alleged violations of HIPAA, drug marketing regulations and securities laws. The criminal charges stem from the company’s marketing of a cholesterol drug called Juxtapid. Aegerion allegedly failed to comply with risk evaluation and management strategies and … Continue Reading
On May 16, 2016, the United States Supreme Court issued a decision in Spokeo Inc. v. Thomas Robins, holding that the Ninth Circuit’s ruling applied an incomplete analysis when it failed to consider both aspects of the injury-in-fact requirement under Article III. The Court found that a consumer could not sue Spokeo, Inc., an alleged consumer reporting agency that operates a “people search engine,” for a mere statutory violation without alleging actual injury.… Continue Reading
As we previously reported, the Federal Aviation Administration’s (“FAA’s”) proposed “small drone rule” nears completion of the interagency review process, but one potential stumbling block has been removed, at least for now. On Tuesday, May 10, 2016, the U.S. Court of Appeals for the D.C. Circuit denied a request by the Electronic Privacy Information Center … Continue Reading
On May 9, 2016, the Federal Trade Commission announced it had issued Orders to File a Special Report to eight mobile device manufacturers requiring them to, for purposes of the FTC's ongoing study of the mobile ecosystem, provide the FTC with "information about how [the companies] issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices."… Continue Reading
On May 3, 2016, the Federal Aviation Administration announced the establishment of a Drone Advisory Committee intended to increase transparency and collaboration between the FAA and key stakeholders in the ongoing effort to develop and implement an overall integration strategy for Unmanned Aircraft Systems.… Continue Reading
The U.S. Department of Health and Human Services’ Office for Civil Rights recently announced resolution agreements with Raleigh Orthopaedic Clinic, P.A., and New York-Presbyterian Hospital for HIPAA Privacy Rule violations.… Continue Reading
In March 2016, the Department of Health and Human Services announced resolution agreements with North Memorial Health Care of Minnesota and The Feinstein Institute for Medical Research over potential violations of the HIPAA Privacy Rule.… Continue Reading
On February 27, 2016, the Consumer Financial Protection Bureau reached a settlement with Dwolla, Inc., an online payment system company, to resolve claims that the company made false representations regarding its data security practices in violation of the Consumer Financial Protection Act. Among other things, the consent order imposes a 100,000 dollar fine on Dwolla. This marks the first data security-related fine imposed by the CFPB. … Continue Reading
