On November 1, 2018, Senator Ron Wyden released a draft bill, the Consumer Data Protection Act, that seeks to “empower consumers to control their personal information.” The draft bill imposes heavy penalties on organizations and their executives, and for certain thresholds would require senior company executives to file annual data reports with the Federal Trade Commission.
Continue Reading

Recently, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement and record settlement of $16 million with Anthem, Inc. following Anthem’s 2015 data breach, the largest breach of protected health information in history that affected approximately 79 million individuals.
Continue Reading

On September 30, 2018, the U.S., Mexico and Canada announced a new trade agreement aimed at replacing the North American Free Trade Agreement. Notably, the USMCA’s chapter on digital trade recognizes “the economic and social benefits of protecting the personal information of users of digital trade” and will require the U.S., Canada and Mexico to each “adopt or maintain a legal framework that provides for the protection of the personal information of the users.” In adopting such a framework, the USMCA directs the Parties to consider the principles and guidelines of relevant international bodies, and formally recognizes the APEC Cross-Border Privacy Rules as “a valid mechanism to facilitate cross-border information transfers while protecting personal information.”
Continue Reading

On September 27, 2018, the Federal Trade Commission announced a settlement agreement with four companies – IDmission, LLC, mResource LLC, SmartStart Employment Screening, Inc., and VenPath, Inc. – over allegations that each company had falsely claimed to have valid certifications under the EU-U.S. Privacy Shield framework.
Continue Reading

On September 26, 2018, the US Senate Committee on Commerce, Science, and Transportation convened a hearing on Examining Consumer Privacy Protections with representatives of major technology and communications firms to discuss approaches to protecting consumer privacy, how the United States might craft a federal privacy law and companies’ experiences in implementing the EU General Data Protection Regulation and the California Consumer Privacy Act.
Continue Reading

On August 28, 2018, plaintiffs filed a class action lawsuit against Nielsen Holdings PLC and some of its officers and directors for making allegedly materially false and misleading statements to investors about the impact of privacy regulations and third-party business partners’ privacy policies on the company’s revenues and earnings.
Continue Reading