On June 14, 2019, the Federal Trade Commission announced that it has taken action against a number of companies that allegedly misrepresented their compliance with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks and other international privacy agreements. This blog entry provides an overview of these developments.
Continue Reading
Compliance
CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures
Posted on
On June 6, 2019, the CNIL announced that it levied a fine of 400,000 Euros on SERGIC, a French real estate service provider. This blog entry provides an overview of the case. …
Continue Reading
China Issues Draft of Data Security Administrative Measures
Posted on
On May 28, 2019, the Cyberspace Administration of China released draft Data Security Administrative Measures for public comment. This blog entry provides an overview of the proposed provisions.…
Continue Reading
OCR Settles with Medical Imaging Services Company
Posted on
On May 6, 2019, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement and $3 million settlement with Touchstone Medical Imaging. The settlement is the first OCR HIPAA enforcement action in 2019, following an all-time record year of HIPAA enforcement in 2018.…
Continue Reading
Dating Apps Warned of Potential COPPA and FTC Act Violations Removed from App Stores
Posted on
Posted in Children’s Privacy, U.S. Federal Law
On May 6, 2019, the FTC announced that three dating apps were removed from the Apple App Store and Google Play Store following an FTC letter alleging that the apps potentially violated the Children’s Online Privacy Protection Act and the Federal Trade Commission Act. …
Continue Reading
China Ministries Jointly Release Guidelines for Protecting Personal Information Online
Posted on
On April 11, 2019, three Chinese bodies issued the Guide to Protection of Security of Internet Personal Information. This blog entry provides an overview of the Guide.…
Continue Reading
HHS Publishes Health Industry Cybersecurity Practices
Posted on
The U.S. Department of Health and Human Services recently published “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients,” which was developed by the Healthcare & Public Health Sector Coordinating Councils Public Private Partnership, a group comprised of over 150 cybersecurity and healthcare experts from government and private industry.…
Continue Reading
Department of Commerce Updates Privacy Shield FAQs to Clarify Applicability to UK Personal Data
Posted on
Posted in European Union, International
On December 20, 2018, the Department of Commerce updated its frequently asked questions on the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks to clarify the effect of the UK’s planned withdrawal from the EU on March 29, 2019. The FAQs provide information on the steps Privacy Shield participants must take to receive personal data from the UK in reliance on the Privacy Shield after such time. …
Continue Reading
Serbia Enacts New Data Protection Law
Posted on
On November 9, 2018, Serbia’s National Assembly enacted a new data protection law. The Personal Data Protection Law, which becomes effective on August 21, 2019, is modeled after the EU General Data Protection Regulation. …
Continue Reading
CNIL Publishes DPIA Guidelines and List of Processing Operations Subject to DPIA
Posted on
Posted in European Union, Information Security
On November 6, 2018, the French Data Protection Authority published its own guidelines on data protection impact assessments and a list of processing operations that require a data protection impact assessment.…
Continue Reading