On June 30, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had settled potential HIPAA Security Rule violations with Catholic Health Care Services of the Archdiocese of Philadelphia. This is the first enforcement action OCR has taken against a business associate since the HIPAA Omnibus Rule was enacted in 2013.
Continue Reading OCR Enters into First Enforcement Action Against Business Associate

TCCWNA. The very acronym evokes head scratches and sighs of angst and frustration among many in the retail industry. The New Jersey Truth-in-Consumer Contract Warranty and Notice Act was passed in 1981 to protect consumers from allegedly deceptive practices in consumer contracts, warranties, notices and signs. Continue reading for an in-depth view of the TCCWNA and what retailers can do to minimize risk.
Continue Reading The New Wave of Consumer Class Actions Targeting Retailers: What is the TCCWNA?

A panel of the Fourth Circuit confirmed that general liability insurance policies can afford coverage for cyber-related liabilities, and ruled that an insurer had to pay attorneys’ fees to defend the policyholder in class action litigation in Travelers Indemnity Company v. Portal Healthcare Solutions, No. 14-1944.
Continue Reading If a Data Breach Occurs and Nobody Accesses Customer Data, Does it Constitute “Publication”?

On October 6, 2014, the Irish Office of the Data Protection Commissioner (“ODPC”) announced its success in bringing prosecution proceedings against M.C.K Rentals Limited (“MCK”), a firm of private investigators, and its two directors, for breaches of the Irish Data Protection Acts 1998 and 2003. Specifically MCK and its directors were found to have (1) obtained personal data without the prior authority of the data controller who was responsible for the data and (2) disclosed the personal data obtained to various third parties.
Continue Reading In an Irish First, the ODPC Holds Company Directors Personally Liable for Breach of the Irish Data Protection Acts

On June 5, 2014, new OpenSSL vulnerabilities were announced and the same week the Department of Justice detailed the financial damage of one version of sophisticated malware. Because technological solutions alone may not eliminate cyber risk, a proactive approach to address cyber risk should include an evaluation of risk transfer mechanisms, such as insurance.
Continue Reading Cyber Insurance May Assist in Addressing Risk Posed by OpenSSL Vulnerabilities and Malware

On October 7, 2013, a federal district court in California held that a general liability insurance policy covered data breach claims alleging violations of California patients’ right to medical privacy. This blog post includes a downloadable client alert on the ruling.
Continue Reading Insurance Policy’s Statutory Rights Exclusion Does Not Apply to Data Breach Claims