Tag Archives: Penalty

Uber Settles FTC Data Privacy and Security Allegations

On August 15, 2017, the FTC announced that it had reached a settlement with Uber, Inc., over allegations that the ride-sharing company had made deceptive data privacy and security representations to its consumers. Under the terms of the settlement, Uber has agreed to implement a comprehensive privacy program and to undergo regular, independent privacy audits for the next 20 years.… Continue Reading

Nevada Enacts Website Privacy Notice Law

Recently, Nevada enacted an online privacy policy law which will require operators of websites and online services to post a notice on their website regarding their privacy practices. Nevada is the third state to enact legislation requiring website operators to post a public privacy notice, following California (enacted in 2004) and Delaware (enacted in 2016). … Continue Reading

Global Ransomware Attacks Raise Key Legal Considerations

On May 12, 2017, a massive ransomware attack, known as “WannaCry,” began affecting tens of thousands of computer systems in over 100 countries. These types of incidents can have significant legal implications for affected entities and industries for whom data access and continuity is critical. As affected entities work to understand and respond to the threat of ransomware, we address some of the key legal considerations.… Continue Reading

Chinese Hackers Fined for Hack of New York Law Firms

On May 5, 2017, the U.S. District Court for the Southern District of New York entered a default judgment in favor of the SEC against three Chinese defendants accused of hacking into the nonpublic networks of two New York-headquartered law firms and stealing confidential information regarding several publicly traded companies engaged in mergers and acquisitions.… Continue Reading

Wireless Provider Reaches $2.5 Million Settlement with OCR

On April 24, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement with CardioNet, Inc., stemming from gaps in policies and procedures uncovered after CardioNet reported breaches of unsecured electronic protected health information.… Continue Reading

German Federal Parliament Passes New German Data Protection Act

On April 27, 2017, the German Federal Parliament adopted the new German Federal Data Protection Act to replace the existing Federal Data Protection Act of 2003. The new BDSG is intended to adapt the current German data protection law to the EU General Data Protection Regulation which will become effective on May 25, 2018. … Continue Reading

Privacy Compliance Company Agrees to a Settlement with the New York Attorney General

On April 6, 2017, New York Attorney General Eric T. Schneiderman announced that privacy compliance company TRUSTe, Inc., agreed to settle allegations that it failed to properly verify that customer websites aimed at children did not run third-party software to track users. According to Attorney General Schneiderman, the enforcement action taken by the NY AG is the first to target a privacy compliance company over children’s privacy.… Continue Reading

Home Depot Settles Data Breach Claims

On March 9, 2017, Home Depot reached an agreement that includes the payment of 25 million dollars and the implementation of new data security measures to resolve a putative class action brought by financial institutions impacted by the company’s 2014 data breach.… Continue Reading

OCR Settlement Emphasizes Importance of Audit Controls

On February 16, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with Memorial Healthcare System that emphasized the importance of audit controls in preventing breaches of protected health information. The 5.5 million dollar settlement with Memorial is the fourth enforcement action taken by OCR in 2017, and matches the largest civil monetary ever imposed against a single covered entity.… Continue Reading

FTC Announces Settlement Regarding Collecting Consumer TV Viewing Data

On February 6, 2017, the FTC announced that it has agreed to settle charges that VIZIO, Inc., installed software on about 11 million consumer televisions to collect viewing data without consumers’ knowledge or consent. The stipulated federal court order requires VIZIO to pay 2.2 million dollars to the FTC and New Jersey Division of Consumer Affairs. … Continue Reading

OCR Settlement Emphasizes Importance of Implementing Safeguards to Protect PHI

On January 18, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with MAPFRE Life Insurance Company of Puerto Rico relating to a breach of protected health information contained on a portable storage device. This is the second enforcement action taken by OCR in 2017, following the action taken against Presence Health earlier this month for failing to make timely breach notifications.… Continue Reading

OCR Settles First Enforcement Action for Untimely Reporting of a Breach

On January 7, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with Presence Health stemming from the entity’s failure to notify affected individuals, the media and OCR within 60 days of discovering a breach. This marks the first OCR settlement of 2017 and the first enforcement action relating to untimely breach reporting by a HIPAA covered entity.… Continue Reading
LexBlog