On October 13, 2016, Elizabeth Denham, the UK Information Commissioner, suggested at a House of Commons Public Bill Committee meeting that directors of companies who violate data protection laws should be personally liable to pay fines.… Continue Reading
On August 30, 2016, the First-tier Tribunal (Information Rights) (the “Tribunal”) dismissed an appeal from UK telecoms company TalkTalk Telecom Group PLC (“TalkTalk”) regarding a monetary penalty notice issued to it on February 17, 2016, by the UK Information Commissioner’s Office (“ICO”). The ICO had issued the monetary penalty notice to TalkTalk, for the amount … Continue Reading
On August 4, 2016, the U.S. Department of Health and Human Services' Office for Civil Rights entered into a resolution agreement with Advocate Health Care Network over alleged HIPAA violations. The multimillion dollar settlement with Advocate is the largest settlement to date against a single covered entity.… Continue Reading
The U.S. Department of Health and Human Services’ Office for Civil Rights recently entered into resolution agreements with two large public health centers over alleged HIPAA violations.… Continue Reading
On June 30, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had settled potential HIPAA Security Rule violations with Catholic Health Care Services of the Archdiocese of Philadelphia. This is the first enforcement action OCR has taken against a business associate since the HIPAA Omnibus Rule was enacted in 2013.… Continue Reading
On June 30, 2016, a joint committee composed of representatives from both chambers of the French Parliament reached a common position on the French ‘Digital Republic’ Bill that rejects the data localization amendment previously approved by the French Senate, but significantly amends other aspects of the French Data Protection Act. … Continue Reading
On June 29, 2016, the Federal Trade Commission announced that, to account for inflation, it is increasing the civil penalty maximums for certain violations of the FTC Act effective August 1, 2016. … Continue Reading
On June 22, 2016, the Federal Trade Commission announced that it reached a settlement with a mobile advertising company, InMobi, to resolve charges that the company deceptively tracked hundreds of millions of consumers’ locations without their knowledge or consent. Among other requirements, the settlement orders the company to pay 950,000 dollars in civil penalties. … Continue Reading
On June 8, 2016, the Federal Trade Commission announced that Practice Fusion, an electronic health records company, agreed to settle FTC charges that the company misled consumers about the privacy of doctor reviews submitted to the company. … Continue Reading
Recently, Aegerion Pharmaceuticals announced that it will enter into several settlements and plead guilty to two misdemeanors in connection with alleged violations of HIPAA, drug marketing regulations and securities laws. The criminal charges stem from the company’s marketing of a cholesterol drug called Juxtapid. Aegerion allegedly failed to comply with risk evaluation and management strategies and … Continue Reading
The U.S. Department of Health and Human Services’ Office for Civil Rights recently announced resolution agreements with Raleigh Orthopaedic Clinic, P.A., and New York-Presbyterian Hospital for HIPAA Privacy Rule violations.… Continue Reading
After four years of drafting and negotiations, the long awaited EU General Data Protection Regulation has been adopted at the EU level. This blog entry highlights key aspects of the Regulation.… Continue Reading
In March 2016, the Department of Health and Human Services announced resolution agreements with North Memorial Health Care of Minnesota and The Feinstein Institute for Medical Research over potential violations of the HIPAA Privacy Rule.… Continue Reading
On February 27, 2016, the Consumer Financial Protection Bureau reached a settlement with Dwolla, Inc., an online payment system company, to resolve claims that the company made false representations regarding its data security practices in violation of the Consumer Financial Protection Act. Among other things, the consent order imposes a 100,000 dollar fine on Dwolla. This marks the first data security-related fine imposed by the CFPB. … Continue Reading
On February 3, 2016, the U.S. Department of Health and Human Services Office for Civil Rights announced that an Administrative Law Judge ruled that Lincare, Inc. violated the HIPAA Privacy Rule and ordered the company to pay 239,800 dollars to OCR.… Continue Reading
Taiwan’s Office of the President recently issued an order to promulgate certain amendments to Taiwan’s Personal Data Protection Law. The Amendments revise 12 articles in the PDPL concerning the collection and use of sensitive personal data, the form of consent for the collection of non-sensitive personal data, and the imposition of criminal liability for certain violations of the PDPL. … Continue Reading
On January 5, 2016, the Federal Trade Commission announced that dental office management software provider, Henry Schein Practice Solutions, Inc., agreed to settle FTC charges that accused the company of falsely advertising the level of encryption it used to protect patient data.… Continue Reading
On January 1, 2016, a Dutch law became effective that (1) includes a general obligation for data controllers to notify the Data Protection Authority of data security breaches, and (2) authorizes the Data Protection Authority to impose direct fines for violations of the Data Protection Act.… Continue Reading
On December 27, 2015, the Standing Committee of the National People’s Congress of the People’s Republic of China published the P.R.C. Anti-Terrorism Law. The law was enacted in response to a perceived growing threat from extremists and terrorists, particularly in regions in Western China, and came into effect on January 1, 2016.… Continue Reading
On December 15, 2015, the California Attorney General announced an approximately 25 million dollar settlement with Comcast Cable Communications, LLC stemming from allegations that Comcast disposed of electronic equipment (1) without properly deleting customer information from the equipment and (2) in landfills that are not authorized to accept electronic equipment.… Continue Reading
The Federal Trade Commission recently announced that LifeLock, Inc., has agreed to pay 100 million USD to settle contempt charges for deceptive advertising.… Continue Reading
On December 17, 2015, the FTC announced a pair of COPPA settlements against operators of child-direct mobile apps available for download in the major app stores. These cases are the FTC’s first COPPA actions involving the collection of persistent identifiers from children since the FTC’s updated COPPA Rule went into effect in 2013.… Continue Reading
On December 14, 2015, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had settled potential HIPAA Security Rule violations with the University of Washington on behalf of the university’s medical center, medical school and affiliated labs and clinics. … Continue Reading
On November 5, 2015, the Enforcement Bureau of the Federal Communications Commission (“FCC”) entered into a Consent Decree with cable operator Cox Communications to settle allegations that the company failed to properly protect customer information when the company’s electronic data systems were breached in August 2014 by a hacker. The FCC alleged that Cox failed … Continue Reading
