Recently, Nevada enacted an online privacy policy law which will require operators of websites and online services to post a notice on their website regarding their privacy practices. Nevada is the third state to enact legislation requiring website operators to post a public privacy notice, following California (enacted in 2004) and Delaware (enacted in 2016).
Continue Reading Nevada Enacts Website Privacy Notice Law

On October 3, 2016, the Texas Attorney General announced a $30,000 settlement with mobile app developer Juxta Labs stemming from allegations that the company engaged in deceptive practices regarding its collection of personal information from children.
Continue Reading Texas AG Settles Suit with Messaging App Over Children’s Data Practices

As we previously reported, the Federal Aviation Administration’s (“FAA’s”) proposed “small drone rule” nears completion of the interagency review process, but one potential stumbling block has been removed, at least for now. On Tuesday, May 10, 2016, the U.S. Court of Appeals for the D.C. Circuit denied a request by the Electronic Privacy Information Center (“EPIC”) to review the FAA’s decision not to include privacy provisions in its Notice of Proposed Rulemaking for the Operation and Certification of Small Unmanned Aircraft Systems (“NPRM”), as well as its denial of an EPIC petition to the same effect. The court decided that there were no reasonable grounds for EPIC’s delay in filing for review of the FAA’s denial of EPIC’s 2012 petition that sought to cause the FAA to promulgate privacy regulations pertaining to drones. The court further concluded that EPIC’s challenge to the NPRM itself is premature, as the rule is not yet final.
Continue Reading Privacy Provisions Not Included in Small Drone Rule

On March 14, 2016, the UK’s Information Commissioner’s Office published a guide, “Preparing for the General Data Protection Regulation (GDPR) – 12 Steps to Take Now.” The guide sets out a number of points that should inform organizations’ data privacy and governance programs ahead of the anticipated mid-2018 entry into force of the GDPR.
Continue Reading ICO Issues Twelve Step Guidance on Preparing for the EU General Data Protection Regulation

On February 3, 2016, the U.S. Department of Health and Human Services Office for Civil Rights announced that an Administrative Law Judge ruled that Lincare, Inc. violated the HIPAA Privacy Rule and ordered the company to pay 239,800 dollars to OCR.
Continue Reading Administrative Law Judge Orders Health Care Provider to Pay HIPAA Civil Monetary Penalty