President Obama Signs New Privacy Law – Judicial Redress Act

On February 24, 2016, President Obama signed into law the Judicial Redress Act giving citizens of certain “covered countries” access to U.S. courts to protect their privacy and take legal action against U.S. government agencies if their personal data is unlawfully disclosed.  The  Act provides that the U.S. Secretary of State, the Treasury Secretary and the Secretary of Homeland Security, will designate which countries and “regional economic integration organizations” (REIOs) will be “covered countries.”  To be designated, however, the countries and REIOs must ...

MVA Seminar - Privacy and Data Breach:  What Can Companies Expect in 2016?
PRIVACY AND DATA BREACH: WHAT CAN COMPANIES EXPECT IN 2016? (MARCH 16, 2016, SPEAKERS - KARIN MCGINNIS, TODD TAYLOR): 2016 promises to bring significant developments and challenges in information privacy and data security. Congress and state legislatures are continuing to focus on new laws to protect personal information while at the same time minimize the impact of cybersecurity threats. The Federal Trade Commission has made clear that it will continue to be a watchdog for privacy and data security violations affecting consumers, while at the same time the National Labor ...
Mobile Applications that Track User Information Have the FTC’s Attention

by Member Omari Sealy
Similar to website browsers, many mobile applications collect a variety of information from the user, including, the user’s identity, usage history, past log-ins, and location.  This enables the application to provide various functionality and to tailor features of the application for a better user experience (e.g., items retained in a shopping cart or targeted advertising).  These applications can be found in a variety of everyday devices such as smartphones, tablets, laptops, smart TVs, and even in some newer automobiles.  However, the enhanced ...

Inadequate OCR Technology and Policy Result in Few Consequences for Repeat HIPAA Violators

The Office for Civil Rights within the U.S. Department of Health and Human Services (OCR) is the federal agency tasked with enforcing the Health Insurance Portability and Accountability Act (HIPAA). HIPAA, as most folks reading this know, requires health care providers and other covered entities to protect the privacy and security of an individual’s protected health information (PHI). OCR has broad enforcement authority and wide latitude in deciding how to handle complaints alleging violations of HIPAA’s privacy, security, and breach notification rules. OCR can resolve a ...

US and EU “Privacy Shield” Framework for Cross-Border Data Transfers Submitted to Article 29 Working Party Today

by Privacy & Data Security Member Karin McGinnis

On the same day that groundhog Punxsutawney Phil predicted an early Spring, the EU College of Commissioners brought some sunshine of its own, announcing yesterday that it has reached an agreement with the U.S. on transfers of personal  data from the EU to the U.S.  Details on the “Privacy Shield” are sketchy, and the EU Commission still must confer with the Article 29 Working Party and draft a decision document setting forth the terms.  But this is welcome news for companies on both sides of the pond.  More good news came today.  The Article ...

Reading the Section 5(a) Tea Leaves: What the end of 2015 may suggest about the FTC priorities in 2016

by Associate Breana Jeter

The end of 2015 represented a mixed bag for the Federal Trade Commission on privacy enforcement.  In November, the FTC’s Chief Administrative Law Judge dismissed the FTC’s complaint against LabMD for a possible data breach of 1,718 patients’ insurance claim information.  The patient’s sensitive information was discovered on peer-to-peer software by a data security company seeking to sell its services to LabMD.  While LabMD maintained that the patient’s information never left the company’s network and that there was no actual ...

Federal Trade Commission PrivacyCon 2016 Recap: Insights into the FTC’s Perspective on Privacy and Data Security

by Privacy & Data Security Member Karin McGinnis

The Federal Trade Commission’s PrivacyCon event brings together the FTC, researchers and academics to discuss the latest research and trends related to consumer privacy and data security.  Much of the discussion today centered on Big Data, coming on the heels of the FTC’s report, Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues, which can be found here.  Also prominent were concerns about web transparency and whether consumers in fact understand what data is collected on them and how it will be used.  FTC ...

IN DRAFTING COMPANY-ISSUED DEVICE AND BYOD POLICIES, DON’T FORGET THE WAGE AND HOUR ISSUES.

I’ve been holding my breath waiting for the decision by the U.S. District Court for the Northern District of Chicago in the Allen v. City of Chicago overtime collective action before giving you a blog post on this case. The trial concluded almost two months ago. Because I am starting to turn blue, and because the issue is an important one, I’m not waiting any longer.

The case involves claims by Chicago police officers in the Bureau of Organized Crime seeking pay for time spent off-duty checking and responding to emails, texts and phone calls on police department issued Blackberry’s ...

European Court of Justice Invalidates E.U. – U.S. Safe Harbor Framework

On October 6, 2015, the European Union's Court of Justice (the "ECJ") invalidated the E.U. – U.S. Safe Harbor Framework (the “Safe Harbor”) -- a data transfer arrangement upon which thousands of U.S. based companies have relied for legally transferring personal data outside of the European Union to the United States.   In order to better understand the likely impact of the ECJ’s decision, it may be useful to understand the original purpose behind the Safe Harbor.

Background on the Safe Harbor

Prior to the adoption of the Safe Harbor, legally transferring personally ...

Federal Cybersecurity Legislation Moving Quickly, But Is It In the Wrong Direction?

By:  Marcus Lee and Omari Sealy

Federal cybersecurity legislation seeking to establish a national standard for data protection and breach response is quickly working its way through the legislative process.  The bipartisan bill, formerly known as the Data Security And Breach Notification Act of 2015 (hereafter “cybersecurity bill”), was introduced into the U.S. Senate on April 16, 2015, by Sen. Tom Carper (D-Delaware) and Sen. Roy Blunt (R-Missouri).   According to the bill, it is intended to provide a “clear set of national standards that would help the prevention of and ...

About Data Points: Privacy & Data Security Blog

The technology and regulatory landscape is rapidly changing, thus impacting the manner in which companies across all industries operate, specifically in the ways they collect, use and secure confidential data. We provide transparent and cutting-edge insight on critical issues and dynamics. Our team informs business decision-makers about the information they must protect, and what to do if/when security is breached.

Stay Informed

* indicates required
Jump to Page

Subscribe To Our Newsletter

Stay Informed

* indicates required

By using this site, you agree to our updated Privacy Policy and our Terms of Use.