On February 24, 2016, President Obama signed into law the Judicial Redress Act giving citizens of certain “covered countries” access to U.S. courts to protect their privacy and take legal action against U.S. government agencies if their personal data is unlawfully disclosed. The Act provides that the U.S. Secretary of State, the Treasury Secretary and the Secretary of Homeland Security, will designate which countries and “regional economic integration organizations” (REIOs) will be “covered countries.” To be designated, however, the countries and REIOs must ...
by Member Omari Sealy
Similar to website browsers, many mobile applications collect a variety of information from the user, including, the user’s identity, usage history, past log-ins, and location. This enables the application to provide various functionality and to tailor features of the application for a better user experience (e.g., items retained in a shopping cart or targeted advertising). These applications can be found in a variety of everyday devices such as smartphones, tablets, laptops, smart TVs, and even in some newer automobiles. However, the enhanced ...
The Office for Civil Rights within the U.S. Department of Health and Human Services (OCR) is the federal agency tasked with enforcing the Health Insurance Portability and Accountability Act (HIPAA). HIPAA, as most folks reading this know, requires health care providers and other covered entities to protect the privacy and security of an individual’s protected health information (PHI). OCR has broad enforcement authority and wide latitude in deciding how to handle complaints alleging violations of HIPAA’s privacy, security, and breach notification rules. OCR can resolve a ...
by Privacy & Data Security Member Karin McGinnis
On the same day that groundhog Punxsutawney Phil predicted an early Spring, the EU College of Commissioners brought some sunshine of its own, announcing yesterday that it has reached an agreement with the U.S. on transfers of personal data from the EU to the U.S. Details on the “Privacy Shield” are sketchy, and the EU Commission still must confer with the Article 29 Working Party and draft a decision document setting forth the terms. But this is welcome news for companies on both sides of the pond. More good news came today. The Article ...
by Associate Breana Jeter
The end of 2015 represented a mixed bag for the Federal Trade Commission on privacy enforcement. In November, the FTC’s Chief Administrative Law Judge dismissed the FTC’s complaint against LabMD for a possible data breach of 1,718 patients’ insurance claim information. The patient’s sensitive information was discovered on peer-to-peer software by a data security company seeking to sell its services to LabMD. While LabMD maintained that the patient’s information never left the company’s network and that there was no actual ...
by Privacy & Data Security Member Karin McGinnis
The Federal Trade Commission’s PrivacyCon event brings together the FTC, researchers and academics to discuss the latest research and trends related to consumer privacy and data security. Much of the discussion today centered on Big Data, coming on the heels of the FTC’s report, Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues, which can be found here. Also prominent were concerns about web transparency and whether consumers in fact understand what data is collected on them and how it will be used. FTC ...
I’ve been holding my breath waiting for the decision by the U.S. District Court for the Northern District of Chicago in the Allen v. City of Chicago overtime collective action before giving you a blog post on this case. The trial concluded almost two months ago. Because I am starting to turn blue, and because the issue is an important one, I’m not waiting any longer.
The case involves claims by Chicago police officers in the Bureau of Organized Crime seeking pay for time spent off-duty checking and responding to emails, texts and phone calls on police department issued Blackberry’s ...
On October 6, 2015, the European Union's Court of Justice (the "ECJ") invalidated the E.U. – U.S. Safe Harbor Framework (the “Safe Harbor”) -- a data transfer arrangement upon which thousands of U.S. based companies have relied for legally transferring personal data outside of the European Union to the United States. In order to better understand the likely impact of the ECJ’s decision, it may be useful to understand the original purpose behind the Safe Harbor.
Background on the Safe Harbor
Prior to the adoption of the Safe Harbor, legally transferring personally ...
By: Marcus Lee and Omari Sealy
Federal cybersecurity legislation seeking to establish a national standard for data protection and breach response is quickly working its way through the legislative process. The bipartisan bill, formerly known as the Data Security And Breach Notification Act of 2015 (hereafter “cybersecurity bill”), was introduced into the U.S. Senate on April 16, 2015, by Sen. Tom Carper (D-Delaware) and Sen. Roy Blunt (R-Missouri). According to the bill, it is intended to provide a “clear set of national standards that would help the prevention of and ...
About Data Points: Privacy & Data Security Blog
The technology and regulatory landscape is rapidly changing, thus impacting the manner in which companies across all industries operate, specifically in the ways they collect, use and secure confidential data. We provide transparent and cutting-edge insight on critical issues and dynamics. Our team informs business decision-makers about the information they must protect, and what to do if/when security is breached.