The Last Year in Privacy & Security Litigation; Government Access to Private Sector Data Select Cases from January 1, 2014 to February 28, 2015
A few key takeaways shape the contours of litigation in these areas over the past 14 months.
An Update on the Hong Kong Data Transfer Guidance
Section 33 of the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) (the PDPO) deals with the transfer of personal data, and prohibits the transfer of personal data outside Hong Kong except in specified circumstances, such as when:
- the data protection laws of the foreign country are similar to the PDPO; or
- the data subject has consented in writing to the transfer.
Legal Issues Surrounding the Use of Commercial Drones in Hong Kong and Singapore
From Military to Civilian Use
Traditionally, it was militaries that developed, then deployed unmanned aerial vehicles (drones) for combat roles or intelligence-gathering missions. The use of drone technology in the recreational space, and a projected spike in the commercial exploitation of drones, have caught the attention of Hong Kong and Singapore’s regulators. The ongoing privacy debate about how best to regulate presently under-regulated commercial drone use is expected to intensify. Actual or prospective commercial drone operators are advised to monitor what is expected to be an evolving aviation and privacy regulatory environment in two of the Asia Pacific’s key commercial centers.
A House of Representatives Rules Change that Will Affect Congressional Investigations: What it Means for the Private Sector
During the opening session of any new Congress, the House of Representatives sets the rules that will govern hearings, floor proceedings and debate. Typically, rule changes are minor. This year, the House quietly made one important change that could significantly affect institutions that are subject to government inquiries.
New FTC Settlement Reveals Heightened Agency Scrutiny Regarding Patient Authorizations and the Collection of Health Information
On December 3, 2014, the Federal Trade Commission (FTC) announced that it reached a settlement with PaymentsMD, an Atlanta-based medical billing company, and its former CEO, Michael C. Hughes, for alleged violations of Section 5(a) of the Federal Trade Commission Act for using deceptive tactics to collect sensitive health information. Public comments on the FTC’s proposed Consent Orders are due January 2, 2015.
Enforcement Actions Commenced Against Singapore’s New ‘Do Not Call’ Provisions
Background
Under the requirements of Singapore’s Personal Data Protection Act 2012 (PDPA), the Personal Data Protection Commission (PDPC) is the enforcement agency tasked with the responsibility of monitoring compliance with the PDPA.
Connecticut Ruling Finds HIPAA Does Not Preempt State Law Claims
On November 11, 2014, the Connecticut Supreme Court held in Emily Byrne v. Avery Center for Obstetrics and Gynecology, P.C. (“Avery Center”) (SC 18904) that the federal Health Insurance Portability and Accountability Act (“HIPAA”) does not preempt state common law negligence and emotional distress claims against medical providers who improperly breach the confidentiality of a patient’s medical records and that “HIPAA may inform the applicable standard of care in certain circumstances.” In reaching its decision, the high court reversed the trial court’s dismissal of plaintiff Emily Byrne’s state common law causes of action for negligence and negligent infliction of emotion distress against Avery Center for releasing information about her pregnancy without her authorization in complying with a subpoena in a paternity action. Although other states have reached similar holdings, the Connecticut ruling is notable in light of the passage of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act, which expanded HIPAA liability to business associates. As such, covered entities as well as their business associates risk increased exposure under HIPAA and state laws, including negligence, invasion of privacy and state privacy claims.
Previewing the 114th Congress
Republicans scored historic victories in Tuesday night’s midterm elections, retaking the Senate majority for the first time since 2006 by adding at least seven seats and possibly as many as 10. The GOP increased its majority in the House of Representatives by at least 13 seats (with some races still undecided), achieving the largest House Republican majority since the Hoover Administration. And Republicans added three more governors to their ranks.
New York State Department of Financial Services Proposes Broad Licensing Requirements for Businesses Engaged in Virtual Currency Activities
On July 17, 2014, the New York State Department of Financial Services (“DFS”) issued for public comment its proposed “BitLicense” regulatory framework1 (the “Regulations”) and an accompanying press release.2 The release of the proposed Regulations follows the DFS announcement on March 11, 2014 that DFS would consider proposals and applications in connection with the establishment of virtual currency exchanges in New York.3
The End of the Road for CIPA Class Actions?
California has been experiencing a wave of putative class actions under the California Invasion of Privacy Act (“CIPA”). A decision this week by a federal court judge in California could halt new case filings and lay the groundwork for the dismissal of pending actions.