By

Kate Heinzelman

05 September 2018

Clean-Up Bill Advances to Amend the New California Consumer Privacy Act

On Friday, August 31, the California legislature unanimously passed a host of “clean-up” amendments to the new California Consumer Privacy Act (CCPA), AB 375, as it set about addressing flaws and other concerns in the state’s groundbreaking data privacy law. These amendments are now awaiting Governor Brown’s signature. (more…)

EmailShare
15 August 2018

After LabMD, Questions Remain for the Healthcare Sector

*This article first appeared in the July 2018 issue of Digital Health Legal

Massive data breaches.  Threats to medical devices. The Internet of Persons.  Healthcare entities are all too familiar with the rising cyber threat.  But they are also familiar with the complex array of laws and regulations in the United States that attempt to address the threat and the potentially significant compliance costs and risks caused by that complexity.  The US Court of Appeals for the Eleventh Circuit’s recent and long-awaited decision in LabMD v. Federal Trade Commission, which trimmed the sails of one of the primary regulators of the healthcare information security landscape, may thus appear to some, at first blush, to be a necessary corrective. Yet closer inspection shows that the Eleventh Circuit’s decision raises more questions than it answers – and that its true implications will only become clear once we see how federal regulators, the courts, and perhaps Congress respond.

Read More

EmailShare
22 January 2018

Movement on Section 702 of the Foreign Intelligence Surveillance Act (FISA)

Following months of intense debate, an attempted filibuster, and close votes in both the House and Senate, Congress last week finally extended Section 702 of the Foreign Intelligence Surveillance Act (FISA).

(more…)

EmailShare
30 October 2017

When And How Cos. Should Address Cyber Legal Compliance

*This post originally appeared in Law 360 on October 24, 2017.

We’ve seen it happen time and again. When a company experiences a major data breach or hacking incident, media attention turns to speculation or allegations about the company’s past history of underinvesting in cyber defenses, its supposed culture of cyber complacency, or its history of unaddressed (but, in retrospect, allegedly clear) vulnerabilities. New information may come to light indicating the victimized company suffered previous breaches months, or years, earlier. Rumors of cyber-inadequacy gain currency among current and former employees and, ultimately, regulators and plaintiffs. Sometimes (but not always), these rumors, allegations, supposition and speculation even turn out to be true. (more…)

EmailShare
XSLT Plugin by BMI Calculator