COVID-19: Dealing with Vendors – Privacy and Supply Chain Issues
The COVID-19 global pandemic presents unique legal and practical challenges for businesses across all industries, including with respect to ongoing relationships with vendors and suppliers – whether this relates to information security, privacy compliance, business continuity and contractual issues, such as in relation to force majeure.
In this webinar, we … Read More
NIST Releases Version 1.0 of Privacy Framework to Help Organizations Manage Privacy Risks and Improve Protection of Personal Data
With issues around the collection and handling of personal data becoming the focus of increased scrutiny among regulators, policymakers, and consumers, interest has continued to grow among organizations to better understand and address privacy risk. Seeking to support innovation in the market and to accommodate the increasingly global nature of … Read More
Observations from Albania: the 41st Annual International Conference of Data Protection and Privacy Commissioners (October 23-24, 2019)
UK ICO Commissioner Liz Denham, who serves as Conference Chair, welcomed attendees at the public session and provided a brief summary of what transpired at the Commissioners’ closed door sessions. She noted that “privacy” has gone “mainstream.” People around the world expect more information about how their data is … Read More
FTC’s Authority to Obtain Monetary Relief is in Doubt
The U.S. Court of Appeals for the Seventh Circuit has struck a major blow to Federal Trade Commission (FTC) enforcement authority, holding that the agency cannot seek its preferred remedy of monetary restitution in federal court.
In recent years, the FTC has used Section 13(b) of the Federal Trade Commission … Read More
FTC Announces Record-Setting $5.7M COPPA Penalty
On February 27, 2019, the Federal Trade Commission (“FTC”) announced a record-setting $5.7 million civil penalty against makers of the popular free video creation and sharing app, Musical.ly (now known as TikTok), for violations of U.S. children’s privacy rules. This is the largest civil penalty the FTC has issued concerning … Read More
FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules
Over the last few years, States have enacted increasingly aggressive legislation concerning data privacy and security, raising concerns that companies will be subject to a patchwork of different standards. Congress has recently taken notice, convening hearings on potential federal privacy legislation, with the possibility of preemption a hot topic during … Read More
The Trump Administration’s Approach to Data Privacy, and Next Steps
* This article originally appeared in Law360 on September 27, 2018.
On Sept. 25, 2018, the Trump administration proposed an approach and initiated a process to modernize U.S. data privacy policy. The administration’s approach is “risk-based” rather than rule-based, and, as such, signals a willingness to move away from a … Read More
After LabMD, Questions Remain for the Healthcare Sector
*This article first appeared in the July 2018 issue of Digital Health Legal
Massive data breaches. Threats to medical devices. The Internet of Persons. Healthcare entities are all too familiar with the rising cyber threat. But they are also familiar with the complex array of laws and regulations in the … Read More
Privacy as a “Fundamental Right” Clouds Smart Regulation
*Originally Published July 12, 2018 by Chambers and Partners Data Protection & Cyber Security 2018
There is a lot going on with privacy around the world. As discussed in the chapters of this book, significant new laws are being adopted or taking effect, important judicial decisions are being decided to … Read More
11th Circuit Vacates LabMD Enforcement Order; Casts Doubt on Decades of FTC Cybersecurity Enforcement Practices
In recent years, the Federal Trade Commission has increasingly exercised its enforcement authority to target deceptive and unfair information security practices. During this time, enforcement actions have targeted companies for failing to honor their promises to implement “reasonable” or “industry standard” security practices, defend against well-known security threats, put in … Read More