Under the requirements of Singapore’s Personal Data Protection Act 2012 (PDPA), the Personal Data Protection Commission (PDPC) is the enforcement agency tasked with the responsibility of monitoring compliance with the PDPA.
On November 11, 2014, the Connecticut Supreme Court held in Emily Byrne v. Avery Center for Obstetrics and Gynecology, P.C. (“Avery Center”) (SC 18904) that the federal Health Insurance Portability and Accountability Act (“HIPAA”) does not preempt state common law negligence and emotional distress claims against medical providers who improperly breach the confidentiality of a patient’s medical records and that “HIPAA may inform the applicable standard of care in certain circumstances.” In reaching its decision, the high court reversed the trial court’s dismissal of plaintiff Emily Byrne’s state common law causes of action for negligence and negligent infliction of emotion distress against Avery Center for releasing information about her pregnancy without her authorization in complying with a subpoena in a paternity action. Although other states have reached similar holdings, the Connecticut ruling is notable in light of the passage of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act, which expanded HIPAA liability to business associates. As such, covered entities as well as their business associates risk increased exposure under HIPAA and state laws, including negligence, invasion of privacy and state privacy claims.
Republicans scored historic victories in Tuesday night’s midterm elections, retaking the Senate majority for the first time since 2006 by adding at least seven seats and possibly as many as 10. The GOP increased its majority in the House of Representatives by at least 13 seats (with some races still undecided), achieving the largest House Republican majority since the Hoover Administration. And Republicans added three more governors to their ranks.
The first edition of The Privacy, Data Protection and Cybersecurity Law Review appears at a time of extraordinary policy change and practical challenge for this field of law and regulation. Several Sidley lawyers in the Privacy, Data Security and Information Law practice have contributed to this publication.
Editor’s Preface, Alan Charles Raul
- Chapter 1, “European Union Overview,” William Long, Geraldine Scali and Alan Charles Raul
- Chapter 2, “APEC Overview,” Catherine Valerio Barrad and Alan Charles Raul
- Chapter 9, “Hong Kong,” Yuet Ming Tham and Joanne Mok
- Chapter 12, “Japan,” Takahiro Nonaka
- Chapter 16, “Singapore,” Yuet Ming Tham, Ijin Tan and Teena Zhang
- Chapter 20, “United Kingdom,” William Long and Geraldine Scali
- Chapter 21, “United States,” Alan Charles Raul, Tasha D Manoranjan and Vivek Mohan
On July 17, 2014, the New York State Department of Financial Services (“DFS”) issued for public comment its proposed “BitLicense” regulatory framework1 (the “Regulations”) and an accompanying press release.2 The release of the proposed Regulations follows the DFS announcement on March 11, 2014 that DFS would consider proposals and applications in connection with the establishment of virtual currency exchanges in New York.3
California has been experiencing a wave of putative class actions under the California Invasion of Privacy Act (“CIPA”). A decision this week by a federal court judge in California could halt new case filings and lay the groundwork for the dismissal of pending actions.
In an era where cyber risk is almost daily news, governments have been working to develop tools to help businesses protect themselves against those who want to steal or misuse data.
Consumer class actions under California’s Song-Beverly Credit Card Act have been shaped by significant case law developments over the last few years. Friday’s Ninth Circuit decision in Sinibaldi v. Redbox is a decisive victory for retailers of rented goods which will allow them wide latitude to collect personal information, such as zip codes, when using credit cards as a form of security.