Privacy and security continue to be at the forefront for legislatures across the nation, despite (or perhaps because of) the COVID-19 pandemic. In late May, with back-to-back amendments, Washington D.C. and Vermont significantly overhauled their data breach notification laws, including expansion of the definition of personal information, and heightened notice requirements. Now, Michigan may follow … Continue Reading
Roger Severino, Director of the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), provides advice for HIPAA covered health care providers: When informed of potential HIPAA violations, providers owe it to their patients to quickly address problem areas to safeguard individuals’ health information According to OCR allegations, a … Continue Reading
A little more than one year ago, we reported on a settlement (Cassell et al. v. Vanderbilt University, et al.) involving the alleged wrongful use of personal information belonging to retirement plan participants, claimed to be “plan assets.” This year, similar claims have been made against Shell Oil Company in connection with its 401(k) plan. Retirement … Continue Reading
States are reopening – find out which ones here. As they do, organizations will begin and/or continue adhering to a complex set of distancing, screening, capacity, sanitization, mask, posting, reporting, and other guidelines designed to maintain COVID19 curve flattening efforts. For organizations with operations in multiple states, the patchwork of federal, state, and local “guidelines” … Continue Reading
As organizations work feverishly to return to business in many areas of the country, they are mobilizing to meet the myriad of challenges for providing safe environments for their workers, customers, students, patients, and visitors. Chief among these challenges are screening for COVID19 symptoms, observing social distancing, contact tracing, and wearing masks. Fortunately, innovators are … Continue Reading
Stopping the spread of coronavirus is critical to overcoming the COVID-19 pandemic. As testing is ramping up around the country, some states and localities have imposed health screening requirements in an effort to identify persons at risk of being infected and stopping them from infecting others. Whether mandatory or recommended, screening employees and visitors could … Continue Reading
The Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) wants to make it easier for individuals to reach a healthcare provider, including those most at risk (older persons and persons with disabilities). Effective immediately, during the COVID-19 nationwide public health emergency, OCR announced it will not enforce noncompliance with … Continue Reading
Over the past few months, businesses across the country have been focused on the California Consumer Privacy Act (CCPA) which dramatically expands privacy rights for California residents and provides a strong incentive for businesses to implement reasonable safeguards to protect personal information. That focus is turning back east as the Stop Hacks and Improve Electronic … Continue Reading
Many businesses and their service providers have been awaiting final guidance from the California Attorney General concerning the California Consumer Privacy Act (CCPA). When news came last Friday of a regulatory update (“Update”), there may have been some initial disappointment that the Update did not announce final regulations, but only revisions to existing proposed regulations … Continue Reading
As reported by Bloomberg Law, data breach class action litigation has begun under the California Consumer Privacy Act (CCPA). Filed in the Northern District of California, San Francisco Division, a putative class action lawsuit against Hanna Andersson, LLC and its ecommerce platform provider, Salesforce.com, alleges negligence and a failure to maintain reasonable safeguards, among other … Continue Reading
Employers that sponsor group health plans (medical, dental, vision, HFSA) are used to negotiating detailed administrative services agreements with vendors that provide services to those plans. Many also are familiar with “business associate agreements” required under HIPAA that must be in place with certain vendors, such as third-party claims administrators (TPAs), wellness program vendors, benefits … Continue Reading
After years of data breaches, mass data collection, identity theft crimes, and failed attempts at broad-based federal legislation, 2020 may be the year that state privacy and data security legislation begins to take hold in the U.S. For example, the California Consumer Privacy Act (“CCPA”) and the New York Stop Hacks and Improve Electronic Data … Continue Reading
It’s hard to understate the range of issues the California Consumer Privacy Act (the “CCPA”) raises for covered businesses and their service providers. One of those issues involves the meaning of “consumer.” If you have been following CCPA developments, you know that at least for the first 12 months the CCPA is effective, the new … Continue Reading
As businesses prepare for the effective date of the California Consumer Privacy Act, many are conducting data mapping to identify the personal information they collect, who it belongs to, how they use it, with whom they share it and whether they sell or disclose it. The information a business collects from this exercise will set … Continue Reading
A new school year is upon us and some students are already back at school. Upon their return, many students may experience new technologies and equipment rolled out by their schools districts, such as online education resources, district-provided equipment, etc. to enhance the education they provide and improve district administration. However, a recent report, “The State … Continue Reading
The California Consumer Privacy Act (CCPA), considered the most expansive U.S. privacy laws to date, is set to take effect January 1, 2020. In short, the CCPA places limitations on the collection and sale of a consumer’s personal information and provides consumers certain rights with respect to their personal information. Wondering whether they will have … Continue Reading
Many health care providers, including small and medium-sized physician practices, rely on a number of third party service providers to serve their patients and run their businesses. Perhaps the most important of these is a practice’s electronic medical record (EMR) provider, which manages and stores patient protected health information. EMR providers generally are business associates … Continue Reading
Wrongful use of retirement plan participant data was among the claims made by a class of 40,000 participants against the plan sponsor and others in Cassell et al. v. Vanderbilt University et al. Specifically, the plan participants claimed that the University inter alia breached its “loyalty and prudence” duty by failing to protect confidential employee … Continue Reading
Following recent examinations of SEC-registered investment advisers and broker-dealers, the Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) published a privacy risk alert on April 16, 2019. OCIE is hoping to remind advisers and broker-dealers about providing compliant privacy and opt-out notices, and adopting and implementing effective policies and procedures for safeguarding … Continue Reading
As wearable and analytics technology continues to explode, professional sports leagues, such as the NFL, have aggressively pushed into this field. (See Bloomberg). NFL teams insert tiny chips into players shoulder pads to track different metrics of their game. During the 2018-2019 NFL season, data was released that Ezekiel Elliot ran 21.27 miles per hour … Continue Reading
Add Washington D.C. Attorney General Karl A. Racine’s recent data security legislative proposal – the Security Breach Protection Amendment Act of 2019 – to the growing list of states and jurisdictions across the country seeking to strengthen privacy and security protections around personal information. Proposed in response to major data breaches, a frequent catalyst to stronger … Continue Reading
According to reports, bank customers in Australia (yes, data breach notification requirements exist down under) have been affected by “an industry-wide” data breach experienced by a third-party service provider to the banks – property valuation firm, LandMark White. As expected, the banks are investigating and in some cases notifying customers about the incident. However, there are reports that … Continue Reading
Last week, New Jersey Attorney General Gurbir S. Grewal and the New Jersey Division of Consumer Affairs (“Division”) announced that a physician group affiliated with more than 50 South Jersey medical and surgical practices agreed to pay $417,816 and improve data security practices to settle allegations it failed to properly protect the privacy of more … Continue Reading
This Sunday, January 28, is Data Privacy Day, which Congress recognized on Jan. 27, 2014, when it adopted S. Res. 337, supporting the designation. As noted by the National Cyber Security Alliance, Data Privacy Day began in the United States and Canada in January 2008, an extension of the Data Protection Day celebration in Europe. Don’t … Continue Reading
