Demonstrating a continued focus on information security, the Food and Drug Administration (FDA) published draft guidance on Design Considerations and Pre-market Submission Recommendations for Interoperable Medical Devices. As the title indicates, the draft guidance focuses on issues manufacturers should address in the development and design of medical devices prior to sale to consumers. This
The Status of the EU-U.S. Privacy Shield
As we previously reported, the EU and U.S. reached agreement last week on the EU-U.S. Privacy Shield to replace the invalidated EU-U.S. Safe Harbor Program for transatlantic data transfers. While the announcement of the Privacy Shield is a relief to the thousands of companies who relied on the Safe Harbor Program, details remain unclear.
Top 10 for 2016 – Happy Data Privacy Day
In honor of Data Privacy Day, we provide the following “Top 10 for 2016.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2016.
EU/U.S. Data Transfer (status of Safe Harbor). On October 6, 2015, the Court of Justice of the European Union (CJEU) ruled
FDA Issues Draft Cybersecurity Guidance for Device Manufacturers
Last week, the U.S. Food and Drug Administration (FDA) issued draft guidance outlining important steps medical device manufacturers should take to address cybersecurity risks to keep patients safe and better protect the public health. The draft guidance, which details the agency’s recommendations for monitoring, identifying, and addressing cybersecurity vulnerabilities in medical devices after they have
FAST Act Calls for Examination of the Internet of Things
The Internet of Things (IoT), as defined by Wikipedia, is the network of physical objects or “things” embedded with electronics, software, sensors, and network connectivity, which enables these objects to collect and exchange data. The IoT allows objects to be sensed and controlled remotely across existing network infrastructure, creating opportunities for more direct integration between
The Growing List of States Protecting Social Media Privacy
As we have previously reported, a growing list of jurisdictions have enacted social media privacy laws applicable to employers. The most recent state to join the list is Maine, which brings the total to 22 states having enacted similar measures.
Under Maine’s law, an employer may not:
- Require or coerce an employee or
FCC Data Security Enforcement Continues
Demonstrating its continued commitment to data security enforcement, the Federal Communications Commission (FCC) recently announced Cox Communications Inc., the nation’s third largest cable operator, agreed to pay $595,000 to resolve an investigation into whether the company failed to properly protect its customers’ personal information. The agreement ends the first data security enforcement action brought by
Montana to Join Growing List of States Limiting Access to Social Media?
Earlier this month, legislators in Montana gave final approval to H.B. 342 which would limit an employer’s ability to access the personal social media accounts of applicants and employees. The bill now goes to Governor Steve Bullock’s (D) office for consideration.
If signed, Montana would join become the most recent state to join the list
Virginia Joins List of States Limiting Employer Access to Social Media Accounts
Recently, Virginia Gov. Terry McAuliffe (D) signed a bill that limits employer access to the personal social media accounts of employees and job applicants. The law, which takes effect on July 1, 2015 prohibits employers in Virginia from requiring, requesting, or causing a current or prospective employee to disclose the username and password to the
The Data Security and Breach Notification Act of 2015
On March 25, 2015, the United States House of Representative, Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade approved draft legislation which would replace state data breach notification laws with a national standard. This draft legislation comes on the heels of the President’s call for a national data breach notification law. The proposed