Tag Archives: enforcement

D.C. Circuit Court Finally Rules on FCC’s 2015 TCPA Order

After two and a half years, the U.S. Court of Appeals for the District of Columbia issued a highly anticipated ruling reviewing the Federal Communications Commission’s (“FCC” or “Commission”) July 2015 Declaratory Ruling and Order (“2015 Order”) in which the FCC issued interpretative guidance on several aspects of the Telephone Consumer Protection Act (”TCPA”). Over … Continue Reading

EU-U.S. Privacy Shield Q&A

Last month, the European Union and U.S. officials announced final approval of the EU-U.S. Privacy Shield (Privacy Shield), replacing the Safe Harbor which was invalidated by the Court of Justice of the European Union in October 2015.  Like it predecessor, the Privacy Shield will allow organizations based in the United States to self-certify compliance with the Privacy … Continue Reading

Dwolla Fined $100,000 by CFPB in First Data Security Enforcement Action

The Consumer Financial Protection Bureau (“CFPB”) gave the fintech online payment sector a “wake up call” with an enforcement action against a Des Moines start up digital payment provider, Dwolla, Inc. (“Dwolla”). The CFPB alleged that Dwolla misrepresented how it was protecting consumers’ data. Dwolla entered into a Consent Order to settle the CFPB charges … Continue Reading

Top 15 for 2015 – Happy National Data Privacy Day

In honor of National Data Privacy Day, we provide the following “Top 15 for 2015.”  While the list is by no means exhaustive, it does provide some hot topics for businesses to consider in 2015. Inside Threats for Healthcare Providers and Business Associates.  While news reports of security risks often focus on hackings and breaches … Continue Reading

Video Interview: Discussing the FCC’s Recent Data Security Action with LXBN TV

Following up on our recent post on the subject, I had the opportunity to speak with Colin O’Keefe, Editorial Manager-LexBlog, on the FCC’s first foray into policing a cybersecurity incident. In the brief video interview, I explain what happened and what it could mean going forward.  Special thanks to Colin, and LXBN TV, for the … Continue Reading

FCC Issues First Data Security Fine

On October 24, 2014, the Federal Communications Commission (FCC) announced its intention to fine two telecom companies $10 million for several violations of laws protecting the privacy of phone customers’ personal information.  This marks the FCC’s first data security case and the largest privacy action in the FCC’s history. According to the FCC, TerraCom, Inc. … Continue Reading

Prepare For Increased HIPAA Fines

Since mid-2013, the Department of Health and Human Services has recovered more than $10 million from numerous entities in connection with alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”).  However, during a recent American Bar Association conference, Jerome B. Meites, a chief regional civil rights counsel at the Department of Health and Human Services (“HHS”) … Continue Reading

Employee Criminally Prosecuted For Taking Employer’s Documents

A New Jersey Appellate Court recently ruled that an employee who removes or copies her employer’s documents for use in her whistleblower or discrimination case may be prosecuted criminally for stealing.  In State v. Saavedra, the employee had taken highly confidential original documents owned by her employer, contending that she did so to support her employment … Continue Reading

The White House’s Cybersecuirty Legislative Proposal

Today the White House issued a Cybersecurity Legislative Proposal. The proposed legislation focuses on protecting the American people, the nation’s critical infrastructure, and the federal government’s computers and networks.  While legislation of this nature would simplify the breach reporting process for businesses, and overall streamline cybersecurity laws, a number of legislative attempts to do this have previously failed.  … Continue Reading

HHS Settlement Follows Enforcement Fine

In a uniquely timed second showing of enforcement authority, the Department of Health and Human Services (HHS) announced on February 24, 2011 a one million dollar settlement with a Massachusetts hospital that allegedly breached patient data.  This settlement announcement comes only days after HHS announced a 4.3 million dollar HIPAA Privacy Rule fine.  The Massachusetts … Continue Reading

Dealing with Data Breaches: Health Net Suit Highlights Need for Effective Security Incident Procedures and Training

As we have discussed before, data breach notification is one of the most rapidly emerging areas of law. Good security incident procedures as well as effective training can help avoid the risk of data breach. (Sample data breach training).  A case in point: Connecticut’s Attorney General has filed a civil action against Health Net of the Northeast … Continue Reading

FTC Endorsement Rules Provide For Employer Liability for Employees’ Online Conduct

 According to the newly revised Federal Trade Commission (“FTC”) Guides, employers may face liability for employees’ commenting on their employer’s services or products on “new media,” such as blogs or social networking sites, if the employment relationship is not disclosed. Potential liability may exist even if the comments were not sponsored or authorized by the employer.  … Continue Reading

Health Net’s Data Breach Highlights Need for Privacy Officer with Clear Job Description

Health Net Inc., one of the nation’s largest publicly traded managed health care companies, recently notified authorities and informed affected persons, with a statement on its website, that the unencrypted personal information of 1.5 million current and former members, stored on a portable disk drive, is missing from the company’s Connecticut office. The company is now … Continue Reading

Do You Know How to Take Out the Trash?

Joining the growing number of states which have enacted laws regulating the destruction of records to prevent possible identity theft, the Rhode Island Legislature passed H. 5092 on October 29, 2009. The bill requires businesses and government agencies to completely destroy records containing personal information, or render the personal information unusable, before disposing of records whether … Continue Reading

HIPAA Enforcement Regulations Updated for Penalty Increases and Enhancements under the HITECH Act

The Department of Health and Human Services (HHS) published interim final regulations on October 30, 2009, to update existing enforcement regulations under HIPAA for statutory revisions made by the Health Information Technology for Economic and Clinical Health (HITECH) Act. These regulations become effective November 30, 2009, and only address the provisions of the HITECH Act already … Continue Reading
LexBlog