On July 12, 2016, the EU Commission and the U.S. Secretary of Commerce announced the adoption of the EU-U.S. Privacy Shield (Privacy Shield). This announcement follows today’s adequacy decision by the College of EU Commissioners
Continue Reading The EU-U.S. Privacy Shield Is Adopted and Available as of August 1, 2016
HHS Brings Landmark HIPAA Enforcement Action Against a Business Associate for Alleged Data Security Failures
On June 29, 2016, the U.S. Department of Health and Human Services (HHS) announced a Resolution Agreement with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS), settling charges that CHCS failed to comply
Continue Reading HHS Brings Landmark HIPAA Enforcement Action Against a Business Associate for Alleged Data Security Failures
EU Cyber Security and Incident Notification Rules Enacted
On July 6, 2016, the European Parliament adopted the first-ever pan-European law on cyber security. The law, entitled the “Directive on the Security of Network and Information Systems” (NIS Directive), imposes security requirements and security
Continue Reading EU Cyber Security and Incident Notification Rules Enacted
ISPs Could Face New Privacy Regulations Under FCC Proposed Rulemaking
On March 31, 2016, the Federal Communications Commission (FCC) adopted a Notice of Proposed Rulemaking (NPRM) that proposed to establish new privacy guidelines for broadband Internet service providers (ISPs).1 The FCC designed the proposal to “ensure broadband customers have meaningful choice, greater transparency and strong security protections for their personal information collected by ISPs.”2 To accomplish this goal, the NPRM proposes to apply the privacy requirements of Section 222 of the Communications Act3 to ISPs that offer broadband Internet access service (or, in the NPRM’s terminology, “BIAS”).4 The FCC asserted that applying the privacy requirements set forth in Section 222 would “give broadband customers the tools they need to make informed decisions about how their information is used by their ISPs and whether and for what purposes [their information may be shared] with third parties.”5
Continue Reading ISPs Could Face New Privacy Regulations Under FCC Proposed Rulemaking
WSGR Alert: FTC Brings First Privacy Enforcement Action Against a Mobile Ad Network
On June 22, 2016, the Federal Trade Commission (FTC) announced that it has settled charges that InMobi, a Singapore-based mobile advertising company, deceptively tracked the locations of hundreds of millions of consumers, including children, to
Continue Reading WSGR Alert: FTC Brings First Privacy Enforcement Action Against a Mobile Ad Network
Monitoring and Recording Consumers’ Calls in California Can Be a Risky Practice
Many businesses monitor or record customer service, telemarketing, and other telephone calls with consumers to help them improve customer service and for evidentiary reasons. Under federal and many state laws, calls may lawfully be monitored or recorded by businesses as long as those businesses have permission from their employees who participate on the calls. However, some states require the permission of everyone participating on a call before the call may legally be monitored or recorded. And some state laws potentially implicated by monitoring and recording calls are not clear as to what is required. California is one of those states.
Continue Reading Monitoring and Recording Consumers’ Calls in California Can Be a Risky Practice