The Senate Judiciary Subcommittee on Privacy, Technology, and Law recently held a hearing to discuss federal enforcement of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, entitled “Your Health and Your Privacy: Protecting Health Information in a Digital World.” In that hearing, Subcommittee … Continue Reading
On December 13, 2011, the UK data protection authority (the “ICO”) issued updated guidance on the new cookie rules (Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011) implemented as part of the review of the EU e-Privacy Directive. The guidance is intended to help website operators and those using cookies understand how the rules … Continue Reading
A bill introduced in the House of Representatives Thursday would require the Department of Homeland Security to take a lead role in identifying and developing cybersecurity standards for systems that control critical infrastructure. The bill also would create a non-profit clearinghouse for the sharing of cybersecurity threat information between government agencies and the private sector. … Continue Reading
As China’s central regulators finalize several national laws with data privacy components, provincial and municipal authorities are filling in the current legislative gap by passing local regulations governing the collection of personal information. Currently at the national level, sector-specific laws target various aspects of personal information collection but no single comprehensive law exists to govern … Continue Reading
Employees whose personal information might have been accessed in a data breach cannot sue the breached company in federal court based only on the possibility that the breach might lead to identity theft, a federal appeals court ruled Monday. The case, Reilly v. Ceridian Corporation, is a proposed class action brought by employees whose companies … Continue Reading
Class action lawsuits are increasingly being brought against organizations that have suffered data breaches, as well as against companies that are alleged to have allowed third parties access to online or mobile users’ confidential information without authorization (for example the recent Del Vecchio v. Amazon and Low v. LinkedIn cases). A repeated issue in these … Continue Reading
The United States District Court for the Western District of Seattle recently dismissed an online privacy case involving the alleged improper use of browser and Flash cookies in Del Vecchio v. Amazon. Finding that the plaintiff “simply not plead adequate facts to establish any plausible harm,” this opinion follows closely on the heels of several … Continue Reading
The Department of Education has amended the implementing regulations for the Family Educational Rights and Privacy Act (“FERPA”). According to the Department, the new regulations are intended to “safeguard student privacy while giving states the flexibility to share school data.” Among other things, the new regulations: Make it easier for educational authorities to share educational … Continue Reading
As we previously discussed here, the House of Representatives is considering a bill to amend the Telephone Consumer Protection Act (“TCPA”). The bill, known as the Mobile Informational Call Act of 2011 (H.R. 3035), has bipartisan and industry support but also has drawn opposition from some consumer groups and state attorneys general. The merits of … Continue Reading
By Dan Cooper and Kristof Van Quathem A widely-leaked version of the first legislative proposal for a General Data Protection Regulation is making its way through Brussels and beyond. The draft Regulation — which, among other things, aims to apply a harmonized and updated set of core data protection rules across the EU — will … Continue Reading
Earlier today, the House of Representatives approved an amendment to the Video Privacy Protection Act (VPPA) (H.R. 2471) that would clarify certain ambiguities in the 1988 law in light of technological changes in the marketplace. In his remarks on the House floor, Rep. Bob Goodlatte (R-VA) – the primary author of H.R. 2471– explained that the amendment … Continue Reading
Last week, the FTC announced that it has agreed to end its 18-month investigation of Facebook’s privacy practices, with a settlement that involved a twenty-year compliance plan and specific steps to formalize privacy within Facebook’s organization. Though the proposed settlement, which will now be open for public comment, has met with a range of reactions, … Continue Reading
Last week, a federal judge denied a motion to dismiss a putative class action brought under the Telephone Consumer Protection Act (TCPA) against Citibank concerning its transmission of text messages. The case — Ryabyshchuk v. Citibank N.A., — is notable because one of the issues it addresses is whether an entity that transmits a text message … Continue Reading
On Wednesday, the Supreme Court heard oral argument in Federal Aviation Administration v. Cooper, a case that raises the question of whether a plaintiff who alleges only mental and emotional distress can establish “actual damages” within the meaning of the federal Privacy Act’s civil remedies provision. The question is crucial to determining the scope of … Continue Reading
Leaders of the House Intelligence Committee—Chairman Rep. Mike Rogers (R-Mich.) and ranking Democrat Rep. Dutch Ruppersberger (Md.)—introduced a bill yesterday that would shield businesses from liability for sharing information relating to cyber threats with the federal Government and other entities. The bill—H.R. 3523—is intended to promote the sharing of cyber threat intelligence among businesses and … Continue Reading
