Archives: United States

Subscribe to United States RSS Feed

Ninth Circuit Dismisses FTC’s Throttling Suit Against AT&T

In an opinion released today, the Ninth Circuit dismissed the Federal Trade Commission’s (“FTC”) lawsuit against AT&T for violating Section 5 of the FTC Act due to its throttling practices.  AT&T’s practice of throttling the speed of customers with unlimited data plans once they reached a certain data usage threshold had been challenged by the … Continue Reading

Consumer Groups, Stakeholders React to Petition Requesting Halt in Vehicle-to-Vehicle Communications Service Due to Cybersecurity Concerns

A variety of advocacy groups and industry stakeholders filed comments yesterday in response to a petition by non-profit Public Knowledge to halt operation of the Dedicated Short-Range Communications (DSRC) service.  The nascent DSRC service, which operates in the 5.9 GHz band, enables vehicle-to-vehicle and vehicle-to-infrastructure communications to protect the safety of drivers and passengers and … Continue Reading

Sixth Circuit Allows Lawsuit to Proceed Against Electronic Monitoring Software Company

In a 2-1 decision on August 16, the Sixth Circuit refused to dismiss a claim against the maker of an online surveillance tool for wiretapping under both federal and state laws, and for intrusion against seclusion.  While the breadth of this holding is unclear, and the case may be an outlier, the Sixth Circuit’s reasoning … Continue Reading

Users of Pandora’s Free Service Are Not Customers Under Michigan Privacy Statute, But Questions Remain

Courts continue to grapple with how to apply existing privacy laws to new (and even not-so-new) technology. The recent Ninth Circuit decision, affirming the Northern District of California’s decision to dismiss a proposed class action suit against Pandora for disclosure of listener music preferences in violation of Michigan’s Preservation of Personal Privacy Act (PPPA), resolved … Continue Reading

FTC: LabMD’s Data Security Practices Violated the FTC Act

The Federal Trade Commission (FTC) issued a unanimous opinion and order today, vacating the Administrative Law Judge’s (ALJ) initial decision and finding that LabMD’s data security practices were “unfair” under Section 5 of the FTC Act.  In August 2013, the FTC issued a complaint against LabMD, alleging that its failure to implement adequate data security … Continue Reading

ONC Report to Congress Identifies Gaps in Oversight of Privacy and Security of mHealth Technologies and Health Social Media

Today we published a post on the Covington eHealth blog regarding a recent report by the U.S. Department of Health and Human Services (HHS), Office of the National Coordinator for Health Information Technology (ONC).  The ONC report highlights “large gaps” in policies and oversight surrounding access to and security and privacy of health information held by … Continue Reading

Bill Criminalizing “Revenge Porn” Introduced in Congress

Today, Rep. Jackie Speier (D-Calif.) introduced legislation that would criminalize the non-consensual distribution of sexually explicit images, commonly referred to as “revenge porn.” The Internet Privacy Protection Act would make it a federal crime for individuals to knowingly distribute sexually explicit images or video of a person without or with a “reckless disregard” for their … Continue Reading

Third Circuit Takes Narrow View of PII Under the VPPA

Last week, the Third Circuit adopted a narrow definition of “personally identifiable information,” or “PII,” under the Video Privacy Protection Act (“VPPA”), joining the majority of district courts that have addressed similar issues.  The VPPA defines PII as information that “identifies a person as having [obtained a video]” from a video tape service provider (“VTSP”). … Continue Reading

Ninth Circuit: CFAA’s Prohibition on Accessing Computer Without Authorization “Unambiguous”

In a decision released Tuesday, the Ninth Circuit held that the Computer Fraud and Abuse Act’s (“CFAA”) prohibition on accessing a computer “without authorization” is violated when a person whose access to a computer system has been “affirmatively revoked” nonetheless accesses that computer system by other means. In United States v. Nosal, the Ninth Circuit … Continue Reading

Significant HIPAA Fine Follows Business Associate’s Stolen iPhone

A new post over on Covington’s eHealth blog discusses a recent enforcement action taken by the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) against Catholic Health Care Services, a business associate under HIPAA, arising out of a stolen iPhone.  This recent enforcement action should put business associates … Continue Reading

Federal Aviation Administration Finalizes Small Unmanned Aircraft Rule

By Jack Schenendorf, Brian Smith, and Hannah Lepow Tuesday, the Federal Aviation Administration (“FAA”) finalized its long-awaited rule on the commercial use of small unmanned aircraft systems (“UAS” or “drones”).  The rule comes a month after the National Telecommunications and Information Administration multistakeholder group reached consensus on best practices for drone privacy.  The FAA’s action … Continue Reading

NTIA Multistakeholder Group Reaches Consensus on Best Practices for Commercial Use of Facial Recognition Technology

Last week, the multistakeholder group convened by the National Telecommunications and Information Administration (“NTIA”) to create set of voluntary best practices for the commercial use of facial recognition technology finalized its guidelines.  While the three-page code of conduct was praised by industry groups, including the Software & Information Industry Association and Consumer Technology Association, many … Continue Reading

Federal Government Releases Final Guidance on CISA

Yesterday, the Department of Homeland Security (“DHS”) and Department of Justice released final guidance as required by Title I of the Cybersecurity Act of 2015 (“CISA”), which was enacted into law this past December.  The guidance was prepared in consultation with several additional federal agencies, and includes four separate documents.  We summarize each of the … Continue Reading

Supreme Court Issues Highly Anticipated Spokeo Decision

The Supreme Court released its highly anticipated decision yesterday in Spokeo, Inc. v. Robins, which addresses whether plaintiffs have standing to pursue statutory damages even in the absence of actual harm under the Fair Credit Reporting Act (“FCRA”).  As we previously reported, the case was expected to have significant down-stream implications for standing in privacy … Continue Reading

Video Privacy Protection Act Rulings in Gannett and CNN Reach Opposite Conclusions

In two cases last week, two courts entered widely divergent rulings on the central question of the specific definition of “personally identifiable information,” or “PII,” under the Video Privacy Protection Act (“VPPA”).  The VPPA defines PII as information that “identifies a person as having [obtained a video]” from a video tape service provider (“VTSP”). In … Continue Reading

House Unanimously Passes Email Privacy Act

On April 27, the House of Representative unanimously passed the Email Privacy Act.  As previously reported, the proposed changes would strengthen the privacy protections for email and other cloud-storage services by closing a loophole that allowed law enforcement to access older data without obtaining a warrant. However, while there is widespread support to require warrants … Continue Reading

FTC’s Jessica Rich Argues IP Addresses and Other Persistent Identifiers Are “Personally Identifiable”

In a blog post published on the Federal Trade Commission (FTC) website, Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, recently stated that: “we regard data as ‘personally identifiable,’ and thus warranting privacy protections, when it can be reasonably linked to a particular person, computer, or device. In many cases, persistent identifiers such as device … Continue Reading

OCR Steps Up HIPAA Enforcement Following Breaches of Protected Health Information

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has been busy.  In addition to its recent efforts to begin audits of covered entities and business associates, OCR has announced a slew of enforcement actions against covered entities for alleged HIPAA violations.… Continue Reading

Senate Panel Passes “Internet of Things” Bill

Yesterday, the Senate Commerce Committee passed a bill meant to increase government involvement in the development of the “Internet of Things” (IoT). By a voice vote, the committee approved the Developing Innovation and Growing the Internet of Things (DIGIT) Act, sponsored by Sen. Deb Fischer (R-Neb.), Sen. Kelly Ayotte (R-N.H.), Sen. Cory Booker (D-N.J.), and … Continue Reading

Seventh Circuit, Relying on Defendant’s Post-Breach Statements, Allows Data Breach Class Action to Proceed

Last week, the Seventh Circuit handed down another friendly ruling for data breach class action plaintiffs, reversing a district court’s dismissal of a class action complaint over a 2014 data breach at P.F. Chang’s restaurants.  In reversing the district court’s holding that the plaintiffs had not demonstrated Article III standing, the Seventh Circuit ruled that … Continue Reading

House Judiciary Committee Approves Email Privacy Act

In a unanimous vote, the House Judiciary Committee approved the Email Privacy Act, a long-awaited update to the 30-year-old Electronic Communications Privacy Act (ECPA).  The proposed changes would strengthen the privacy protections for email and other cloud-storage services by closing a loophole that allowed law enforcement to access older data without obtaining a warrant.  The … Continue Reading

FTC Releases Online Tool to Help Health App Developers Identify Applicable Laws

A new post on the Covington eHealth blog discusses the new web-based interactive tool released by the FTC, in conjunction with HHS and the FDA, to assist mobile health app developers in navigating applicable federal laws and regulations in the areas of advertising and marketing, medical devices, and data security and privacy.  As part of … Continue Reading
LexBlog