2017
11 January 2018

Looking Back at Our 2017 Privacy and Cybersecur...

We ended 2017 by making predictions about what 2018 will bring to the privacy and cybersecurity world.  We’ll start 2018 by looking at how we fared in our 2017 predictions.  Spoiler alert, we nailed it. Expansion of Breach Notification Requirements We’ll give ourselves half credit for this one. While some states took action, Michigan did not […]

Typing at a laptop
02 November 2017

$2.5 Million is an Expensive Laptop!

In April 2017, the U.S. Department of Health and Human Services (“HHS”) announced yet another HIPAA settlement agreement with a health care provider relating to a stolen mobile device containing Protected Health Information (“PHI”).  As part of this settlement agreement, CardioNet agreed to pay $2.5 million and implement a corrective action plan resulting from the […]

USA and EU flags
05 October 2017

FTC Cracks Down on False Claims of Compliance w...

The Federal Trade Commission (“FTC”) recently announced (https://www.ftc.gov/news-events/press-releases/2017/09/three-companies-agree-settle-ftc-charges-they-falsely-claimed) that it had settled charges against three different companies for misleading consumers about their participation in the EU-US Privacy Shield (“Privacy Shield”) framework.  These are the FTC’s first enforcement actions brought under the Privacy Shield. The FTC alleged the three companies falsely claimed they were certified to […]

Euros - Privacy Shield
27 July 2017

Penalty: Up to 20 Million Euros, or 4% of Gross...

In data privacy circles, there is constant discussion regarding the EU-US Privacy Shield and the EU General Data Protection Regulation (“GDPR”).  While the temptation for US- based companies to take an isolationist approach and ignore these EU regulations is understandable, doing so may unintentionally subject such companies to significant liability.  All US-based organizations that hold, […]

Cybersecurity
13 July 2017

Failure to Enter a HIPAA Business Associate Agr...

For those of you who follow this blog, one thing will become evident over time: one of my co-authors, Tim Gutwald, and I frequently blog about HIPAA-related privacy issues.  That’s because both of our practices include a fair amount of HIPAA work.  And, one tends to write about what they are passionate about (to the […]