The last two Privilege Points have described yet another losing effort to protect a data breach investigation and related communications. In Leonard v. McMenamins Inc., Case No. C22-0094-KKE, 2023 U.S. Dist. LEXIS 217502 (W.D. Wash. Dec. 6, 2023), the court denied the company’s privilege and work product claims — specifically rejecting its efforts to squeeze
Latest from Password Protected - Page 2
OCR Continues Holding Healthcare Entities Accountable for Protected Health Information Breaches
On Feb. 6, 2024, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced a $4.75 million settlement with New York non-profit health system Montefiore Medical Center over alleged malicious insider conduct that caused potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This settlement follows…
FTC Proposes Modifying Health Breach Notification Rule for Non-HIPAA Entities
Seeking to formalize its Sept. 15, 2021, Statement of the Commission on Breaches by Health Apps and Other Connected Devices, the Federal Trade Commission proposed broadening the Health Breach Notification Rule to cover “most health apps and similar technologies that are not covered by HIPAA.” Read on for details about this proposed rule, which is…
En Banc 11th Circuit Joins Sister Circuits, Deeming One Text Message Enough for TCPA Standing
Once an outlier, the 11th U.S. Circuit Court of Appeals recently joined seven other Circuit Courts in holding that receipt of a single, unwanted text message constitutes the concrete injury required for standing in class actions filed under the Telephone Consumer Protection Act. Read on for details about this development and implications for TCPA class…
SEC Adopts Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure Rules
On July 26, the U.S. Securities and Exchange Commission adopted new rules regarding public companies’ reporting of (i) cybersecurity incidents, (ii) policies and procedures for identifying and managing cybersecurity risks and (iii) management and board roles in implementing cybersecurity policies and procedures. Read on for details about the new rules and recommended next steps for…
DHS Issues Final Rule Regulating Federal Contractors’ Handling of Controlled Unclassified Information
On June 21, the U.S. Department of Homeland Security issued a long-anticipated cybersecurity final rule that revises an existing clause and adds two new clauses to the Homeland Security Acquisition Regulation related to contractors’ handling of controlled unclassified information.
Read on for highlights from this rule, which goes into effect July 21 and is likely to…
Analog Law with Digital Teeth: Litigation Under the Video Privacy Protection Act and Potential Liability for Businesses
Over the past year, website operators have experienced a proliferation of lawsuits under the Federal Video Privacy Protection Act (“VPPA”), a Reagan-era statute prohibiting the nonconsensual disclosure of an individual’s video tape rental history. Despite its nondigital origin, litigation under the VPPA has successfully targeted the ubiquitous use of tracking technologies on businesses’ websites, creating…
Failing to Comply With the Slew of New Data Privacy Laws Can Be Costly to Companies
Over the past few years, data privacy and security has been the focus of many state legislatures. CA, CO, CT, IA, UT and VA have already passed comprehensive data privacy laws. Indiana joined them on May 1, 2023 when the Governor signed the latest consumer privacy bill into law. Many other states have bills in…
Iowa Joins Data Privacy Vanguard
On March 29, 2023, Iowa became the latest in a small but growing number of states to enact comprehensive data privacy legislation. Like its counterpart laws in California, Connecticut, Colorado, Utah and Virginia, Iowa’s data privacy law – formally titled “An Act Relating to Consumer Data Protection, Providing Civil Penalties, and Including Effective Date Provisions”…
The Door Opens for Astronomical Damages Under BIPA
An Illinois Supreme Court ruling on February 17, 2023 opened the door to astronomical damages under the Illinois Biometric Information Privacy Act (“BIPA”). Enacted in 2008, BIPA provides for a private right of action against an entity that collects or discloses a person’s biometric identifier without opt-in consent.…