DEVELOPMENTS & COMMENTARY

Data-Driven Marketing and the GDPR: the Data Brokers’ Conundrum

The digital marketing industry is powered by information about individuals (“personal data”) that pulses through a supply web. As this FTC infographic shows, some industries such as retail, energy, financial services, and health care, have direct relationships with those individuals. Other industries, such as data marketing, generally are at least ...

FCC Reinstates CPNI Privacy Regulations (and Compliance Filing Obligations) for Telecom and VoIP Service Providers

In a recent order, the FCC has reinstated its customer proprietary network information (“CPNI”) rules governing the privacy obligations of voice service providers under Section 222. This action follows the Congressional repeal of the FCC’s 2016 Privacy Order that had extended CPNI regulations to broadband internet access services. As a ...

Federal Appeals Court Affirms TCPA Consent Cannot Be Revoked if Granted By Contract

Last week the U.S. Court of Appeals for the Second Circuit ruled in Reyes v. Lincoln Automotive Financial Services that a consumer does not have the right to revoke consent to autodialed and/or prerecorded calls to his a mobile device where consent was part of a bargained-for agreement between the ...

Amy S. Mushahwar Joins Davis Wright Tremaine

Amy Mushahwar, a lawyer with nearly two decades of experience working in the field of privacy and information security, has joined Davis Wright Tremaine as a partner in the firm’s Washington, D.C., office. As both a lawyer and former technologist, Ms. Mushahwar is adept at helping clients fully understand the legal ...

Webinar Recording: New Guidance on HIPAA: Nine Changes to Make

New Guidance on HIPAA: Nine Changes to Make While there have not been significant regulatory changes to HIPAA since 2013, that doesn’t mean that compliance can be static. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued guidance in several areas, ranging from an individual’s ...

RESOURCES & UPDATES

(Connected) Toy Story: The FTC Updates the COPPA Compliance Plan

The Federal Trade Commission (“FTC”) recently issued an updated “Six-Step Compliance Plan for Businesses” (“Compliance Plan”) for entities subject to the Federal Children’s Online Privacy Protection Act (“COPPA”), 15 U.S.C. §§ 6501-6506, to “reflect developments in the marketplace—for example, the introduction of internet-connected toys and other devices for kids.” COPPA ...

Tick Tock Tick Tock, When a Breach Occurs, You’re on the Clock!

As a reminder that state attorneys general have enforcement authority over breach notifications, the New York Attorney General recently announced a $130,000 settlement for a failing to provide breach notification in a reasonable time. Organizations should ensure that they are prepared to quickly provide required notifications in the event of ...

Davis Wright Tremaine LLP and RADAR, Inc. Form Strategic Alliance to Use Software Innovation for Efficient Analysis and Delivery of Incident Response Services

To address the rise of security and privacy incidents and associated organizational risks, penalties, and legal costs, the international law firm of Davis Wright Tremaine and SaaS solution provider RADAR, Inc. have formed a strategic alliance. Using and recommending RADAR’s purpose-built incident response software to clients will enhance Davis Wright ...

Private Right of Action Under Canadian Anti-Spam Legislation Suspended Indefinitely

On June 7, 2017, the Canadian government announced that it is suspending indefinitely the private right of action provided for by Canada’s Anti-Spam Legislation (“CASL”), which sets forth the country’s regime of disclosures, consent, and unsubscribe requirements for commercial electronic messages and installation of computer programs, which we discuss here. CASL ...

HIPAA Enforcement Actions by the Numbers

Protecting patient information is a central duty for both covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA).  Should an entity subject to HIPAA fail to protect patient information, it may face possible enforcement action from the U.S. Department of Health and Human Services’ Office ...
LexBlog