Privacy & Security Law Blog

Privacy & Security Law Blog

Legal Commentary and Resources for the Payment Industry

Insight & Commentary on Information Management and Protection

Developments & Commentary

COPAA2AgeCheq, Inc. Looking for Second Bite at the Parental Consent Apple

FTC Denies Company’s First Proposed COPPA Parental Consent Method, Seeks Public Comment on Second Proposal The Federal Trade Commission announced that it has denied AgeCheq, Inc.’s proposed verifiable parental consent method application, which relied on existing verifiable consent methods but also utilized a third-party common consent administrator to allow for consent ...

locksEncryption and Securing BYO Devices at the Heart of Massachusetts AG $100,000 Settlement

The Massachusetts Attorney General announced Friday that her office had reached a settlement with Beth Israel Deaconess Medical Center (BIDMC) surrounding a 2012 data breach in which a physician’s unencrypted personal laptop containing patient and employee information was stolen from BIDMC’s grounds.  Under the terms of the settlement, BIDMC agreed ...

health carePreparing for HIPAA Compliance Audits

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), the office responsible for administering and enforcing the Health Insurance Portability and Accountability Act of 1996 (HIPAA), will continue to audit HIPAA covered entities and business associates in 2015. OCR conducted its first phase of the ...

trash binAdvisory Alert: California’s “Online Eraser” Law for Minors to Take Effect Jan. 1, 2015

On Jan. 1, 2015, California’s “Online Eraser” law will take effect, requiring websites and other online service operators to delete on demand any content posted by minors.  The law also prohibits such operators from sharing minors’ personal information with third parties for the purpose of marketing particular products or services ...

maskAdvisory Alert: Ebola or Not, Patient Privacy Must Be Protected

In the wake of the recent Ebola cases, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has issued a new bulletin reminding HIPAA-covered entities and their business associates that the requirements of the HIPAA Privacy Rule still apply when sharing protected health information (PHI), even ...

Resources & Updates

FACTA Class Actions

In the July 2014 issues of The Review of Banking & Financial Services, DWT payments team members Burt Braverman and Micah Ratner wrote about the truncation requirement of FACTA, which has spawned a wave of class action litigation with potentially ruinous damages for “willful” violations. The authors describe the court rulings ...

FTC Releases 2014 Privacy and Data Security Update, Touting Its Efforts and Achievements in Protecting Consumer Privacy

Last week, the Federal Trade Commission (FTC) released its 2014 Privacy and Data Security Update, summarizing the FTC’s major enforcement actions, policy initiatives, rules, reports, workshops, and outreach efforts in the privacy and data security arenas from approximately January 2013 until March 2014. In the 2014 Update, the FTC underscores ...

Department of Energy Invites Cybersecurity Comments

In a Federal Register notice to be officially published Friday, June 20, 2014, the Department of Energy (DOE) is inviting public participation in its efforts to develop a guidance document entitled “Energy Sector Framework Implementation Guidance.” The term “Framework” references the Framework for Improving Critical Infrastructure Cybersecurity which was released ...

Government Officials Continue to Reference NIST Framework

On Thursday, June 12, 2014, while delivering remarks on cybersecurity at the American Enterprise Institute in Washington, D.C., Federal Communications Commission Chairman Tom Wheeler challenged businesses to be more proactive in addressing increasingly prevalent threats to their cybersecurity, urging them to embrace a “new paradigm” in which the private sector ...

UPDATE on Breslow v. Wells Fargo – Same as the Old Boss: Eleventh Circuit Withdraws Opinion Just Four Days Later, But to Little Practical Effect

Just a few days ago, we reported on the Eleventh Circuit’s decision in Breslow v. Wells Fargo, which reaffirmed precedent that strict liability can arise in autodialer, prerecorded-message and texting suits under the Telephone Consumer Protection Act (TCPA), if a caller or texter obtained consent from the intended recipient, but ...