Privacy and Security Law Blog : Privacy & Security Law Blog : Davis Wright Tremaine LLP : Seattle, Los Angeles, Washington D.C., New York, San Francisco, Shanghai, Portland and Anchorage Law Firm

By Jim Smith

On July 14, 2011, two Subcommittees of the House Energy and Commerce Committee – the Commerce, Manufacturing and Trade Subcommittee chaired by Rep. Mary Bono Mack (R-CA) and the Communications and Technology Subcommittee chaired by Rep. Greg Walden (R-OR) – held a joint hearing that the subcommittees said will “kick off a series on privacy issues to examine how information is collected, protected, and utilized in an increasingly interconnected online ecosystem.”The hearing featured testimony by FCC Chairman Julius Genachowski, Federal Trade Commission (FTC) Commissioner Edith Ramirez, and Assistant Secretary of Commerce Larry Strickling, the Administrator of the National Telecommunications and information Administration (NTIA). The hearing indicated significant interest in prospective online privacy legislation, with unusually strong participation by subcommittee Members including the Chairman of the full Committee, Fred Upton (R-MI), and ranking Democrat Henry Waxman (CA). Several Members noted their heightened consumer privacy concerns in the wake of the past week’s revelations of voicemail and e-mail hacking in Great Britain, and near unanimous interest in strengthening online protection for the privacy of children.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

HHS has announced its fourth HIPAA formal settlement agreement in less than a year (which does not even include $4.3 million civil money penalty that was also imposed). Adam Greene discusses this new level of HIPAA enforcement, highlights some of the lessons learned from the first settlements, and points to the government's upcoming enforcement opportunities that could bring a new wave of HIPAA headlines. To read more, click here.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In today’s cyberworld, operating in online and social media can put companies in a special class. Unfortunately, that class could mean a class action lawsuit. Websites and social media provide search engines, website operators, and advertisers powerful ways to obtain and monetize data about users. Jimmy Nguyen explores how this power has triggered public and governmental concern about consumers’ online privacy, even leading to a Wall Street Journal investigative report in August 2010 and a wave of class action lawsuits. To read more, click here.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Earlier this month, HHS awarded a contract to KPMG to conduct as many as 150 HIPAA privacy and security audits through December 31, 2012. Adam Greene explores the limited information that has been publicly released about these upcoming audits, including a number of questions they raise. The advisory can be found here.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

By Robert F. Stankey and Adam Shoemaker

While the European Union’s deadline for implementing new cookie rules has passed, substantial uncertainty remains about what organizations should do to make their online activities compliant. In this advisory we offer six practical tips for dealing with the uncertainty.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

By: Micah Ratner

A U.S. District Court in the Eastern Disrict of Michigan has issued its decision in Experi-Metal, Inc. v. Comerica Bank, holding that a bank—instead of the bank’s customer—was liable for $560,000 in unrecovered funds from a phishing attack. The case is noteworthy because a customer is typically liable for unauthorized transfers under Uniform Commercial Code (“U.C.C”) Article 4A. Under U.C.C. Section 4A-202, the customer is responsible for unauthorized transfers if (1) the bank and customer agree that the bank will authenticate transfers through a security procedure, (2) the security procedure is commercially reasonable, and (3) the bank accepted the transfer in good faith.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Next up in our series of advisories relating to emerging issues under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), previous installments of which can be found here and here, Adam Greene looks at a recent proposed HIPAA Privacy Rule expansion that would significantly impact financial institutions that  serve as "business associates" to HIPAA-covered entities, by potentially requiring them to furnish lists of their employees to those entities’ patients/enrollees.  The advisory can be found here.

• Email This
• Print
• Comments
• Trackbacks
• Share Link