Privacy & Data Security

/Privacy & Data Security

Anthem Settles Multidistrict Litigation over 2015 Data Breach $115 Deal Sets Record for a Data-Breach Settlement

Health insurance giant Anthem Inc. reported on February 4, 2015, that its computer systems had been targeted in a “very sophisticated external cyber attack.” The hackers stole personal information from nearly 80 million Anthem employees and customers, including names, birthdates, Social Security numbers, and addresses. Anthem reported at the time that all of its product [...]

Telling a Tall Tale: Reports of Demise of Privacy Obligations are Greatly Exaggerated

There has been a good deal of public discussion of pending legislative action to relieve internet service providers of the obligation to obtain affirmative consent of customers [‘opt-in’] before collecting and sharing customer information. Those engaged in digital marketing via e-mail and text message may wonder what this means for their efforts.  In our view, [...]

Text or Tele-Marketing? Need to Expand Your View of Privacy Obligations

For many businesses, privacy compliance does not involve only what you do with consumer information and whether you properly disclose your intentions. In particular, those contemplating phone or text marketing campaigns, including those tied to use of smartphone GPS data, need to be aware of the provisions of the Telephone Consumer Protection Act. Originally enacted [...]

The “New” NDA In A World Of Data Breaches: Risk Vs. Return

 PRACTICE AREA / INDUSTRY: DATA SECURITY & PRIVACY, INTELLECTUAL PROPERTY   August 25, 2016 — Anyone in business knows that they will only stay there if they properly equate their potential returns with the legal and economic risks they are being asked to assume. Pretty basic, huh? Not so much today—even in the seemingly tranquil [...]

EU-U.S. Privacy Shield – European Commission Releases Draft Agreement

On Monday, the European Commission issued a draft of the newly minted EU-U.S. Privacy Shield Agreement.  The new agreement replaces the Safe Harbor provisions that regulates the transfer of personal data of European individuals between U.S. companies and countries in the European Union (“EU”).  After two years of coordinated effort between the U.S. and the [...]

The Core of the Apple Controversy is not About Lessening Security Measures

The recent controversy involving Apple’s refusal to assist with FBI efforts to obtain access to the iPhone used by the perpetrators of the San Bernardino massacre features a good deal of discussion about the use of encryption to prevent disclosure of data on the phone. This discussion is often framed as one involving the nature [...]

Reporting Deadline for 2015 PHI Breaches Affecting Fewer than 500 Individuals is February 29

Covered entities are required to report any breach of unsecured protected health information (“PHI”) to the Secretary of the U.S. Department of Health & Human Services, Office of Civil Rights (“OCR”). A covered entity’s breach notification obligations differ based on whether the breach affects 500 or more individuals or fewer than 500 individuals. For breaches [...]

California Hospital IT Systems Held Hostage by Ransomware Attack

The Hollywood Presbyterian Medical Center in Los Angeles, California. MARIO ANZUONI / Reuters Today national news outlets are reporting a hacking assault on Hollywood Presbyterian Medical Center in California. According to authorities, the hospital was the victim of a cyber-attack on February 5 that locked the hospital out of its computer systems using [...]