Texas Amends State Breach Notification Law and Creates Advisor Council to Study Privacy Laws

Share

Businesses in Texas that own or license computerized data will expect a shortened data breach notification deadline for any breach of sensitive personal information after January 1, 2020. Meanwhile, reporting to state attorney general (“AG”) will become mandatory if more than 250 Texans are involved in a single data breach.

Continue reading

Further Expansion of Data Security Requirements in FTC Order with LightYear Dealer Technologies

Share

The FTC has entered into a settlement with LightYear Dealer Technologies, doing business as DealerBuilt, a technology company that develops and sells dealer management system (DMS) software and data processing services to automotive dealerships nationwide. The settlement resolves allegations that DealerBuilt engaged in a number of unreasonable data security practices. The DealerBuilt’s DMS software tracks, manages, and stores information related to all aspects of a dealership’s business, including sales, finance, inventory, accounting, payroll, and parts and service and collects and maintains personal and competitively sensitive information about consumers and employees.

Continue reading

$3 Million Settlement for Exposure of and Latent Response to Exposure of 300,000 Patients’ Protected Health Information

Share

Touchstone Medical Imaging (Touchstone) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) entered into a no-fault settlement and two-year corrective action plan (CAP) to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).

Continue reading

New Requirements for FTC Data Security Settlements

Share

Two of the Federal Trade Commission’s (FTC’s) most recent data security settlements include new requirements that go beyond previous data security settlements. The new provisions (1) require that a senior corporate officer provide to the FTC annual certifications of compliance and (2) specifically prohibit making misrepresentations to the third parties conducting required assessments. A statement accompanying these settlements noted that the FTC has instructed staff to examine whether its privacy and data security orders could be strengthened and improved.

Continue reading

Datapocalypse Now: Will The CCPA Cancel Digital Advertising?

Share

When people talk about data privacy, or data collection, or tracking technology, or analytics, or click farms, or bots, or data brokers, or geolocation, or mobile apps, or social media, or influencers, in the end what they’re really talking about is digital advertising. Yet while we may feel comfortable using the phrase to broadly describe any online marketing efforts, the purpose of digital advertising is quite different from the goal of a 30 second radio spot, and shares little with its Mad Men-era ancestors beyond the name.

But today, faced with a variety of new laws and regulations designed to protect consumer privacy, lawyers and their clients are obliged to take a much deeper and more nuanced dive into modern methods of digital advertising. And many are surprised at what they find.

Continue reading

The Trump Administration Signals Heightened Scrutiny of Chinese Investment in Companies with Access to Americans’ Personal Data

Share

According to recent disclosures, the Trump Administration has been acting aggressively to control Chinese investment in companies that have access to Americans’ personal data. Last week, it was revealed that the Committee on Foreign Investment in the United States (CFIUS) has ordered Chinese company Beijing Kunlun Tech Co. Ltd. to sell its majority stake in on-line dating app Grindr over concerns that Chinese access to personal data held by Grindr could pose a threat to U.S. national security. Then, on April 4, 2019, it was announced that CFIUS had also ordered Chinese investor and digital healthcare company iCarbonX to sell its stake in the U.S. company PatientsLikeMe. PatientsLikeMe is an on-line service that links individuals suffering the same health issues in an effort to improve disease detection and treatment. Again, the concern reportedly prompting the CFIUS action is Chinese access to the personal data of Americans and the national security risk that could pose.

Continue reading

« Older posts

© 2019 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy