Enforcement - Federal Agency and State AG Action

In another twist in the LabMD case, LabMD has succeeded in obtaining a delay on the FTC’s enforcement action during its appeal.  Of course, the substantive issues remain to be determined.

In 2013, the Federal Trade Commission (FTC) issued an administrative complaint against LabMD for alleged “unfair” data security practices culminating in an Opinion

The celebratory confetti has barely settled on the campaign office floor, but in the age of patches, hacks, and cyberattacks, the nation’s attention has shifted to how President-elect Donald Trump will manage U.S. privacy and data security issues.

During the campaign, Mr. Trump did not extensively outline a cybersecurity plan, but from the information provided

In an opinion issued Oct. 31, 2016, the U.S. Court of Appeals for the Seventh Circuit rejected a challenge to a Federal Motor Carrier Safety Administration (FMCSA) rule that will require most commercial motor vehicles to be equipped with an electronic logging device, or “ELD,” by December 2017 (the “ELD Rule”).

The petition

This morning the FCC voted along party lines to adopt rules subjecting broadband internet service providers (ISPs) to new consumer privacy regulations. According to the FCC’s press release, the rules give “customers the tools they need to make informed decisions about how their information is used.”  This includes requiring ISPs to gain opt-in consent from

The European Commission very recently presented two draft implementing decisions amending the existing adequacy decision on standard contractual clauses.

These drafts were presented to the Article 31 Committee, which is composed of Members State representatives who assist the European Commission concerning the protection of individuals with regard to the processing of personal data.

This presentation is a consequence of the Schrems ruling and past declarations of the Article 29 Working Party that standard contractual clauses remain under scrutiny.

The summary by the Article 31 Committee speaks for itself: “In Schrems, the Court invalidated Article 3 of the Safe Harbour adequacy decision because it found that the Commission exceeded its powers in imposing limitations on the powers of national supervisory authorities (DPAs) to suspend and prohibit data flows. Since a comparable provision restricting the powers of DPAs is present in the existing adequacy and SCCs decisions, the main objective of the proposed draft amending decisions is to remove any such restriction, thereby ensuring that the DPAs can use all the powers provided under EU and national law.”

The Article 31 Committee will make a final decision concerning these draft amendments in the coming days or weeks after reviewing the opinions of the Article 29 Working Party. It is possible that the Article 29 Working Party will propose other amendments.

Continue Reading Expected Soon: Modifications of the Standard Contractual Clauses

Public schools have generated and maintained massive amounts of student information for decades. Standardized test scores, grades, conduct records, psychological and medical information, student assessments, child and parent personal information, and teacher evaluations of children’s performance are all essential to providing and improving educational services.  But with such massive amounts of data comes great risk

Yesterday the Federal Communications Commission (FCC) revealed its revamped broadband privacy regulations. In March, the FCC initially proposed privacy rules which were highly criticized by everyone from the Federal Trade Commission (FTC) to small business owners. The new rules contain less regulation and they more closely resemble the FTC approach to privacy. In fact

As anticipated, things are getting even more exciting with the case previously covered in Password Protected.  Specifically, LabMD is appealing the landmark data security case between it and the Federal Trade Commission (“FTC”) that examines an alleged data breach, despite the absence of identifiable harm. The case is poised to become a major driver

A study by the International Association of Privacy Professionals has found that 28,000 data protection officers (DPO) will be needed in the next two years for companies to comply with the EU’s new General Data Protection Regulation (GDPR).  By the time the GDPR comes into force in 2018, in-scope entities will have to have their

While much of Washington, D.C. is enjoying the slow and hazy days of summer, the Federal Trade Commission (FTC) is staying busy solidifying its presence as the go-to authority for data security. Most recently, on July 29, 2016, the FTC issued a unanimous Opinion and Final Order against LabMD, Inc., for its unreasonable data security