Category Archives: U.S. regulations

Subscribe to U.S. regulations RSS Feed

Health Information Technology, Privacy and Security 2018 First Quarter Update

Is it April already? Where has the time gone? We have all heard about Facebook’s woes, but you have been so busy, you have probably missed a few of the other recent developments in health IT and data privacy and security. We have you covered with a roundup of some of the significant and interesting … Continue Reading

One Is the Loneliest Number: Alabama Becomes the Final State to Pass Data Breach Notification Law

On March 28, 2018, exactly one week after South Dakota enacted a data breach notification law, and a little over sixteen years since California became the first state to pass a data breach law, Alabama became the fiftieth and final state to pass a data breach notification law. Until recently, Alabama and South Dakota were … Continue Reading

EU Regulators Allow One-Year Test of Privacy Shield

The long-awaited US-EU Privacy Shield—the successor to the US-EU Safe Harbor which was declared invalid—is set to kick in on August 1, 2016. (See our July 8 post for detail.) One of the reasons it took so long to put the Privacy Shield in place was the opposition it encountered from consumer groups and the data protection … Continue Reading

FAA Establishes Drone Advisory Council

On May 3, the Federal Aviation Administration (“FAA”) announced the formation of a new UAS Advisory Committee, or Drone Advisory Council (“DAC”). The formation of the DAC continues the FAA’s emphasis on safety of unmanned aircraft systems (“UAS”) operating in the national airspace system. The FAA, acknowledging the increasing commercialization of drones, has focused extensive … Continue Reading

Proposed Broadband Consumer Privacy Rules Circulated to Federal Communications Commission

When consumers sign up for Internet service with broadband providers, should they be required to sign away their privacy rights? No, according to the draft Notice of Proposed Rulemaking (NPRM) that the Federal Communications Commission Chairman Tom Wheeler circulated to the Commission. Chairman Wheeler’s proposed NPRM takes significant steps toward implementing the provisions of the … Continue Reading

Judicial Redress Act of 2015 Presented to the President

Less than a year following its introduction in Congress, the Judicial Redress Act of 2015 was presented to the President on February 12, 2016. According to House Judiciary Chairman Bob Goodlatte (R-VA) in his Statement released on September 17, 2015, the intent is that the Act will (1) address the concerns expressed by the European … Continue Reading

EU-US Privacy Shield Replaces Safe Harbor

The European Commission and the U.S. Department of Commerce have reached a last-minute deal on a new trans-Atlantic data sharing agreement. Initially coined as “Safe Harbor 2.0” this new agreement will instead be referred to as the “EU-US Privacy Shield.”  EU Justice Commissioner, Vera Jourová, addressed the new agreement at a press conference earlier today.  The … Continue Reading

FDA Issues Guidelines on Postmarket Management of Cybersecurity in Medical Devices

The U.S. Food and Drug Administration (“FDA”) recently issued draft guidance entitled “Postmarket Management of Cybersecurity in Medical Devices” (“Guidance”). The medical device industry anxiously awaited the Guidance, which outlines recommended steps medical device manufacturers should take to continually monitor, identify, and address cybersecurity vulnerabilities after devices enter the market. The FDA previously issued guidance … Continue Reading

European Commission and Data Protection Authorities Issue Guidance

When the European Court of Justice invalidated the Safe Harbor Framework, companies were left scrambling to determine how best to conduct day-to-day business involving data transfers between the EU and the U.S. To remind us of our options, the European Commission released a communication setting out the alternative grounds upon which personal data may still … Continue Reading

European Court of Justice Invalidates EU-U.S. Safe Harbor

On October 6, the European Court of Justice released an opinion that will have a significant effect on many companies which do business in the EU and transfer information to United States operations. In Schrems v. Data Protection Commissioner, the Court held that the EU-U.S. Safe Harbor Agreement does not preempt the data protection authorities … Continue Reading

EU-U.S. Data Protection Treaty Could Open U.S. Courts to EU Litigants

The U.S. and the EU recently concluded a treaty which will open the doors of U.S. courts to Europeans suing U.S. companies for data privacy violations. For a long time the Europeans have been skeptical about the protection of data privacy in the United States. The name “Snowden” still touches a sore spot with most … Continue Reading

Good News from the IRS on Taxability of Identity

Businesses and governmental entities increasingly store sensitive nonpublic personal information electronically. It should be no surprise, then, that identity theft is a major problem in the United States. Identity theft is generally considered to occur when a person wrongfully obtains and uses another person’s personal information (for example, name, social security number, or banking or … Continue Reading

Energy Regulators Respond to Increasing Cyber Threats to the Grid

As anyone who even casually watches the nightly news can tell you, breaches of customer and corporate data can cause serious financial, legal, and reputational harm to a company. But, for energy companies that own and operate physical assets that comprise the nation’s power grid, understanding and complying with the federal government’s complex and constantly … Continue Reading

New Cybersecurity Assessment Tool

The Federal Financial Institutions Examination Council recently published its Cybersecurity Assessment Tool (Assessment) to help financial institutions identify cybersecurity risks and determine the institution’s preparedness through a repeatable and measurable process over time. We share it with our data privacy audience because its value is not limited to financial institutions. It is a thoughtful, structured … Continue Reading

Healthy reminder: HIPAA rules apply to most workplace wellness programs

Wellness programs are great ways for employers to provide guidance on ways employees can improve their health through fitness, diet and various other means. But oftentimes, employers forget that wellness programs may be an extension of a company’s heath care plan. As such, the Health Insurance Portability and Accountability Act (HIPAA) rules apply equally to … Continue Reading

Were you affected by the Anthem breach? Answers to these questions may help

It’s being called “a very sophisticated external cyber-attack.” With the theft of 80 million of its customers’ and employees’ records, Anthem Health Insurance has suffered one of—if not the—largest data breach in our nation’s history. Reports suggest the cost of the attack may exceed $100 million. After sophisticated hackers broke into the company’s database, likely … Continue Reading

Republican majority may mean the passage of privacy legislation

After the results were in for the much-anticipated election on Nov. 4, we learned that Republicans gained majority control over the U.S. Senate and maintained their majority control in the U.S. House of Representatives. This shift in party control could spell the end to the gridlock that Congress has been recently experiencing for various types … Continue Reading

What direction companies must head with ‘right to be forgotten’ laws

When a European Union court said in May that individuals have the right to control their data and can request that search engines remove results linking to their information, legal practitioners around the world were surprised. This “right to be forgotten” seemed to take data privacy laws to an unprecedented level that even European lawyers … Continue Reading

Things that go bump in the night – and who’s regulating them

Data security, and the threat of catastrophic breaches, is rising up the list of things that keep in-house counsel awake at night. But unlike other things that go bump in the night, this threat is really out there—and it can be frightening, particularly for companies that aren’t prepared. Fast Company reported that nearly half of … Continue Reading