The U.S. Department of Health and Human Services (HHS) released guidance to address how the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule applies to various entities’ requests for information related to an individual’s COVID-19 vaccination status.
HHS emphasized
Continue Reading HHS Clarifies Applicability of HIPAA Privacy Rule to COVID-19 Vaccination Status Requests
On September 15, 2021, the Federal Trade Commission (“FTC”) issued a policy statement affirming the applicability of its Health Breach Notification Rule (the “Rule”), 16 CFR Part 318, to health apps and connected devices that are not subject to the
Continue Reading FTC Guidance Affirms Breach Notification Obligations for Health Apps and Connected Devices
OFAC Updates Advisory on Enforcement Risks Relating to Agreeing to Pay Ransomware
First Post in a Two-Part Series on Recent OFAC Designations
On September 21, 2021 OFAC issued its first sanctions designation against a virtual currency exchange by designating the
Continue Reading OFAC Targets Virtual Currency Exchange for Allegedly Facilitating Ransomware Attack
On Monday, the White House announced the nomination of Alvaro Bedoya to serve as FTC Commissioner. Mr. Bedoya is slated to fill the seat on the Commission currently held by Rohit Chopra, which Mr. Chopra will vacate upon his confirmation
Continue Reading President Biden nominates Alvaro Bedoya to serve as FTC Commissioner
On August 12, 2021, the United States District Court for the District of South Carolina issued an opinion denying in part and granting in part a motion by Blackbaud to dismiss seven statutory claims brought by plaintiffs in a multidistrict
Continue Reading Federal Court Holds that Cloud Service Provider is Subject to CMIA
The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has continued its enforcement of HIPAA’s privacy and security rules in the new administration, announcing a number of settlements of alleged violations in the
Continue Reading OCR’s HIPAA Resolution Agreements: the Year Thus Far
With a little over a year of enforcing the California Consumer Privacy Act (CCPA) under its belt, the Office of the California Attorney General (OAG) recently held a press conference to announce updates on its CCPA enforcement efforts and promote
Continue Reading California Enforcement Updates and Privacy Tools Highlight Regulatory Scrutiny of Right to Opt Out
Following in the footsteps of the Eastern District of Virginia’s Capital One decision last year and the District of D.C.’s Clark Hill decision earlier this year, the Eastern District of Pennsylvania has just ordered the production of a data breach
Continue Reading Another Federal Court Orders Production of Data Breach Forensic Report
On July 9, 2021, New York City’s biometric identifier information law became effective. The law, which was enacted in January 2021, addresses the collection and use of biometric identifier information (BII) by commercial establishments—meaning places of entertainment, retail stores, or
Continue Reading New York City’s Biometric Identifier Information Law Takes Effect
On June 4, 2021, the European Commission adopted an updated and long-awaited set of standard contractual clauses (SCCs) for the international transfer of personal data. The previous SCCs were created prior to the implementation of the EU General Data
Continue Reading The European Commission’s Adoption of New SCCs
