FDA and FTC to Study Impact of Social Media Influencers
Latest from CyberAdviser - Page 2
California AG Issues Modified CCPA Regulations
On Friday, February 7, 2020, the California Attorney General’s (AG) Office released modified regulations to the California Consumer Privacy Act (CCPA). The modified regulations incorporate amendments to the CCPA signed into law after the AG’s Office promulgated regulations in October 2019. The modified regulations also reflect public comments made during the initial comment period, which concluded in December 2019. Overall, the modified regulations provide helpful clarifications that should lessen compliance burdens for a number of…
HIPAA 2019 Year in Review: OCR’s Enforcement of HIPAA Security Rule
Although the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) may yet announce one or two year-end settlements, it appears that 2019 will be known more for the implementation of changes in HIPAA enforcement policy than for any of the particular matters that OCR resolved. Last April, OCR announced that it would lower the maximum penalties assessed for most categories of HIPAA violations. Previously, the same maximum $1.5 million cap…
2019 Year in Review
Happy (belated) New Year! 2020 marks the second anniversary of CyberAdviser. In the word of data privacy and cybersecurity, a great deal has happened over that span of time, including the enactment of the GDPR, BDLC (Brazil’s new privacy law), and the CCPA, the continued expansion of data breach and biometrics litigation, important US federal and state enforcement activity, enactment of the CLOUD Act, guidance from the Supreme Court regarding Article III standing (especially critical in…
FTC announces improvements to orders in data security cases
Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, recently announced the following three major improvements that have been made to FTC orders in data security cases:
Specificity: To counter past criticisms that FTC orders to implement comprehensive information security programs were too vague, FTC orders will now require specific security safeguards that address specific allegations in the complaint brought against each company.
Third-party assessor accountability: FTC orders will now give the FTC authority…
CFPB settles enforcement action against employment background screening company for alleged FCRA violations
On November 22nd, the CFPB issued a press release announcing that a stipulated final judgment and order (Order) were filed in the U.S. District Court for the Southern District of New York against Sterling Infosystems, Inc. (Sterling) to resolve allegations that the employment background screening company violated the Fair Credit Reporting Act (FCRA).…
CCPA’s Uncertain Effect on Digital Advertising
Have you ever looked at a product online and realized it was following you around the internet? Have you ever visited a different website and seen the item you were just thinking about purchasing? These friendly reminders are due to cookies–small text files stored on your browser when you visit or interact with a website or advertisement.…
Ballard Podcast: Using Machine Learning and Artificial Intelligence in Debt Collection
In this podcast, Ballard Spahr consumer financial services partner Chris Willis talks with Scott Ferris, CEO of Attunely, a provider of machine learning (ML) and artificial intelligence (AI) technology to the debt collection industry. The podcast addresses how changes in consumer behavior have impacted collections, technology’s role in collections, how ML/AI can improve profitability, and impediments to adopting ML/AI. Phil Yannella, Leader of Ballard’s Privacy & Data Security Group, also discusses how the GDPR, CCPA and…
Health System Hit with More than $2 Million in Civil Penalties under HIPAA
Following on the heels of a few relatively small HIPAA settlements, the U.S. Department of Health and Human Services Office of Civil Rights (OCR) announced that it has imposed $2,154,000 in civil monetary penalties against Jackson Health System in Florida for its failure to meet HIPAA privacy and security requirements. The OCR announcement and accompanying information detail violations that included:
The unauthorized access by an employee to the records of more than 24,000 patients over…
Analysis: Verifying Consumer Requests Under the CCPA
For businesses, one of the more worrisome scenarios under the CCPA occurs when they mistakenly provide personal information of a consumer to the wrong party in response to a consumer request, whether because of fraud or simple mistake. Because the definition of data breach under the CCPA is very broad, the unauthorized sharing of personal information with the wrong party could theoretically give rise to a civil cause of action with statutory penalties of $100-$750,…