As colleges and universities know, higher education institutions have a duty to protect the confidentiality of student records, codified in the Family Educational Rights and Privacy Act (“FERPA”), 20 U.S.C. § 1232g.  When such documents are requested in the course of litigation, FERPA dictates the processes and standards a school must apply in response.  The discussion that follows answers the following questions: When if ever must a school provide student information to a third party during…

Foley Hoag attorneys Chris Hart and Jeremy Meisinger examine legal considerations around data privacy and security in cannabis transactions. Click here to read the Bloomberg Law article. The post Cannabis Data Privacy Issues to Watch in 2021 first appeared on Security, Privacy and the Law.…

The OCR could look to stave off such challenges by moving to issue new regulations that address the issues and ambiguities highlighted in the MD Anderson decision, according to Foley Hoag Privacy & Data Security practice co-chair Colin Zick. Click here to read the Law360 article. The post 5th Circ. Creates Roadblocks For New HHS Privacy Enforcers first appeared on Security, Privacy and the Law.…

Rapidly-shifting regulatory requirements affecting data privacy often leave businesses struggling not only to keep up with immediate compliance needs, but also wondering how they can “future proof” their businesses to account for increasingly robust laws. And as the technology around artificial intelligence increases in sophistication and ubiquity, lawmakers and consumers are taking notice and action. How should businesses be thinking about these changes beyond mere compliance? What are the ethical implications around data use affecting…

January 28 is Data Privacy Day, and on this 14th annual Data Privacy Day, I find myself reflecting on the question of data ethics. Far from being an academic concept, “data ethics” presents a model for data management with real practical implications for organizations.  (I should note that I am focused here on personal data.)  To understand what the concept might entail, let’s take a step back and talk about two other models for data…

Editors’ Note:  This is the fourth in our fifth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year.  Read our previous posts on Energy, Cannabis, and the GDPR. As the Trump Administration ends, it is time to look forward to what may be on the horizon with regards to law enforcement at the FTC under the Biden Administration. At this point the future is a bit hazy. It is…

You may have forgotten that there is a federal criminal identity theft statute, 18 U.S.C. § 1028A, which says: Whoever, during and in relation to any felony violation enumerated in subsection (c), knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person shall, in addition to the punishment provided for such felony, be sentenced to a term of imprisonment of 2 years. Section 1028A is not frequently invoked, but it…