Security, Privacy and the Law

Legal Perspectives on the Expanding Universe of Information Security & Privacy Issues.

Latest from Security, Privacy and the Law

Watch Now: Maintaining Privacy and Data Security in the Remote Workplace

June 24, 2020

The coronavirus pandemic has required a rapid and dramatic shift to remote work, raising important implications for workplace privacy and information security. Some of these concerns are new; others are the same concerns that employers have always held, now amplified by the increasingly blurred lines between work and home. All of these concerns will remain as the workplace travels from the office to the home and, in the near future, back again. Some are compliance-related:…

Security, Privacy and the Law

Watch Now: CCPA Enactment: What Stays the Same and New Privacy Concerns After COVID-19

By Foley Hoag

May 12, 2020

Chris Hart and Colin Zick, both Partners at Foley Hoag and Co-Chairs of the Privacy and Data Security Practice joined Mass Technology Leadership Council for their regular update on CCPA and other global and state privacy regulations. This program, which was planned prior to the COVID-19 outbreak in the US, did provide an update on what California is currently enforcing and who is leading the charge. CCPA came into effect on January 1, 2020…

Security, Privacy and the Law

Privacy v. Speech? Supreme Court to Weigh in on TCPA Restrictions on Automated Calls

By Jeremy Meisinger

May 6, 2020

The Supreme Court on May 6, 2020 heard oral argument on a widely-watched First Amendment case that may have broad ramifications for the Telephone Consumer Protection Act and, potentially, government restrictions on telecommunications more broadly. Originally passed in 1991, the Telephone Consumer Protection Act is enforced by the Federal Communications Commission and contains various restrictions on telemarketing, including the use of auto-dialers (sometimes called “robocallers”). The FCC has strengthened the law’s restrictions over time and…

Security, Privacy and the Law

GDPR, CCPA and Now, the NY SHIELD Act: Additional Data Security Responsibilities for Companies Holding the Private Information of NY Residents

By Peter Sullivan

May 4, 2020

On March 21, 2020, the last of the features of the NY Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) became effective: its data security requirements. The SHIELD Act is a sweeping statute governing individual rights relating to data breaches. It was adopted in July 2019 and has been rolled out in the months since then: its breach notification provisions took effect on October 23, 2019, and its data security requirements have now…

Security, Privacy and the Law

The Equifax/Massachusetts Attorney General Consent Judgment: A Guide for Privacy and Security Compliance

By Christopher Escobedo Hart

May 2, 2020

What do businesses need to do to comply with privacy and data security laws? The first place to look is to relevant statutes. If you store or process the personal information of Massachusetts residents, then you will at least be subject to the Massachusetts Data Breach Notification Statute and related security regulations. These are important guides that require certain operational activities, such as maintaining a written information security program, or WISP, an often-overlooked…

Security, Privacy and the Law

Privacy and COVID-19 Contact Tracing – Lessons from South Korea?

By Colin Zick

April 25, 2020

Very interesting discussion in the most recent Journal of the American Medical Association, “Information Technology–Based Tracing Strategy in Response to COVID-19 in South Korea—Privacy Controversies.” The sources of information are staggering in their breadth: mobile phone carriers, immigration services, law enforcement, credit card companies, public transit companies, government agencies, health insurers and health care providers. It is difficult to imagine this type of tracing in the United States. The social ramifications of such close tracing…

Security, Privacy and the Law

FERC Authorizes Deferred Implementation of Seven NERC Reliability Standards

By Carol Holahan

April 24, 2020

https-www-energycleantechcounsel-com-wp-content-uploads-sites-3-2020-04-energy1-300x200-jpg

The Federal Energy Regulatory Commission (“FERC” or “Commission”) recently issued an Order approving a request by the North American Electric Reliability Corporation (“NERC”) to defer the implementation of several Reliability Standards scheduled to take effect later this year. This action, along with others discussed in an earlier post here, are the latest measures approved by FERC that demonstrate the Commission’s intent to exercise discretion in easing reliability compliance burdens in light of the national emergency…

Security, Privacy and the Law

Colin Zick recommends getting ready for the new data sharing rules now, despite enforcement delay…

By Colin Zick

April 24, 2020

Colin Zick, co-chair of Foley Hoag’s Health Care Practice and Chair of the Privacy and Data Security Practice, spoke with Bloomberg Law’s Ayanna Alexander regarding the Department of Health and Human Services’ decision to hold off on enforcing new health information data-sharing rules. His recommendation: prepare now, as the new requirements aren’t going away. “They will go easy on you if you are trying to comply, but the pandemic makes it difficult or impossible,”…

Security, Privacy and the Law

Best Privacy and Security Practices, COVID-19 Edition (Hint: Fewer Differences than You Might Think)

By Christopher Escobedo Hart

April 11, 2020

Businesses scrambling to move their workforces into remote environments are rightly concerned about the smooth and productive flow of information, including question about whether there will be any government support for building out a remote infrastructure, and what limitations are there on the kinds of information employers may obtain or share to minimize the health impacts on their employees (both questions, among many others, that Foley Hoag’s COVID-19 Task Force was built to help answer). …

Security, Privacy and the Law

Jeremy Meisinger discusses why strong, transparent privacy protections are both possible and necessary to secure the public buy-in needed to make public health surveillance work

By Jeremy Meisinger

April 9, 2020

Both legally and practically, there need not be an exclusive choice between health information privacy and using GPS and other technology to gather and provide information about COVID-19. Foley Hoag’s Jeremy Meisinger shares more in this GPS World article. …

Security, Privacy and the Law

Blog Authors

Watch Now: Maintaining Privacy and Data Security in the Remote Workplace

Watch Now: CCPA Enactment: What Stays the Same and New Privacy Concerns After COVID-19

Privacy v. Speech? Supreme Court to Weigh in on TCPA Restrictions on Automated Calls

GDPR, CCPA and Now, the NY SHIELD Act: Additional Data Security Responsibilities for Companies Holding the Private Information of NY Residents

The Equifax/Massachusetts Attorney General Consent Judgment: A Guide for Privacy and Security Compliance

Privacy and COVID-19 Contact Tracing – Lessons from South Korea?

FERC Authorizes Deferred Implementation of Seven NERC Reliability Standards

Colin Zick recommends getting ready for the new data sharing rules now, despite enforcement delay…

Best Privacy and Security Practices, COVID-19 Edition (Hint: Fewer Differences than You Might Think)

Jeremy Meisinger discusses why strong, transparent privacy protections are both possible and necessary to secure the public buy-in needed to make public health surveillance work

Stay Connected

Company

Support

New to the Network