Privacy, Cyber & Data Strategy Team

On November 29, the Federal Trade Commission announced that it had entered an agreement and consent order with Facebook Inc. to settle charges made by the FTC that Facebook’s changes to its website’s privacy settings in December 2009 had threatened the “health and safety” of Facebook’s users. As alleged in the FTC’s complaint, Facebook’s 2009 […]

The pilot phase of the HHS Office for Civil Rights (OCR) HIPAA Privacy and Security Audit Program is now underway through December 2012. Background. Under HITECH Act § 13411, 42 USC § 17940, HHS is required to provide for periodic audits to ensure that HIPAA covered entities and their business associates are complying with the […]

In a departure from most other courts, the United States Court of Appeals for the First Circuit has concluded that Maine law allows plaintiffs to recover certain damages arising from a data breach. Anderson v. Hannaford Bros. Co., — F.3d —-, 2011 WL 5007175 (1st Cir. Oct. 20, 2011). Hannaford’s holding regarding damages, as described […]

In response to various political pressures, including a letter dated May 11, 2011, from Senator Jay Rockefeller (D-WV) and four other senators to SEC Chairman Mary Schapiro, the Staff of the Security and Exchange Commission’s (SEC) Division of Corporation Finance issued guidance on October 13, 2011 regarding its views on disclosure obligations relating to cybersecurity […]

This afternoon the House Republican Cybersecurity Task Force announced a report containing its recommendations on federal cybersecurity legislation pursuant to a request by the House Republican leadership to examine four critical areas: critical infrastructure and incentives, information sharing and public-private partnerships, existing cybersecurity laws, and legal authorities. The Task Force recommends actions which could be accomplished in […]