Earlier last week, House Homeland Security Committee Chairman Michael McCaul (R-TX) introduced H.R. 3696, a bill to amend the Homeland Security Act to make certain improvements regarding cybersecurity and critical infrastructure protection. The committee circulated the draft earlier this year, and had planned to mark up the bill when the Edward Snowden revelations became public. The bill […]
California Attorney General Announces Upcoming Best Practices Guidelines for Do-Not-Track Disclosures; Guidelines Will Not Delay New A.B. 370 Do-Not-Track Disclosure Requirements from Taking Effect on January 1, 2014
On December 10, 2013, the Privacy Enforcement and Protection Unit of the California Office of the Attorney General (CA AG) held a meeting in San Francisco for interested stakeholders to discuss best practices in light of the Assembly’s enactment of A.B. 370, California’s new do-not-track disclosure law that goes into effect on January 1, 2014. […]
New HHS OIG Report Raises Concerns about Oversight and Enforcement of HIPAA Security Rule
On Wednesday, December 4, 2013, the HHS Office of Inspector General (OIG) issued a report raising concerns about the adequacy of the HHS Office for Civil Rights’ (OCR) oversight and enforcement of HIPAA’s Security Rule. The Security Rule establishes the administrative, physical, and technical safeguards that covered entities and their business associates are required to implement […]
FTC Settles with Flashlight App Developer Over Charges It Transmitted Geolocation Data Without Consumers’ Knowledge
The creator of the popular “Brightest Flashlight Free” Android app has agreed to settle with the Federal Trade Commission (“FTC”) over charges that the app deceived consumers regarding the collection of geolocation information that was shared with third parties. The app, created by Goldenshores Technologies, LLC, (“Goldenshores”) turns a mobile device into a flashlight by […]
New Malaysian Data Privacy Law
After enactment in 2010, Malaysia’s Personal Data Protection Act, and implementing regulations, finally went into effect on November 15, 2013. The law applies to the processing of “personal data” by entities operating in Malaysia but generally does not apply to data processed entirely outside of Malaysia.[1] Additionally, official registration requirements will extend to many classes […]