A November 13, 2015 decision from the Federal Trade Commission’s Chief Administrative Law Judge, D. Michael Chappell, calls into question FTC enforcement in the data privacy space. The case began when the FTC filed a complaint on August 28, 2013 after an employee of LabMD, a cancer detection laboratory, downloaded peer-to-peer (“P2P”) software that exposed patient […]
Legislation
Commission Underlines Commitment to Safe Harbor Discussions
In a keynote speech today before the 37th International conference of Privacy and Data Protection Commissioners in Amsterdam, EU Justice Commissioner Vera Jourová reiterated the commitment of the European Commission to completing discussions with the United States on a replacement framework for the U.S.-EU Safe Habor. Commissioner Jourová noted that, in the wake of the European Court […]
California Updates Data Breach Notification Statute; Provides Model Notification Form
On October 6, California Governor Jerry Brown signed into law two different updates to California’s data breach notification statute. Both updates will become effective on January 1, 2016. The first update, AB 964, defines “encrypted” for purpose of the statute to mean ”rendered unusable, unreadable, or indecipherable to an unauthorized person through a security technology […]
Third Circuit Affirms FTC’s Authority to Regulate Data Security
On August 24, 2015, the Third Circuit affirmed U.S. District Court Judge Esther Salas’ April 2014 ruling in FTC v. Wyndham Worldwide Corp., et al. (“Wyndham”) that the FTC has the authority to regulate private companies’ cybersecurity practices under Section 5 of the FTC Act. (Prior blog posts on this case can be found here […]
Illinois Governor Vetoes Data Protection Bill; Suggests Revisions
Illinois Governor Bruce Rauner vetoed a bill amending the state’s data breach notification law on August 21, 2015, saying in a letter to the General Assembly that the bill “goes too far, imposing duplicative and burdensome requirements that are out-of-step with other states.” The bill, S.B. 1833, would have amended Illinois’ Personal Information Protection Act […]