On April 23, 2015, the FTC and Nomi Technologies, Inc. (“Nomi”) settled the FTC’s misrepresentation charges related to Nomi’s “Listen” service, a multiple sensor technology that allows retailers to measure consumers’ in-store movements. Nomi’s sensors track consumers as they browse physical stores. According to the complaint, “Nomi places sensors in its clients’ retail locations that detect […]
Regulation
HHS Issues Guidance on HIPAA and Workplace Wellness Programs
On Thursday, April 16, 2015, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued guidance, consisting of two frequently asked questions (FAQs), on the application of the HIPAA Privacy, Security, and Breach Notification Rules to workplace wellness programs. HHS explains in one of the FAQs that the […]
FTC Proposes Settlement with Two Companies Over False Safe-Harbor Claims
On April 7, 2015, two U.S. companies agreed to settle Federal Trade Commission (“FTC”) allegations that they falsely claimed to be in compliance with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework. In the concurrently filed complaints against TES Franchising, LLC (“TES”), a franchisee coaching business, and American International Mailing, a mail […]
FCC Adopts Consent Order with AT&T Over Alleged Data Security Violations
The Federal Communications Commission (FCC) announced on April 8 that it had adopted a consent decree between its Enforcement Bureau and AT&T Services, Inc. (AT&T), including a civil penalty of $25 million and a requirement to adopt a comprehensive compliance plan, among other actions. The consent decree alleges that AT&T “failed to protect the confidentiality” […]
New York State Regulator to Examine Insurers on Cybersecurity Following Comprehensive Risk Assessments
On March 26, 2015, Benjamin Lawsky, Superintendent of the New York State Department of Financial Services (DFS), sent a letter to the CEOs, General Counsel, and Chief Information Officers of all insurers doing business in the state to inform them of a mandatory cybersecurity questionnaire and the initiation of targeted cybersecurity examinations. Approximately 160 insurers […]