Uncategorized

The European Commission has prepared and circulated a draft new General Data Protection Regulation (the “Regulation”). The draft is consistent with many of the expectations the Commission set in its November, 2010, communication titled, “A Comprehensive Approach on Personal Data Protection in the European Union,” and in public statements since made by EU policymakers. The […]

Yesterday, the House Intelligence Committee passed H.R. 3523, the Cyber Intelligence Sharing and Protection Act of 2011, by a nearly unanimous vote of 17-1. The legislation, which was introduced Wednesday by Committee Chairman Mike Rogers (R-MI), with the support and cosponsorship of a bipartisan group of 28 House members, would provide for sharing of certain […]

On November 29, the Federal Trade Commission announced that it had entered an agreement and consent order with Facebook Inc. to settle charges made by the FTC that Facebook’s changes to its website’s privacy settings in December 2009 had threatened the “health and safety” of Facebook’s users. As alleged in the FTC’s complaint, Facebook’s 2009 […]

The pilot phase of the HHS Office for Civil Rights (OCR) HIPAA Privacy and Security Audit Program is now underway through December 2012. Background. Under HITECH Act § 13411, 42 USC § 17940, HHS is required to provide for periodic audits to ensure that HIPAA covered entities and their business associates are complying with the […]

In a departure from most other courts, the United States Court of Appeals for the First Circuit has concluded that Maine law allows plaintiffs to recover certain damages arising from a data breach. Anderson v. Hannaford Bros. Co., — F.3d —-, 2011 WL 5007175 (1st Cir. Oct. 20, 2011). Hannaford’s holding regarding damages, as described […]