You are the HIPAA privacy official of a hospital or health plan (a covered entity under HIPAA). You receive an email from a vendor that handles protected health information (a business associate), informing you that one month ago an unauthorized actor infiltrated its information systems. The intruder may have gained access to information about your

On October 27, the Federal Trade Commission (“FTC”) unanimously voted to amend the Safeguards Rule to require non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders, to report data breaches and security events to the Agency. This amendment will become effective 180 days after its publication in the Federal Register.

Under

After an extensive comment period, the SEC announced on July 26 that it was formally adopting new rules for public companies governing cybersecurity disclosures. The rules had generated significant backlash from public companies, who criticized the new reporting deadlines for data security incidents as well as the mandatory cyber-risk disclosures the Rules mandate.

Adoption of

2022 proved to be an historic year for privacy and data security.  Connecticut and Utah joined the list of states that have now passed comprehensive data privacy laws, bringing the total to five (5) states.  For the first time, federal privacy legislation advanced to a House Subcommittee, and though the American Data Privacy and Protection

In early November, Pennsylvania amended its data breach notification law broadening the definition of personal information.  The amendment adds “health insurance information” and “medical information” as data elements that could trigger breach notification requirements.  Coupled with this addition is a breach notification exception for businesses that are (1) subject to and (2) in compliance with

The Third Circuit recently became the first federal appellate court to address the question of whether the victim of a data breach has Article III standing to bring a claim for damages based on the fear of identity theft since the Supreme Court’s decision in TransUnion v. Ramirez in 2021.  The Third Circuit, in Clemens

The FTC recently reported that over $650 mm worth of cryptocurrency was stolen by hackers last year.  Thus far, over $320 mm in cryptocurrency has been stolen by hackers this year.  Not surprisingly, this surge in crypto breaches has led to litigation.  In our monthly webcast series, Ballard partners Phil Yannella, Greg Szewczyk and

The Federal Trade Commission (FTC) recently issued a blog post stating that a failure to disclose a data breach may be a violation of Section 5 of the FTC Act.  The May 20 blog post, titled Security Beyond Prevention: The Importance of Effective Breach Disclosures, explained that in some instances, the FTC Act

On March 15, 2022, President Joe Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which increased funding for the federal Cybersecurity and Critical Infrastructure Agency (CISA) and outlined new rules and requirements for companies and organizations to follow.

Notably, CIRCIA requires owners and operators of critical infrastructure to report cyber

2021 proved to be a momentous year for privacy and data security law.  The scourge of ransomware continued last year, leading to record-setting ransomware payments, a muscular response from the federal government, a hardening insurance market, and significant corporate anxiety.  Two more U.S. states passed comprehensive data privacy laws in 2021.  The FTC was very active, issuing new guidance for artificial intelligence (AI), publishing revisions to the GLBA Safeguards Rule, and bringing new enforcement actions.  The U.S. Supreme Court issued a number of opinions that had the effect of narrowing the scope of key privacy statutes while biometric litigation in Illinois exploded.  The European Commission promulgated new rules for cross-border transfers, and U.S. state regulatory enforcement activities ramped up.
Continue Reading  Predictions for Privacy & Data Security in 2022