On September 15, 2021, the Federal Trade Commission (“FTC”) issued a policy statement affirming the applicability of its Health Breach Notification Rule (the “Rule”), 16 CFR Part 318, to health apps and connected devices that are not subject to the Health Insurance Portability and Accountability Act (“HIPAA”) but are capable of drawing information from multiple sources.
Continue Reading  FTC Guidance Affirms Breach Notification Obligations for Health Apps and Connected Devices

Health care providers, health plans, and others who are subject to HIPAA are sure to have questions about when they may disclose information about individuals who have contracted, or been exposed to, Coronavirus (COVID-19).

To address these questions, the Office of Civil Rights, U.S. Department of Health and Human Services, has issued guidance.  First, it

The U.S. Consumer Product Safety Commission (CPSC) recently announced that it will hold a hearing on May 16, 2018, to receive information on potential hazards with Internet of Things (IoT) products.

In its public notice, the CPSC explained that the “purpose of the public hearing . . . is to provide interested stakeholders a venue to discuss potential safety hazards created by a consumer product’s connection to IoT or other network-connected devices; the types of hazards (e.g., electrical, thermal, mechanical, chemical) related to the intended, unintended, or foreseeable misuse of consumer products because of an IoT connection; current standards development; industry best practices; and the proper role of the CPSC in addressing potential safety hazards with IoT-related products.” The notice also clarifies that the hearing “will not address personal data security or privacy implications of IoT devices.”

So why does this matter? 

Continue Reading  Data Security Litigation: CPSC to Hold Hearing on The Internet of Things and Consumer Product Hazards

On February 28th, the Federal Trade Commission (FTC) released a report that offers several recommendations on ways to improve the security of mobile devices. In a press release accompanying the report, Tom Pahl, the Acting Director of the FTC’s Bureau of Consumer Protection, stated that “more needs to be done to make it easier for consumers to ensure their devices are secure.” The FTC’s recommendations center around the ongoing need to patch vulnerabilities. However, the complexity of the mobile ecosystem and the many stakeholders, including mobile device manufacturers and operating system software providers, can delay security updates from reaching the mobile devices in consumer hands.
Continue Reading  FTC Releases “Best Practices” to Improve Mobile Device Security