In March 2018, the Consumer Product Safety Commission (CPSC) issued a Notice of Public Hearing and Request for Written comments on The Internet of Things on Consumer Product Hazards. The CPSC expressed interest regarding existing safety standards on existing IoT devices, how to prevent hazards, and the role of government in the effort to promote IoT safety.
Category: Privacy
$4 Million Judgment Awarded to Office for Civil Rights for HIPAA Violation
A U.S. Department of Health and Human Services (HHS) Administrative Law Judge (ALJ) has ruled that the University of Texas MD Anderson Cancer Center violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in its failure to encrypt its electronic devices and ordered MD Anderson to pay $4,348,000 in civil monetary penalties to the Office for Civil Rights (OCR). This is the second summary judgment ordered in favor of the OCR in its history, and the fourth largest amount recovered by OCR for HIPAA violations.
Continue reading “$4 Million Judgment Awarded to Office for Civil Rights for HIPAA Violation”
Stay In Touch! Email Marketing After the GDPR
Part I: Untangling the GDPR and the e-Privacy Directive
This is the first post in a four part series on GDPR and email marketing.
Your email in-box has probably finally recovered from the wave of GDPR opt-in requests and notices that peaked around May 25th. But, if you’ve followed the privacy press or the statements from EU regulators, you’re probably left wondering what it was all for. Many statements made in news stories (both in the U.S. and the EU) and by commentators have claimed that the GDPR means no one can send marketing emails any more without your permission. But, other stories suggest that the opt-in emails and privacy notices were unnecessary or, even, inappropriate. Who’s right? And what email marketing is allowed now?
Continue reading “Stay In Touch! Email Marketing After the GDPR”
Vermont First State to Pass Data Broker Law
Vermont lawmakers recently passed a first-of-its-kind data broker law, which protects consumers from credit freeze fees, data fraud and clarifies data security requirements.
Continue reading “Vermont First State to Pass Data Broker Law”
Massive Data Breach Exposes 500,000 Patients’ Medical Records
LifeBridge Health in Maryland is the most recent health system to have its patient records impermissibly accessed through a malware cyberattack. Indication of an attack was first detected in March 2018, upon which the hospital hired a national forensic firm to investigate the attack and determined that an unauthorized person had accessed LifeBridge’s server in September 2016.
Continue reading “Massive Data Breach Exposes 500,000 Patients’ Medical Records”
FTC Warns Two Foreign-Based App Developers of Possible COPPA Violations
The FTC staff recently sent two warning letters to Gator Group Co., Ltd., and Tinitell, Inc., which marketed mobile apps directed to children and appear to be violating the Children’s Online Privacy Protection Act (COPPA). The FTC warning letters were also sent to the Apple App Store and Google Play Store, which make the apps available to consumers.
Continue reading “FTC Warns Two Foreign-Based App Developers of Possible COPPA Violations”