Perspectives on Privacy, Data Protection & Data Security

In a closely watched data collection case, Arent Fox LLP secured a victory for Lacoste when the California Supreme Court declined to clarify whether retailers in the state can ask customers for their personal information.

New York insurer Excellus BlueCross BlueShield became the most recent health care company to announce it was the victim of a sophisticated cyberattack after hackers gained access to the Social Security numbers, mailing addresses, and financial information of as many as 10 million customers.

The US Department of Health and Human Services, Office for Civil Rights announced a new settlement for $750,000 with Cancer Care Group, P.C. to resolve potential violations of the HIPAA Privacy and Security Rules identified as the result of the theft of a laptop and backup media.

On September 2-3, 2015, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) hosted the 8th Annual Safeguarding Health Information: Building Assurance through HIPAA Security conference.

On May 20, 2015 the Bureau of Industry and Security (BIS) within the Department of Commerce (Commerce) published a proposed rule that will affect exports of products dubbed “cybersecurity items.”

On June 10, 2015, the U.S. Department of Health and Human Services, Office for Civil Rights, announced that it had entered into a resolution agreement with St. Elizabeth’s Medical Center, a Massachusetts hospital, to resolve potential HIPAA violations.

Beginning September 1, 2015, many companies that engage in mobile advertising will be subject to a new level of scrutiny by industry watch dogs.

The FBI and United States Justice Department announced a joint investigation into the front-office of the St. Louis Cardinals, one of baseball’s top teams for the last two decades, for allegedly hacking into the internal networks of rival Houston Astros to steal proprietary player information.

There is a split among circuit courts over whether a company faced with a privacy breach is subject to liability where a consumer suffers no discernible harm.

The United States District Court in Nevada issued an Order on June 1, 2015 dismissing the complaint filed by alleged victims of a data security breach suffered by Amazon.com d/b/a Zappos.com (Zappos).

The Federal Trade Commission sent a new warning for companies engaged in geolocation tracking. Specifically, the FTC recently reached a settlement agreement with Nomi Technologies, a company that offers services allowing retailers to track the movements of customers in and around their stores.

A US Bankruptcy Judge recently approved the sale of a package of RadioShack’s intellectual property assets—including consumer data obtained from RadioShack customers—to General Wireless Inc., the hedge fund affiliate that acquired over 1,700 RadioShack stores in February.

The 2015 edition of Legal 500 US has rated 50 Arent Fox LLP attorneys as national leaders in their field. In addition, 15 of the firm’s practice areas were ranked among the best in the country.

A California appeals court recently held that a retailer does not violate California privacy law by collecting and recording birth dates of consumers who buy alcohol with credit cards.

Recently reported data breaches and security gaffes have sent many companies scrambling to secure their data against security breaches and to obtain adequate insurance coverage in the event that such a breach occurs.

A California appeals court recently held in Ambers v. Beverages & More, Inc. that retailers are permitted under state law to request customers’ personal information when goods are purchased online but picked up in person.

On Sunday, The New York Times published a feature story on White Collar & Investigations partner Peter Zeidenberg’s client who was accused of spying for China and illegally downloading data from a government website. 

With the release of the Apple Watch, a number of companies are likely to grapple with an increasingly common problem: how to secure sensitive company data and information in the age of wearables.

Using financial sanction tools previously used for terrorists and rogue criminal states, the White House on April 1, 2015 declared a national emergency and issued a powerful Executive Order enabling the freezing of US-based assets of foreign cyberattackers.

New Jersey Gov. Chris Christie recently signed a bill amending the state’s gift card law to eliminate the consumer data collection requirements.

On March 19, 2015, a Minnesota federal judge granted preliminary approval of Target Corporation’s (Target) proposed $10 million settlement of a class action lawsuit, which arose out of a 2013 data breach that compromised personal information of roughly 110 million of Target’s customers.

Last week, the Footwear Distributers and Retailers of America hosted a briefing on cybersecurity trends in the retail industry.

Recent guidance from Hong Kong’s Privacy Commissioner suggests that Hong Kong may be on the verge of implementing major new restrictions on the cross-border transfer of personal data.

Arent Fox expands Government Relations practice with addition of Senior Government Relations Director Alex Manning. Alex is joining the firm’s Washington, DC office and will advise clients on issues surrounding cybersecurity, privacy, data breaches, tax, trade policy, and immigration.

The Massachusetts Department of Revenue recently issued a draft directive setting out what records must be kept for all vendors, retailers, and contractors using computerized point-of-sale systems.