Perspectives on Privacy, Data Protection & Data Security

Ransomware is old news, as we had previously written here. Its latest iteration, the currently circulating WannaCry ransomware, is no laughing matter.

Earlier today, numerous hospitals operated by Britain’s National Health Service suffered a ransomware event in which hospital computer systems were encrypted, phone lines became inoperable, patients were diverted, and a Bitcoin ransom was demanded.

On Monday, the US Department of Health & Human Services’ Office for Civil Rights announced that CardioNet has entered into a $2.5 million HIPAA settlement.

On April 5, New York attorneys James Westerlind and Andrew Dykens were interviewed by Health Law Daily.

The Confidentiality of Medical Information Act, permits hospitals and other health care providers to disclose medical information without the patient’s consent for the purposes of reviewing the competence or qualifications of health care professionals or health care services.

A recent string of advertising and privacy crackdowns on mobile health apps should have developers on high alert as regulators are scrutinizing advertising statements and privacy policies.

A recent decision from the Fourth Circuit Court of Appeals in Beck v. McDonald, 848 F.3d 262 (4th Cir. 2017), adds to the list of circuit courts of appeal that have held that that the mere threat of future harm resulting from a data breach, without more, is insufficient to satisfy the injury-in-fact

The Federal Trade Commission is asking “who’s watching who?” in a recent settlement with Vizio over the consumer electronics brand’s smart TVs.

In December 2016, the EU’s Article 29 Working Party a number of GDPR guidance documents, including explanations for the mandatory DPO role, new individual right to data portability, and how to identify a “lead authority” for the GDPR’s one-stop shop enforcement mechanism.

The DPO Guidelines cover the designation of the DPO, the position of the DPO, and the DPO’s role/tasks. The GDPR requires the designation of a DPO in three cases.

The Forum focused on the consumer implications of artificial intelligence (AI) and blockchain, two rapidly developing technologies.

Phishing scams are arising at a fast and furious pace in the first quarter of 2017, with the IRS recently issuing a warning that these attacks are now targeting non-profits and school districts.

New York attorneys Bill Tanenbaum and Randall Stempler published an article in Healthcare Business & Technology that explores how millennials view healthcare IT and more specifically, their concerns with the fragmented nature of medical online systems, and data security.

The CRFA (2016) voids a contract if it prohibits or restricts an individual from reviewing a seller’s goods, services, or conduct.

An Austrian hotel was a recent victim of a “ransomware” computer attack that disabled its electronic room key system and locked up its own computers. This demonstrates that hotel owners and managers should be sure IT agreements adequately address the risks of cyberattacks.

An Executive Order from President Trump’s first days in office raised questions about its impact on the hard-won Privacy Shield, which allows about 1,700 companies to legally transfer data between the EEA and Switzerland and the US.

Merchants and retailers will soon become subject to the updated Payment Card Information Data Security Standard.

This is HHS’ first enforcement action against a covered entity that reported a breach, but did not do so timely.

The Federal Trade Commission (FTC) recently issued guidance for both businesses and consumers on defending against ransomware, both of which are based on lessons learned from the FTC’s recent ransomware workshop, with panelists that included security researchers, technologists, law enforcers, and bu

New York counsel Eric Biderman and James Westerlind were recently asked by the American Express Open Forum to provide their insights into the growing sophistication of cyberattacks.