The Federal Trade Commission scored a major win today in its efforts to regulate cybersecurity when the Third Circuit affirmed that the agency can exercise its unfair practices jurisdiction to sue companies that do not take reasonable data security measures.
The FTC sued Wyndham Worldwide Corp. in district court after hackers obtained over 600,000 consumers’ credit card information from the hotel group’s systems in 2008 and 2009, resulting in over $10 million in fraudulent charges. Unlike virtually all other FTC cybersecurity cases, Wyndham opted to challenge the FTC’s authority rather than settling.
August 25, 2015 No Comments
U.S. Senator Chuck Schumer (D. N.Y.) has introduced a bill that would criminalize the act of knowingly initiating a commercial robocall without the prior express written consent of the recipient.
The bill, S. 1681, defines a “commercial robocall” as a telephone call made for the purpose soliciting a purchase, rental, enrollment or investment in goods or services using an “automatic telephone dialing system” or an artificial or prerecorded voice.
August 14, 2015 No Comments
Tens of millions of people around the world follow Kim Kardashian’s every move on social media. So apparently does the FDA’s Office of Prescription Drug Promotion. Last week, the FDA issued a Warning Letter to Canadian drug manufacturer Duchesnay concerning Kardashian’s social media posts promoting the morning sickness drug Diclegis. The FDA warned that the posts unlawfully misbranded Diclegis under the Federal Food, Drug, and Cosmetic Act. [Read more →]
August 13, 2015 No Comments
Troutman Sanders LLP, in conjunction with the New York State Bar Association’s (“NYSBA”) International Section, hosted a Cybersecurity Symposium last week at the firm’s New York City office.
The Symposium was attended by a large and diverse audience consisting of lawyers, compliance officers, government officials, and founders, from the finance, real estate, insurance, start-up, and medical technical spaces.
Troutman Sanders attorneys involved included Aurora Cassirer, Erin Whaley, and Christina Bost Seaton, who collectively have experience in privacy compliance, employee privacy, class action litigation, corporate governance, and healthcare privacy.
Kevin Chalker, a former CIA operative, Clandestine Services, who is the Founder and CEO of Global Risk Advisors, a premier strategic consulting firm focused on security strategy and innovative technical solutions, which counts some or the United States’ largest and most prominent businesses as its clients, discussed the many surprising ways in which technology can lead to security vulnerabilities, and some strategies for preventing and remediating a cybersecurity incident.
July 31, 2015 2 Comments
Organized crime and other criminal enterprises consider cyber-intrusions to be a “low-risk, high-reward proposition” that pose a serious threat to every business that is connected to the internet or uses electronic systems. The U.S. Department of Justice (DOJ) has joined the growing list of federal agencies to weigh in on cyber-security “best practices.” On the heels of The Federal Trade Commission and the HHS Office of Civil Rights and Office of the National Coordinator, DOJ just released its own guidance on steps to take before a cyber-intrusion or data breach occurs, as well as a template response for cyber-intrusions and attacks. Following an accepted protocol of “Preparedness, Response and Recovery” the Guidance identifies steps a business should take before, during and after cyber-intrusions to minimize risk and defuse the impact of breaches when they do occur. [Read more →]
May 7, 2015 No Comments
Supreme Court Grants Certiorari In Spokeo Case – Set To Address Article III Standing In Cases With No Concrete Harm
On April 27, 2015, the United States Supreme Court granted certiorari in Spokeo Inc. v. Robins, a case which could have wide-ranging implications for lawsuits, including class actions, against businesses under a number of consumer protection statutes.
In a case that the Supreme Court will hear and decide in its next term, the Court will address the question of whether Congress may confer Article III standing on a plaintiff who suffers no concrete harm, by simply authorizing a private right of action based on the violation of a federal statute alone. If the Court reverses the lower court’s decision, it could mean the death-knell of “no harm” class action lawsuits that have proliferated under statutes that allow for statutory damages without proof of actual harm. [Read more →]
April 28, 2015 No Comments
Lately there’s been a flurry of activity related to health IT in the 114th Congress. At the end of March, the House passed the SGR bill, or “Doc Fix,” by an overwhelming vote of 392-37. If there are no hang-ups, the Senate is expected to pass it Tuesday night.
The SGR bill repeals the old formula to pay doctors and creates a new formula for a value-based Medicare payment system. The bill also includes a few key HIT measures: it requires HHS to create metrics to determine if EHRs are interoperable by July 2016, it defines interoperability as the ability of two health systems to exchange clinical data, and it includes language requiring providers to show they are not blocking information – just to name a few provisions. [Read more →]
April 15, 2015 No Comments
The Office of the National Coordinator for Health Information Technology (ONC) has just issued a new Guide to Privacy and Security of Electronic Health Information to help everyone that deals with electronic health information better incorporate federal health information privacy and security requirements into their organization.
The Guide is broadly applicable to anyone that is a HIPAA Covered Entity or Business Associate as well as Medicare Eligible Professionals under the CMS Electronic Health Record (EHR) Incentive Programs (the “Meaningful Use” program).
April 13, 2015 No Comments
On April 8, Bill No. A06866, sponsored by Assemblyman Jeffrey Dinowitz (D-Bronx) was introduced in the New York State Assembly.
The bill would amend the General Business Law to add a new section, 899-BB, that would require persons and businesses that conduct business in New York State and own or license computerized data which includes “private information” of a New York State resident, to “develop, implement and maintain reasonable safeguards to protect the security, confidentiality and integrity” of the information, including data disposal.
April 10, 2015 No Comments
On March 12, 2015, bipartisan members of the powerful House Energy and Commerce Committee, Subcommittee on Commerce, Manufacturing, and Trade announced draft legislation to address increasing concerns about data security vulnerabilities and challenges.
The “Data Security and Breach Notification Act” (the “Act”), authored by Energy and Commerce Committee Vice Chairman Marsha Blackburn (R-TN) and Representative Peter Welch (D-VT), would create a national standard for safeguarding electronic personal information, and mandate notification and reporting of possible breaches, specifically preempting current state laws.
Here are some highlights of the discussion draft: [Read more →]
March 19, 2015 No Comments