Insights on Privacy, Data Protection & Data Security

In a recent European Court of Justice Ruling, the court held that a test taker’s answers and an examiner’s comments with regard to those answers are personal data, while valuable proprietary test questions are not.

While the development and use of innovative technology for students is currently exploding in the education sector, so are the laws governing it. Education technology, commonly referred to as “Ed Tech,” is well established in most schools and continues to grow.

Take out the microphone and get ready to record! Just don’t ask any personal questions and make sure that you’re prepared to then dump it all. This sums up the guidance provided by the Federal Trade Commission in a recently released Enforcement Policy.

Last month, the SEC announced the creation of a new “Cyber Unit” within the Enforcement Division to target misconduct related to cybersecurity. The unit is being created in conjunction with internal SEC initiatives to strengthen cybersecurity in the wake of the agency’s infamous data breach last yea

Online arbitration provision for a web-based application is enforceable, reversing a lower court decision and essentially blocking a proposed class action.

The latest question in privacy law is not what’s in a name (or IP address, PHI, TV viewing activity, etc.), but what’s on a face. Consumers are becoming increasingly concerned with how companies are using their biometric information such as facial, fingerprint, and iris information.

On August 30, 2017, the Eighth Circuit Court of Appeals became the latest circuit court to hold that the threat of future harm is insufficient to satisfy the injury-in-fact requirement for Article III standing.

We are pleased to provide you with the new, 2017 version of the Arent Fox Survey of Data Breach Notification Statutes. This version updates the Survey that we created and circulated last year, including new statutes and amendments that have been enacted since August of 2016.

The FTC recently announced their first enforcement actions involving the EU-US Privacy Shield framework, settling complaints with three US companies.

Calling all #influencers: that promotional post may attract more attention than you bargained for with your brand if you fail to use required disclosures.

Thinking about updating your privacy policy? Consider how to get consumer buy-in as part of the process.

Instagram is rolling out a new tool that will make it easier to tag and track paid commercial content.

Since 2012, Barnes & Noble has been fighting claims arising from a data breach that affected its credit card pin pad machines. Now, the Barnes & Noble “Pin Pad” litigation is finally over.

Major regulatory changes in data governance recently went into effect in Japan and China that are likely to impact organizations doing business in these Asian markets.

Ransomware is old news, as we had previously written here. Its latest iteration, the currently circulating WannaCry ransomware, is no laughing matter.

Earlier today, numerous hospitals operated by Britain’s National Health Service suffered a ransomware event in which hospital computer systems were encrypted, phone lines became inoperable, patients were diverted, and a Bitcoin ransom was demanded.

On Monday, the US Department of Health & Human Services’ Office for Civil Rights announced that CardioNet has entered into a $2.5 million HIPAA settlement.

On April 5, New York attorneys James Westerlind and Andrew Dykens were interviewed by Health Law Daily.

The Confidentiality of Medical Information Act, permits hospitals and other health care providers to disclose medical information without the patient’s consent for the purposes of reviewing the competence or qualifications of health care professionals or health care services.

A recent string of advertising and privacy crackdowns on mobile health apps should have developers on high alert as regulators are scrutinizing advertising statements and privacy policies.

A recent decision from the Fourth Circuit Court of Appeals in Beck v. McDonald, 848 F.3d 262 (4th Cir. 2017), adds to the list of circuit courts of appeal that have held that that the mere threat of future harm resulting from a data breach, without more, is insufficient to satisfy the injury-in-fact

The Federal Trade Commission is asking “who’s watching who?” in a recent settlement with Vizio over the consumer electronics brand’s smart TVs.

In December 2016, the EU’s Article 29 Working Party a number of GDPR guidance documents, including explanations for the mandatory DPO role, new individual right to data portability, and how to identify a “lead authority” for the GDPR’s one-stop shop enforcement mechanism.