On August 30, 2017, the Eighth Circuit Court of Appeals became the latest circuit court to hold that the threat of future harm is insufficient to satisfy the injury-in-fact requirement for Article III standing.
We are pleased to provide you with the new, 2017 version of the Arent Fox Survey of Data Breach Notification Statutes. This version updates the Survey that we created and circulated last year, including new statutes and amendments that have been enacted since August of 2016.
Calling all #influencers: that promotional post may attract more attention than you bargained for with your brand if you fail to use required disclosures.
Since 2012, Barnes & Noble has been fighting claims arising from a data breach that affected its credit card pin pad machines. Now, the Barnes & Noble “Pin Pad” litigation is finally over.
Major regulatory changes in data governance recently went into effect in Japan and China that are likely to impact organizations doing business in these Asian markets.
Earlier today, numerous hospitals operated by Britain’s National Health Service suffered a ransomware event in which hospital computer systems were encrypted, phone lines became inoperable, patients were diverted, and a Bitcoin ransom was demanded.
On Monday, the US Department of Health & Human Services’ Office for Civil Rights announced that CardioNet has entered into a $2.5 million HIPAA settlement.
The Confidentiality of Medical Information Act, permits hospitals and other health care providers to disclose medical information without the patient’s consent for the purposes of reviewing the competence or qualifications of health care professionals or health care services.
A recent string of advertising and privacy crackdowns on mobile health apps should have developers on high alert as regulators are scrutinizing advertising statements and privacy policies.
A recent decision from the Fourth Circuit Court of Appeals in Beck v. McDonald, 848 F.3d 262 (4th Cir. 2017), adds to the list of circuit courts of appeal that have held that that the mere threat of future harm resulting from a data breach, without more, is insufficient to satisfy the injury-in-fact
In December 2016, the EU’s Article 29 Working Party a number of GDPR guidance documents, including explanations for the mandatory DPO role, new individual right to data portability, and how to identify a “lead authority” for the GDPR’s one-stop shop enforcement mechanism.
The DPO Guidelines cover the designation of the DPO, the position of the DPO, and the DPO’s role/tasks. The GDPR requires the designation of a DPO in three cases.
Phishing scams are arising at a fast and furious pace in the first quarter of 2017, with the IRS recently issuing a warning that these attacks are now targeting non-profits and school districts.
New York attorneys Bill Tanenbaum and Randall Stempler published an article in Healthcare Business & Technology that explores how millennials view healthcare IT and more specifically, their concerns with the fragmented nature of medical online systems, and data security.
An Austrian hotel was a recent victim of a “ransomware” computer attack that disabled its electronic room key system and locked up its own computers. This demonstrates that hotel owners and managers should be sure IT agreements adequately address the risks of cyberattacks.