For years now, business organizations have had a ready and reliable defense to the customer class-action lawsuits that inevitably follow whenever a new data breach is announced: You can’t sue us because any damage from the breach is purely speculative unless the names, addresses, credit card numbers, etc., that were stolen in the attack have actually been misused for fraudulent purchases or identity theft. No harm (yet), no foul.
Last Friday, Federal Communications Commission (FCC) Chairman Ajit Pai announced his intent to block a controversial new privacy rule that was adopted under the Obama administration and intended to protect consumer information from disclosure by broadband Internet providers.
On January 9, 2017, the U.S. Department of Health and Human Services (“HHS”) announced its first enforcement action under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) involving delayed data breach reporting. HHS settled alleged violations of the HIPAA breach notification rule committed by Presence Health, one of the largest health care networks in Illinois. The settlement agreement called for Presence Health to pay $475,000 and to adopt a corrective action plan. This settlement underscores the importance of understanding your organization’s HIPAA policies and procedures, and raises several practical considerations going forward.
Recent guidance issued by the Department of Health and Human Services (“HHS”) clarifies the extent to which cloud service providers are subject to the privacy, security, and breach notification rules under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
On May 11, 2016, President Obama signed into law the Defend Trade Secrets Act of 2016 (DTSA). Among other things, the DTSA provides immunity to individuals who disclose trade secrets in the course of a whistleblower retaliation lawsuit, provided the trade secrets are filed under seal, or who disclose trade secrets to the government and/or an attorney solely for the purpose of reporting or investigating a suspected violation of the law.