On September 15, 2021, the Federal Trade Commission issued a Policy Statement to clarify the scope of the FTC’s Health Breach Notification Rule as it relates to health apps and connected devices.
Privacy & Data Security
T-Mobile Named as a Defendant in Nearly 30 Data Privacy Litigations in Wake of Massive Cyberattack: Where Are We Now a Month In?
Last month, T-Mobile disclosed that it had been targeted in a cyberattack that resulted in the compromise of some current, former and prospective customers’ SSN, name, address, date of birth and driver’s license/ID information. According to T-Mobile, “the breach did…
International Data Protection Update – Summer 2021
This update highlights some of the international data protection issues that caught our attention, and the attention of our clients, over the summer.
Asia-Pacific
China’s Data Security Law and Personal Information Protection Law – This summer, the People’s Republic of…
Already Recognized as “Adequate,” Uruguay Issues Updated Guidance on Cross Border Data Transfers
The DPA of Uruguay, one of the only countries recognized as “adequate” destinations for cross border data transfers from the European Union – has issued updated guidance on the content of cross border data transfer agreements in the wake of…
NYDFS FAQ Provides Clarity on Breach Notification and Security Requirements
The New York Department of Financial Service recently clarified security incident notification requirements and the use of multi-factor authentication. On its FAQ page, the NYDFS added two new questions and answers for financial services companies subject to 23 NYCRR Part…
HIPAA or Not, Health Apps Must Provide Breach Notification
The Federal Trade Commission seems to be getting serious about unauthorized disclosures of data collected by health apps. In a Policy Statement issued on September 15, 2021, the FTC says it will enforce its Health Breach Notification Rule, 16 C.F.R.…
FTC Warns Digital Health Industry to Comply with its Breach Notification Rule
The use of apps, wearables, and other devices used to track health and wellness data have continued to rise. The FTC again signaled its focus on this growing industry in a statement on the scope of the Health Breach Notification…
Illinois Panel Issues Important Ruling on BIPA Statute of Limitations
On September 17, 2021, a three-judge panel of the Illinois Appellate Court for the First Judicial District issued a long-awaited decision regarding the statute of limitations for claims under the state’s Biometric Information Privacy Act (“BIPA”) in Tims v. Black…
Out with the Old and In with The New: European Commission’s New Standard Contractual Clauses Grace Period is Ending
It is the end of an era: September 27, 2021, officially marks the termination date for the Standard Contractual Clauses (SCCs) grace period set forth by the European Commission (“Commission”). In June 2021, the Commission published two new sets of…
Consultation on the Future Regulation of Medical Devices in the UK, including Work Programme for Software and AI Medical Devices
The Medicines & Healthcare products Regulatory Agency (“MHRA”) has published a “Consultation on the future regulation of medical devices in the United Kingdom” (the “Consultation”), which will run until 25 November 2021. The consultation sets out proposed changes…