The Virginia Court of Appeals held this week that Internet users who may have posted fake reviews of companies do not have a right to remain anonymous.
A federal magistrate judge in California recently ruled that Hulu LLC users do not need to demonstrate an actual injury beyond the wrongful disclosure of personally identifiable information to recover damages under the federal Video Privacy Protection Act, a ruling that may ease the road to recovery for other VPPA plaintiffs.
On January 7, 2014, the Department of Health and Human Services (HHS) published a notice of proposed rulemaking to modify the HIPAA Privacy Rule to expressly allow certain disclosures to the National Instant Criminal Background Check System (NICS).
OCR Out of Compliance? OIG Report Concludes OCR Slow to Enforce HIPAA Security Rule and to Comply with Federal Cybersecurity Requirements
According to a report published by the Office of the Inspector General (OIG) on November 21, 2013, the Department of Health & Human Services (HHS) Office for Civil Rights (OCR) is not adequately overseeing and enforcing the HIPAA Security Rule.
As we predicted in our prior blog post reviewing the key children’s privacy developments of the past year, 2014 is turning out to be the year of enforcement of children’s privacy regulations!
Examining the Department of Defense’s New Cybersecurity Rules On Unclassified “controlled Technical Information”
The United States Defense Department has published a final cybersecurity regulation concerning unclassified “controlled technical information.” See 78 Fed. Reg. 69,273 (Nov. 18, 2013) [pdf].
Due to timing and the staggering numbers involved, the Target data breach has generated quite the response—from the media, from consumers and from lawmakers. But the public relations hit Target is taking is only the tip of the iceberg, as the retailer is already seeing the beginning of a crashing wave of litigation. And if early cries are any indication, the breach may spurn legislation as well.
For a number of years, the key issue in data privacy class actions has been whether plaintiffs could allege damages sufficient for standing purposes or to state a claim for relief. Several key decisions addressed the issue in 2013.
New Jersey Federal Court Applies Supreme Court’s Clapper Decision and Dismisses Data Breach Class Action
Relying in part on the recent United States Supreme Court’s ruling in Clapper v. Amnesty International, a federal judge in New Jersey dismissed a putative data breach class action against three healthcare entities and a vendor retained by each the entities.
On December 11, 2013, the Federal Financial Institutions Examination Council (FFIEC) issued final guidance for financial institutions relating to their use of social media (the “Guidance”).