The U.S. Department of Justice’s (DOJ) Civil Cyber-Fraud Initiative, announced last October, is designed to leverage existing whistleblower incentives for employees, or other persons with inside knowledge, to identify lapses in federal contractors’ cybersecurity and privacy practices. We gave that issue in-depth treatment here, with particular focus on the U.S. District Court for the Eastern District of California’s opinion in United States ex. rel. Markus v. Aerojet Rocketdyne Holdings, Inc., No. 2:15-cv-02245 WBS AC, 2022 WL 297093 (E.D. Cal. Feb. 1, 2022), denying the defendant’s motions for summary judgment on a majority of the relator’s False Claims Act (FCA) claims.

Continue Reading Recent Settlement Highlights Cybersecurity Whistleblower Risk for Government Contractors

The Federal Communications Commission recently adopted certain final rules, policies, and proposed rules to “stem the tide of foreign-originated illegal robocalls.” The FCC Order targets so-called “gateway providers,” which are U.S.-based intermediate providers that receive calls directly from a foreign provider or its U.S.-based facilities before transmitting the calls downstream. Among other things, the Order

New cybersecurity developments and observations, including those relating to U.S. Department of Labor review of cybersecurity issues, warrant prompt consideration by plan fiduciaries, including those plans covered by HIPAA.

The following update includes recommendations to help ERISA retirement and health and welfare plan sponsors and responsible fiduciaries protect benefit plans and participants against cybersecurity risks

On February 25, 2022, the Utah Senate unanimously (28-0) passed Senate Bill 227, also known as the Utah Consumer Privacy Act (Privacy Act). The 2022 session adjourned on March 4, and Utah Governor Spencer Cox has 20 days from that date to either sign (or not sign) the bill, after which it becomes law, or veto the bill, in which case it does not become a law unless the legislature overrides the governor’s veto. The Privacy Act would become the fourth comprehensive state consumer privacy law in the United States.
Continue Reading Utah Consumer Privacy Act on the Horizon

This past summer, we reported on the July 2021 vote by the Uniform Law Commission (ULC) to approve the Uniform Personal Data Protection Act (UPDPA), a model data privacy bill designed to be promulgated in state legislatures across the United States. Now the District of Columbia becomes the first jurisdiction to have the bill introduced for consideration.
Continue Reading Washington, D.C., Becomes the First Mover on the Uniform Personal Data Protection Act

On October 21, 2021, the FTC released a report making it quite clear: internet service providers (ISPs) are next in line for heightened FTC scrutiny. After analyzing the data collection, sharing, and usage practices of the six largest ISPs and three of their affiliated advertising entities, the FTC concluded that the ISPs “amass large pools of sensitive data, and that their uses of such data could lead to significant harms.” [1]

This report traces its lineage back to August 2019, when the FTC used its powers under Section 6(b) of the FTC Act to issue Orders to File Special Reports to the six largest ISPs that comprised approximately 98.8% of the mobile internet market.
Continue Reading ISPs, the FTC Has You In Their Crosshairs

A forthcoming Harvard Law Review article reviewed 857 cases that cited Carpenter v. United States, the landmark Supreme Court Fourth Amendment case, from its publication in June 2018 to March 2021. The purpose of this study was to evaluate the landscape of post-Carpenter Fourth Amendment law.

The full text of the article can be found here.

Continue Reading Aftermath of Carpenter: An Empirical Study of Fourth Amendment Law, 2018-2021

During its plenary session on September 27, 2021, the European Data Protection Board (EDPB) announced that it has set up a cookie banner taskforce to handle complaints filed with several European Economic Area supervisory authorities by the entity known as None of Your Business (NOYB). As you may know, on May 31, 2021 NOYB sent written warnings to over 500 companies claiming that their cookie banners did not comply with GDPR. When the companies failed to remediate all violations within 30 days, NOYB filed 422 complaints with 10 supervisory authorities.

Continue Reading EDPB Establishes Cookie Banner Taskforce

Guest Author: Jodi Daniels, Founder and CEO of Red Clover Advisors

Data privacy is one of the most complicated and important issues facing modern businesses. With laws varying from state to state, even country to country, and best practices frequently changing, it may be more efficient for companies to outsource their privacy program to an expert who specializes in consumer data privacy.

Fractional privacy officers (FPOs) provide high-level privacy consulting and strategy on a part-time, contract basis. They deliver invaluable assistance in translating and applying the requirements of new and established data privacy legislation to existing business practices and are fully qualified to develop new processes if needed for compliance.

There are four main areas where an FPO’s privacy prowess can be highly beneficial:
Continue Reading Outsource Your Privacy to an Expert

On August 24, 2021, the office of the California Attorney General (AG) Rob Bonta issued a press release notifying the public of healthcare data privacy guidance that AG Bonta sent to stakeholder organizations, including the California Hospital Association, the California Medical Association, and the California Dental Association, that day. According to the press release, the guidance was sent to stakeholders as a bulletin that, in part, reminded the entities of their obligation to notify the California Department of Justice (DOJ) when the health data of more than 500 California residents has been breached.

Continue Reading California AG Issues Press Release Urging “Full Compliance” with State Health Data Privacy Laws