Google has confirmed that it is working with Ascension, one of the nation’s largest health systems in a project that will involve the health data of millions of Americans. Google and Ascension have partnered in a project to store and…
Yearly Archives: 2019
Google Partners with Ascension To Store and Analyze Millions of Patient Health Records
Posted in Data Security
New York AG Files Lawsuit Against Dunkin’ Donuts For Attacks On Customer Accounts
On September 26, 2019, New York Attorney General Letitia James filed a lawsuit against Dunkin’ Brands, Inc., the franchisor of Dunkin’ Donuts (“Dunkin’”). The lawsuit involves security issues surrounding Dunkin’s stored value cards, which customers can use to purchase Dunkin’…
Posted in Data Breach, Data Security
Privacy Primer: Family Educational Rights and Privacy Act (FERPA)
FERPA is a U.S. law, passed in 1974, that protects the privacy of student educational records. FERPA applies to all schools, from elementary schools to postsecondary education institutions, that receive federal funds under a program of the U.S. Department of…
Ninth Circuit Finds Article III Standing For Procedural Violation Of Biometric Privacy Law
The Ninth Circuit Court of Appeals has written the latest chapter of the ongoing saga of Article III standing for violations of the Illinois Biometric Information Privacy Act (“BIPA”). BIPA requires, among other things, that before collecting a person’s biometric…
Year To Date Changes To State Data Breach Notification Laws
With so much attention being paid to the impending California Consumer Privacy Act, it can be easy to forget that other states have privacy and data security laws too. And those laws change routinely, with potentially significant impacts on businesses. …
Privacy Primer: Gramm-Leach-Bliley Act (GLBA)
GLBA, sometimes called the Financial Services Modernization Act of 1999, is a U.S. banking law that has important privacy and data security requirements for institutions that are subject to the law. The law applies to “any institution the business of…
Case Update: Wakefield v. ViSalus, Inc.
A couple of months ago, I wrote about how a jury found multilevel marketing company ViSalus, Inc. responsible for making over 1.8 million robocalls in violation of the Telephone Consumer Protection Act. Given the TCPA’s minimum statutory damages of $500…
Posted in TCPA
Senate Bill Seeks to Protect Health Information Gathered from Wearable Devices
I wear a fitness tracker. I rarely take it off. Throughout the course of the day, it collects a bevy of information about me: my heart rate, my exercise habits, the length and quality of my sleep. When aggregated and…
Pennsylvania County Faces Up To $67 Million In Damages For Distribution Of Criminal Record Information
A suburban Philadelphia county is facing a judgment of up to $67 million after a Pennsylvania federal jury found that it violated the Pennsylvania Criminal History Record Information Act. Pennsylvania’s Criminal History Record Information Act (“CHRIA”) governs the dissemination of…
Posted in Privacy
The Value Of Quickly Disclosing A Data Breach
One of the first questions a company must answer after it discovers and remediates a data breach is, “What do we tell our customers?” Companies may delay publicly announcing a data breach out of fear that doing so will harm…
Posted in Data Breach
