Archives: Enforcement & Litigation

Subscribe to Enforcement & Litigation RSS Feed

ReadyTech Settles With FTC Over Claims of Participation in Privacy Shield

Although the U.S. – E.U. Privacy Shield Framework has been intensely criticized by E.U. authorities, the Federal Trade Commission (FTC) continues to enforce violations of it by U.S. companies. On July 2, 2018, the FTC issued a press release stating that it has settled its complaint against ReadyTech, a California-based online training company for “falsely” … Continue Reading

ReadyTech Settles With FTC Over Claims of Participation in Privacy Shield

Although the U.S.-E.U. Privacy Shield Framework has been intensely criticized by E.U. Authorities, the Federal Trade Commission (FTC) continues to enforce violations of it by U.S. companies. On July 2, 2018, the FTC issued a press release that it has settled its complaint against ReadyTech, a California online training company for “falsely” claiming that it … Continue Reading

Second Circuit Upholds Conviction Under the CFAA, Rejecting Argument That the Law Is Unconstitutional

In a recent decision, the federal Court of Appeals for the Second Circuit (which covers New York, Connecticut,  and Vermont) affirmed the conviction of an Italian citizen for misdemeanor computer intrusion in violation of the Computer Fraud and Abuse Act of 1986 (CFAA). The decision is noteworthy in that, among other things, the Second Circuit … Continue Reading

Supreme Judicial Court Rules Robocalls are Harassment

The Massachusetts Supreme Judicial Court (SJC) ruled this week in favor of a consumer who sued Target, alleging that it harassed her with robocalls. The plaintiff applied for a Target credit card, and subsequently got behind in payments. Starting in January 2015, Target contacted the debtor in an attempt to collect the debt. According to … Continue Reading

Credit Reporting Agencies Now Must Register with NY DFS and Comply with Cybersecurity Regulations

The New York Department of Financial Services (DFS) issued new regulations requiring every consumer credit reporting agency that “assembles, evaluates, or maintains a consumer credit report on any consumers located in New York State register with the Superintendent of the Department of Financial Services.” As a result of credit reporting agencies’ new status of having … Continue Reading

OCR Prevails with ALJ Against MD Anderson for $4.3 Million in HIPAA Fines and Penalties

It is a rare occurrence when a health care entity challenges the Office for Civil Rights (OCR) regarding proposed fines and penalties for HIPAA violations. In my memory, it has only happened once before. On June 1, 2018, an Administrative Law Judge (ALJ) granted summary judgment in favor of the OCR against The University of … Continue Reading

Lincare Settles Class Action Data Breach Case with Employees

Lincare Holdings Inc. (Lincare), recently entered into a mediated settlement with its employees regarding a data breach that took place on February 3, 2017. On that date, a cyber-criminal posing as a high-level Lincare executive emailed a human resources employee requesting W-2 data for some of its employees. The human resources employee emailed the information … Continue Reading

DOJ Announces Criminal Conviction of Physician for HIPAA Violation

On April 30, 2018, a Massachusetts physician was convicted of a criminal violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as well as one count of obstruction of a criminal health care investigation, in a Massachusetts federal court. The convictions relate to the purported sharing of confidential patient information by the … Continue Reading

EU-US Transatlantic Data Flows Subject to Further Legal Challenge

Last week, the High Court of Ireland submitted eleven questions to the Court of Justice for the European Union (CJEU) to consider about the personal data transfer regime between the European Union (EU) and the United States. This referral stems from a new claim by Max Schrems, an Austrian lawyer and privacy activist. Schrems previously … Continue Reading

Congress Enacts CLOUD Act within Omnibus Spending Bill to Address Overseas Storage of Electronic Data, Potentially Mooting Supreme Court’s Pending Microsoft Case

On March 23, 2018, the President signed into law the Consolidated Appropriations Act of 2018 (H.R. 1625), an omnibus spending bill that includes the Clarifying Lawful Overseas Use of Data Act (the CLOUD Act). Among other provisions, the CLOUD Act amends the Stored Communications Act of 1986 (18 U.S.C. §§ 2701-2712, hereinafter the SCA) by … Continue Reading

Recent Supreme Judicial Court Decisions Highlight How Courts Must Embrace Technological Change

Courts are often faced with the dilemma of applying centuries, or even decades, old law to constantly evolving technological advancements.  See, e.g., Transcript of Oral Argument, United States v. Microsoft, No. 17-2 (U.S. Feb. 27, 2018) (attempting to ascertain the relationship between the Stored Communications Act, a 1986 law, and modern cloud computing and storage … Continue Reading

Facebook Can’t Shake Illinois Biometric Proposed Class Action Case

We have previously reported on Facebook’s fight against a proposed class action case alleging violation of the Illinois Biometric Information Privacy Act (BIPA). Facebook continues to fight the allegation that its collection and storage of users’ and non-users’ facial scans through the use of facial recognition technology violates BIPA, and has filed a Motion to … Continue Reading

TOPS Software Company Hit with TCPA Class Action

Last week, TOPS Software LLC (TOPS), a software company that specializes in condominium and homeowners association communication platforms, was served with a class action in Illinois federal court which alleges that TOPS violated the Telephone Consumer Protection Act (TCPA) by using auto dialer technology to solicit consumers to attend the “CAMfire conference.” The CAMfire Conference … Continue Reading

Dumpster Diving Leads to $100,000 Fine for Defunct Business Associate Due to Improper Disposal of Medical Records

On February 13, 2018, the HHS Office for Civil Rights (OCR) announced a $100,000 settlement with a court-appointed receiver representing Filefax, Inc. (Filefax) arising from the 2015 discovery of medical records that contained protected health information (PHI) of over two thousand individuals in a dumpster. Filefax, a now-defunct medical records moving and storage company located … Continue Reading

Ciox Health, LLC Initiates Lawsuit against the Department of Health and Human Services Over Medical Records Request Fees under HIPAA and HITECH

On January 8, 2018, Ciox Health, LLC (Ciox) filed a complaint against the Department of Health and Human Services (HHS) and then-acting Secretary Eric D. Hargan, alleging that the Department’s rules and guidance, under HIPAA and HITECH, “impose[] tremendous financial and regulatory burdens on health care providers and threatens to upend the medical-records industry that … Continue Reading

United States Supreme Court Considers Whether to Weigh in on Circuit Split in Data Breach Actions

In October 2017, healthcare insurer, CareFirst, petitioned the United States Supreme Court, requesting the Court to clarify the constitutional standing requirement for plaintiffs seeking to bring claims regarding their exposure during corporate data breaches. In order to invoke federal court jurisdiction, a plaintiff must plead an actual or imminent injury. The Supreme Court has held … Continue Reading

New Class Action Against FAA

The Federal Aviation Administration (FAA) was served with an 836,796-person lawsuit last week alleging wrongful collection of personal data and money under unmanned aerial system (UAS or drone) regulations. This lawsuit, Robert Taylor v. FAA, is the second class action filed against the FAA—the first, filed in 2015 by Robert Taylor’s brother, John, alleged that … Continue Reading

Connecticut Supreme Court Recognizes Common-Law Cause of Action for Unauthorized Disclosure of Confidential Medical Information

In a long-awaited decision concerning the confidentiality of medical records and patient privacy, the Connecticut Supreme Court recently concluded that the physician-patient relationship establishes a duty of confidentiality to a patient in Connecticut, and that unauthorized disclosure of confidential information obtained for the purpose of treatment in the course of that relationship gives rise to … Continue Reading

Protect Yourself From Year-End Charitable Giving Scams

December is traditionally a busy month for charitable giving, as many donors are inspired by the holiday season to give generously to those in need, while others look to make year-end gifts that will qualify for a tax deduction in the current tax year. Unfortunately, because of the increase in charitable giving, there is often … Continue Reading

Compliance With New York’s Cybersecurity Regulation 23 NYCRR Part 500

On March 1, 2017, New York’s Cybersecurity Regulation (23 NYCRR Part 500)[1] became effective.  The regulation is the first of its kind in the nation and requires certain companies, including banks, insurance companies and other financial services institutions regulated by the Department of Financial Services (“Covered Entities”), to have: a cybersecurity program designed to protect … Continue Reading
LexBlog