After all of the GDPR compliance assessments, implementation and hullaballoo in the last year or so, many companies chose to certify that they are compliant with the EU-U.S. Privacy Shield framework rather than implementing a full-blown GDPR compliance program.

To attain Privacy Shield certification, companies must submit an application and certify that when consumer data

Covered entities, including employer sponsored health plans, should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights (OCR) following OCR’s recent announcement of a large HIPAA settlement last month on the heels of its release of the preliminary results

The Securities and Exchange Commission (SEC) recently settled its first cybersecurity-related enforcement action against a Missouri based registered investment adviser, R.T. Jones Capital Equities Management, Inc. (Investment Advisor).  The Investment Advisor was censured and fined $75,000 for failing to have acceptable written policies and procedures regarding its customer records and information in place prior to

On August 19, 2015, MeetMe, Inc. (MeetMe), a social networking website and mobile app, agreed to pay $200,000 and to change its privacy policies to settle a lawsuit alleging that MeetMe distributed teenagers’ geolocation and personal information, without consent, to predators, stalkers, and advertisers. The allegations were filed by the city of San Francisco, charging

On August 21, 2015, the 11th Circuit upheld the dismissal of a class action against DCI Biologicals, Inc. (DCI) for its alleged violations of the Telephone Consumer Protection Act (TCPA). DCI is a blood plasma collection center, and a blood plasma donor, Joseph Murphy, alleged that DCI sent him unsolicited text messages using an

Advanced Data Processing, Inc. and Intermedix Corp. were sued in federal court in Florida last week for violating the Health Insurance Portability and Accountability Act (HIPAA) for failing to protect the health information of “potentially millions” of individuals.

Plaintiffs allege that for several months in 2012, an employee of Intermedix viewed health information of patients

U.S. District Judge John A. Houston denied Guess, Inc.’s (Guess) Motion to Dismiss plaintiff, Farideh Haghayeghi’s, class action claims that Guess sent text messages in violation of the Telephone Consumer Protection Act (TCPA). Guess argued that Haghayeghi’s allegations were just “a patchwork recital” of TCPA regulations, and that the complaint had no facts to substantiate