Tag Archives: data privacy

Biometric privacy legislation trends rise nationwide

Several states are following the path of Illinois’ Biometric Information Privacy Act (BIPA), a law that has led to a rise in the volume of class action privacy litigation and underlined the significance of enterprise-level management of biometric data (e.g., fingerprint, voiceprint, and retina, facial, or iris image). Organizations that gather and utilize biometric data … Continue Reading

Join Us: Free CLE Webinar on Privacy Practices in Compliance with the CCPA

Reed Smith presents the latest installment in our Countdown to CCPA Compliance webinar series, “Privacy by Accident”, now available to watch on demand. Whether by accident or by design, many organizations have implemented privacy practices or programs that will help toward compliance with the CCPA. This webinar will discuss these practices and how they can … Continue Reading

Newly introduced bill could provide for additional protections for biological data collected by non-covered entities

Over the past few years, genetic testing services have become a widespread phenomenon. Companies providing these services gather certain biological data from consumers who sign up for their services and then analyze this data to ascertain information about the consumer’s ancestry and/or genetic traits, among other things. These companies, however, are typically considered “non-covered entities” … Continue Reading

OCR Clarifies Direct Liability of Business Associates Under HIPAA

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) released a new fact sheet outlining and clarifying violations of HIPAA (Health Insurance Portability and Accountability Act of 1996) for which a business associate can be held directly liable. Published shortly after the release of new guidance from OCR in the form … Continue Reading

Health Apps and HIPAA – Recent FAQs Highlight Importance of Covered Entities and Business Associates Scrutinizing their Relationships with App Developers

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) released a new set of HIPAA FAQs addressing the applicability of HIPAA to certain health apps and the covered entities and business associates that interact with them. These FAQs build upon prior guidance from OCR that outlined the framework for evaluating whether a … Continue Reading

FDA Consumer Update: The 3Rs of 3D Printing – FDA’s Role

On December 21, 2016, the U.S. Food and Drug Administration (“FDA”) posted a Consumer Update and accompanying video on the “The 3Rs of 3D Printing: FDA’s Role,”  which reconfirms its position on the importance of 3D printed medical devices.  The FDA sums up its role in this “innovative space” as regulate, research, and resource (i.e., … Continue Reading

Reed Smith Launches Second Edition of 3D Printing White Paper

Following up the success of its first, medical device-focused 3D printing white paper, 3D Printing of Medical Devices:  When a Novel Technology Meets Traditional Legal Principles, Reed Smith’s 3D Printing Task Force has now launched a second edition of its 3D printing publication white paper addressing 3D printed products more broadly:  3D Printing of Manufactured Goods: … Continue Reading

Boosts in Ransomware Attacks Spark Multiple Government Agency Responses

Following a recent U.S. government interagency report indicating that, on average, there has been an alarming 300 percent spike in daily ransomware attacks since early 2016 as compared with 2015, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) released new Health Insurance Portability and Accountability Act (“HIPAA”) guidance on … Continue Reading

What Brexit Means for Data Protection

For global pharmaceutical and medical device companies handling personal data in the European Union (EU) or engaged in transatlantic data transfers, some of the many questions created by the Brexit vote include what its impact will be on the United Kingdom’s (UK) data protection laws. These questions also arise in the context of the EU’s … Continue Reading

Mobile App Compliance for Dummies: New Tool Helps Developers Understand Their Legal Compliance Requirements

In a joint effort by the Federal Trade Commission (FTC), Office for Civil Rights (OCR), HHS Office of National Coordinator for Health Information Technology (ONC), and Food and Drug Administration (FDA), a new web-based tool has been released that is designed to help developers of mobile health apps understand the multitude of federal laws and … Continue Reading

Privacy Shield Details Have Been Revealed: Here’s What Companies Need to Know

The European Commission has published its draft adequacy decision on the EU-U.S. Privacy Shield, the proposed data transfer framework that would replace the defunct Safe Harbor program. The draft adequacy decision formally supports the view that the proposed EU-U.S. Privacy Shield will ensure an adequate level of protection for the transfer of personal data from … Continue Reading

Obama Signs Judicial Redress Act (JRA) – Another Step on the Way to Securing EU-U.S. Data Flows

President Obama signed the U.S. Judicial Redress Act (JRA) into law on 24 February 2016, giving European citizens the same right as U.S. citizens to bring actions against the U.S. government if their personal data are misused. While the JRA is not a formal prerequisite to finalizing the EU-U.S. Privacy Shield transatlantic data-sharing framework, it’s … Continue Reading

What the “EU-U.S. Privacy Shield,” the New Safe Harbor, Means for Your Business

European Union and United States authorities have announced the “EU-U.S. Privacy Shield,” a new transatlantic data transfer framework to replace Safe Harbor, which was invalidated by the European Court of Justice in October in Maximillian Schrems v. Data Protection Commissioner (C-362-14). Since this issue has clear implications for our pharmaceutical and medical device clients, we’ve … Continue Reading

Current State of “Safe Harbor 2.0” And Steps Your Business May Need to Take

Last year, the European Court of Justice issued a judgment invalidating the safe harbor framework for US-EU data sharing, creating uncertainty and a number of questions about what is, and is not, permissible when sharing data involving personal information across borders. The Safe Harbor decision has clear implications for our pharmaceutical and medical device clients, … Continue Reading

Russia to Increase Data Audits in 2016 With Data Localization Law & More News on The EU’s Safe Harbor Ruling

Russia announced its plan to increase data localization audits in 2016 pledging to conduct around 1,000 data localization compliance audits and 2,000 monitoring procedures, under Russia’s data protection authority, the Roskomnadzor. This stems from Russia’s data localization law which came into effect September 1, 2015, requiring that all companies that collect or process personal data … Continue Reading

U.S.-EU Safe Harbor Framework for Data Sharing

Exactly one month after the Court of Justice of the European Union (CJEU) released its judgment in Maximillian Schrems v Data Protection Commissioner (C-362-14), the European Union released a Communication discussing the implications of their decision on data sharing involving personal information. This topic is no stranger to the blog, as we’ve posted about it … Continue Reading

Synopsis of Safe Harbor Guidance Issued by European Union Data Protection Authorities

Data privacy issues in the European Union seem to be a reoccurring theme here on the blog, following Court of Justice of the European Union’s judgment in Maximillian Schrems v Data Protection Commissioner (C-362-14)  on October 6. We’ve posted about it here and also had a recent Reed Smith Client Alert here. Last week, European … Continue Reading

Upcoming Reed Smith Webinar on Cross-Border E-Discovery & New Ruling Regarding the US-EU Safe Harbor Framework

The Reed Smith Life Sciences Health Industry (LSHI) Group will be hosting an upcoming webinar “Cross-Border E-Discovery & New Ruling Regarding the US-EU Safe Harbor Framework” on November 24, 2015 from 9:00 a.m. PT, 12:00 p.m. ET, 5:00 p.m. GMT until 10:00 a.m. 1:00 p.m. ET, 6:00 p.m. GMT. Reed Smith presenters including London based … Continue Reading

FAQs Regarding the Safe Harbor Ruling

As you know, data privacy issues in the European Union are still fresh in the news, given the recent changes outlined in the Safe Harbor decision; we’ve written about it here, here and here. A recent Reed Smith Client Alert outlines frequently asked questions on what businesses need to know now in lieu of the … Continue Reading

Upcoming Reed Smith Webinar on European Union’s Safe Harbor Ruling

As previously discussed here and here the Court of Justice of the European Union (CJEU) handed down its judgment in Maximillian Schrems v Data Protection Commissioner (Case C-362/14)  that the Safe Harbor Decision no longer provides adequate protection for data transferred between the EU and the U.S. In light of this ruling, Reed Smith will be … Continue Reading

Court Justice of the European Union Rules Safe Harbor Decision Invalid

In a decision with significant potential ramifications for flows of personal data from the European Union to the United States, the Court of Justice of the European Union (CJEU) handed down its judgment in Maximillian Schrems v Data Protection Commissioner (Case C-362/14) that the Safe Harbor Decision no longer provides adequate protection for data transferred between … Continue Reading

Cure of Security Rule Violations Following Breach of EPHI Cannot Save Covered Entities from $750,000 Settlement; Non-Breach Related Security Complaint Leads to $218,000 HIPAA Settlement

More than three years after the Cancer Care Group, P.C. (“CCG”) notified the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) of a breach of unsecured electronic protected health information (“ePHI”), the radiation oncology private practice settled and implemented a corrective action plan (“CAP”) with OCR for $750,000. This settlement … Continue Reading
LexBlog