PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Standing and Privacy Harms: A Critique of TransUnion v. Ramirez

Standing and Privacy Harms

I recently published a short essay with Professor Danielle Citron critiquing the recent Supreme Court decision, TransUnion v. Ramirez (U.S. June 25, 2021) where the Court held that plaintiffs lacked standing to use FCRA’s private right of action to sue for being falsely labeled as terrorists in their credit reports. The essay is here: Daniel J. […]

Cartoon: Privacy Harms

Cartoon Privacy Harms - TeachPrivacy Privacy Training 02 small

Friday’s U.S. Supreme Court decision, TransUnion v. Ramirez (U.S. June 25, 2021), prompted me to release this cartoon about privacy harms that I created a while ago.  In TransUnion, a group of plaintiffs sued TransUnion for falsely labeling them as potential terrorists in their credit reports. The Supreme Court held that only some plaintiffs had standing […]

The M.D. Anderson Case and the Future of HIPAA Enforcement

HIPAA Enforcement MD Anderson Case 02

The U.S. Court of Appeals for the 5th Circuit just issued a blistering attack on HIPAA enforcement by the U.S. Department of Health and Human Services (HHS). In University of Texas M.D. Anderson Cancer v. Department of Health and Human Services (No. 19-60226, Jan. 14, 2021), the 5th Circuit struck down a fine and enforcement […]

The FTC Zoom Case: Does the FTC Need a New Approach?

Co-authored by Prof. Woodrow Hartzog It was inevitable. On Monday, Zoom joined an exclusive club of tech companies – Facebook, LinkedIn, Twitter, Microsoft, Google, Uber, Snap, and more. This club involves companies that have been under a Federal Trade Commission (FTC) consent decree. In a weird sense, for tech companies, being enforced against by the FTC […]

First OCR Enforcement of HIPAA’s Right of Access

HIPAA Right to Access

Days after my recent blog post on the HIPAA Right of Access, the OCR released details of their first enforcement action for violation of the Right of Access. The complaint, received in August 2018, involved a mother who waited over 9 months to receive prenatal records from Bayfront Health in St. Petersburg.  She requested the […]

The FTC Can Rise to the Privacy Challenge, but Not Without Help From Congress

FTC

Over at Lawfare, I have an essay co-authored by Chris Hoofnagle and Woodrow Hartzog called The FTC Can Rise to the Privacy Challenge, but Not Without Help From Congress.  This piece is also posted at the Brooking Institution’s TechTank.  The essay begins: Facebook’s recent settlement with the Federal Trade Commission (FTC) has reignited debate over whether the […]

A Major Move to Weaken HIPAA

HIPAA Penalties Reduced

Quietly, at the end of April, HIPAA was significantly weakened.  HHS published what sounds like an innocuous notification in the Federal Register: Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties.  This notification is actually an enormous change to the HIPAA penalty structure, a drastic reduction in HIPAA fines. The existing penalty structure under HIPAA […]

HIPAA Enforcement 2018

HIPAA Enforcement 2018 - TeachPrivacy HIPAA Training 02

Last year was a record-setting year for HIPAA enforcement.  On HHS’s website, OCR has touted its 2018 enforcement: OCR has concluded an all-time record year in HIPAA enforcement activity.  In 2018, OCR settled 10 cases and secured one judgment, together totaling $28.7 million. This total surpassed the previous record of $23.5 million from 2016 by […]

Increasing State HIPAA Enforcement: Highlights from 2018

State HIPAA Enforcement - increasing 02

There have been quite a number of state HIPAA enforcement cases this year, and one expert points out a trend toward increasing state enforcement of HIPAA. An article in Data Breach Today discusses a number of state HIPAA enforcement cases.  Here are some of the ones discussed: Massachusetts — $75,000 settlement with McLean Hospital for […]

The Robocall Wars: The Rise of Robocalls and the TCPA Robocall Cops

Robocalls and the TCPA Robocall Cops 02

Move over robocop, there’s a new constable in town — the robocall cop. In the past decade, robocalls have surged.  There has also been a dramatic rise in litigation about these calls under the Telephone Consumer Protection Act (TCPA). The TCPA litigation is led by a small group of serial litigators, people who have assumed the […]