Posts about Privacy, Security and HIPAA Enforcement by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness training company.
Originally posted on Substack Unlike 160+ countries, unlike almost every industrialized nation, the U.S. has been an outlier because it lacks a comprehensive privacy law. Congress has been trying repeatedly to pass one, without luck, an effort that has faltered because such a law involves many complicated issues that require thoughtfulness and compromise, which don’t […]
I just posted my new article draft on SSRN (free download): Enforcing Privacy Law: Why Private Litigation Is Essential. Here’s the abstract: Enforcement is an essential dimension for effective privacy and data protection laws—and it is probably the most important one. No matter how many privacy laws are enacted and how strong the laws are, […]
I recently published a short essay with Professor Danielle Citron critiquing the recent Supreme Court decision, TransUnion v. Ramirez (U.S. June 25, 2021) where the Court held that plaintiffs lacked standing to use FCRA’s private right of action to sue for being falsely labeled as terrorists in their credit reports. The essay is here: Daniel J. […]
Friday’s U.S. Supreme Court decision, TransUnion v. Ramirez (U.S. June 25, 2021), prompted me to release this cartoon about privacy harms that I created a while ago. In TransUnion, a group of plaintiffs sued TransUnion for falsely labeling them as potential terrorists in their credit reports. The Supreme Court held that only some plaintiffs had standing […]
The U.S. Court of Appeals for the 5th Circuit just issued a blistering attack on HIPAA enforcement by the U.S. Department of Health and Human Services (HHS). In University of Texas M.D. Anderson Cancer v. Department of Health and Human Services (No. 19-60226, Jan. 14, 2021), the 5th Circuit struck down a fine and enforcement […]
Co-authored by Prof. Woodrow Hartzog It was inevitable. On Monday, Zoom joined an exclusive club of tech companies – Facebook, LinkedIn, Twitter, Microsoft, Google, Uber, Snap, and more. This club involves companies that have been under a Federal Trade Commission (FTC) consent decree. In a weird sense, for tech companies, being enforced against by the FTC […]
Days after my recent blog post on the HIPAA Right of Access, the OCR released details of their first enforcement action for violation of the Right of Access. The complaint, received in August 2018, involved a mother who waited over 9 months to receive prenatal records from Bayfront Health in St. Petersburg. She requested the […]
Over at Lawfare, I have an essay co-authored by Chris Hoofnagle and Woodrow Hartzog called The FTC Can Rise to the Privacy Challenge, but Not Without Help From Congress. This piece is also posted at the Brooking Institution’s TechTank. The essay begins: Facebook’s recent settlement with the Federal Trade Commission (FTC) has reignited debate over whether the […]
Quietly, at the end of April, HIPAA was significantly weakened. HHS published what sounds like an innocuous notification in the Federal Register: Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties. This notification is actually an enormous change to the HIPAA penalty structure, a drastic reduction in HIPAA fines. The existing penalty structure under HIPAA […]
Last year was a record-setting year for HIPAA enforcement. On HHS’s website, OCR has touted its 2018 enforcement: OCR has concluded an all-time record year in HIPAA enforcement activity. In 2018, OCR settled 10 cases and secured one judgment, together totaling $28.7 million. This total surpassed the previous record of $23.5 million from 2016 by […]