Recently, the U.S. Court of Appeals for the 9th Circuit issued a decision with profound implications for consumer privacy protection law. In FTC v. AT&T Mobility (9th Cir. Aug. 29, 2016), a 3-judge panel of the 9th Circuit held that the Federal Trade Commission (FTC) lacks jurisdiction over companies that engage in common carrier activity. […]
Category: Enforcement
Posts about Privacy, Security and HIPAA Enforcement by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness training company.
Spot the Privacy and Security Risks Training Game
I’m pleased to announce a new training program: Spot the Risks: Privacy and Security. The program is a Where’s Waldo style risk-spotting game that takes about 5 minutes to complete. Trainees are asked to spot the risks in an office. Feedback is provided about each risk so trainees learn many of the most important best […]
Is HIPAA Enforcement Too Lax?
By Daniel J. Solove ProPublica has been running a series of lengthy articles about HHS Office for Civil Rights (OCR) enforcement that are worth reading. A Sustained and Vigorous Critique of OCR HIPAA Enforcement A ProPublica article from early in 2015 noted that HIPAA fines were quite rare. The article noted that from 2009 through […]
10 Implications of the New EU General Data Protection Regulation (GDPR)
Last week, the EU issued the General Data Protection Regulation (GDPR), a long-awaited comprehensive privacy regulation that will govern all 28 EU member countries. Clocking in at more than 200 pages, this is quite a document to digest. According to the European Commission press release: “The regulation will establish one single set of rules which […]
The FTC Has the Authority to Enforce Data Security: FTC v. Wyndham Worldwide Corp.
by Daniel J. Solove The U.S. Court of Appeals for the 3rd Circuit just affirmed the district court decision in FTC v. Wyndham Worldwide Corp., No. 14-3514 (3rd. Cir. Aug. 24, 2015). The case involves a challenge by Wyndham to an Federal Trade Commission (FTC) enforcement action emerging out of data breaches at the Wyndham. […]
Should the FTC Be Regulating Privacy and Data Security?
by Daniel J. Solove This post was co-authored with Professor Woodrow Hartzog. This past Tuesday the Federal Trade Commission (FTC) filed a complaint against AT&T for allegedly throttling the Internet of its customers even though they paid for unlimited data plans. This complaint was surprising for many, who thought the Federal Communications Commission (FCC) was […]
The Most Alarming Fact of the HIPAA Audits
by Daniel J. Solove Are privacy and security laws being enforced effectively? This post is post #5 of a series called Enforcing Privacy and Security Laws. Under the Health Insurance Portability and Accountability Act (HIPAA), various organizations can be randomly selected to be audited – even if no complaint has been issued against them and […]
The Brave New World of HIPAA Enforcement
by Daniel J. Solove Are privacy and security laws being enforced effectively? This post is post #4 of a series called Enforcing Privacy and Security Laws. The Health Insurance Portability and Accountability Act (HIPAA) regulations govern health information maintained by various entities covered by HIPAA (“covered entities”) and other organizations that receive health information from […]
Who Are the Privacy and Security Cops on the Beat?
by Daniel J. Solove Are privacy and security laws being enforced effectively? This post is post #3 of a series called Enforcing Privacy and Security Laws.
The Privacy Pillory and the Security Rack: The Enforcement Toolkit
by Daniel J. Solove Are privacy and security laws being enforced effectively? This post is post #2 in a series called Enforcing Privacy and Security Laws. See the end of this post for links to other posts in this series. What kind of sanctions do privacy and security laws use for enforcement? In this post, […]