I am pleased to announce the publication of the new edition of PRIVACY LAW FUNDAMENTALS, my short guide to privacy law with Prof Paul Schwartz. The purpose of this compact treatise is to distill the vast terrain of privacy law to the essential cases, regulations, statutes, and other notable developments. We aim to provide what you need to know about privacy law in a concise volume that doesn’t weigh 500 pounds. We hope that this book will serve as a privacy law reference that you can readily keep at hand.
You can obtain a copy of the book at the IAPP bookstore. A lot has happened in privacy law since the last edition because every day there’s something new in this field. Here’s the table of contents.
Please visit my casebook website — Information Privacy Law — to find out more info about this book, as well as my casebooks with Paul Schwartz.
For years, many policymakers, industry representatives, and commentators were opposed to a comprehensive federal privacy law. They typical federalism arguments were often trotted out. Then, in 2018, California passed the California Consumer Privacy Act (CCPA). Now, there seems to be a chorus for a comprehensive federal privacy law with preemption. I’ll be posting soon about my thoughts on a federal law and on preemption.
I hope that you can join us for the International Privacy+Security Forum (April 3-5, 2019 in Washington, DC).
The International Privacy+Security Forum is an annual sister event to the Privacy+Security Forum, an annual event held in October at George Washington University in Washington, DC. The Int’l Forum event focuses on privacy and security laws from around the world. The main feature of Forum events is that we have deep-dive sessions on topics. We attract highly seasoned professionals, and we encourage highly interactive sessions.
We will have 100+ speakers and about 40 sessions.
This cartoon is about data breach notification. All 50 states plus the District of Columbia and Puerto Rico now have data breach notification laws, and breach notification laws are spreading around the globe. And, as is often said in data security, it’s not whether a breach will happen, but when . . .
Last year was a record-setting year for HIPAA enforcement. On HHS’s website, OCR has touted its 2018 enforcement:
OCR has concluded an all-time record year in HIPAA enforcement activity. In 2018, OCR settled 10 cases and secured one judgment, together totaling $28.7 million. This total surpassed the previous record of $23.5 million from 2016 by 22 percent. In addition, OCR also achieved the single largest individual HIPAA settlement in history of $16 million with Anthem, Inc., representing a nearly three-fold increase over the previous record settlement of $5.5 million in 2016.
Here is an overview of the resolution agreements and enforcement actions with civil monetary penalties from 2018: