State education departments and legislatures are grappling with the privacy implications of the expanded use of technology in classrooms and schools serving as central data repositories of a host of personally identifying information (“PII”) on minors. In New York, a group of parents sued the state’s education department to prevent it from handing over students’ PII to third parties in 2013. While federal law has been slow to keep pace with rapidly changing technology, in the past two years, four dozen states and counties have adopted student data privacy laws. Colorado is the latest state to make a move in this space, with the House unanimously passing a bill that has been called one of the toughest student privacy laws in the country.
Germany court held that Facebook’s “Like” button violates privacy laws
Learn how Facebook’s “like” button is rapidly growing into a social marketing tool that is tracking users’ IP addresses, browser strings and more.
Canada’s Privacy Commissioner To Investigate RCMP Over Alleged Stingray Cellphone Surveillance
The Office of the Privacy Commissioner of Canada recently announced it will investigate the Royal Canadian Mounted Police (RCMP) over their refusal to admit whether or not they use the mobile phone surveillance device called “Stingray.”
Increased Risk of Fraudulent Charges and Identity Theft Sufficient to Confer Article III Standing According to 7th Circuit
After a district court dismissed a lawsuit filed by customers of restaurant chain P.F. Chang’s China Bistro whose payment card information was stolen during a data breach, the 7th Circuit Court of Appeals has revived the suit. In a ruling last week, the appellate panel found that customers whose payment card information was stolen in the breach have standing to sue, even if they don’t allege any actual losses from identity theft or payment card fraud.
Australian Mandatory Data Breach Regime Moves Closer to Reality
As mentioned in our previous legal update, the Australian Attorney-General’s Department released and sought comments on an exposure draft of a mandatory data breach notification bill, the Privacy Amendment (Notification of Serious Data Breaches) Bill 2015 (Cth) (Exposure Bill). The time for submissions has now closed, and the Attorney-General’s Department has published a number of the non-confidential submissions in relation to the Exposure Bill on its website.
Fourth Circuit Holds that CGL Policy Covers Data Breach Class Action
On April 11, 2016, the Fourth Circuit Court of Appeals upheld a ruling by the Eastern District of Virginia that two Commercial General Liability (“CGL”) insurance policies required an insurer cover the defense of a medical records company in a class-action claim relating to alleged failure to secure patients’ medical records.[1]
Norton Rose Fulbright discusses recent opinion on Privacy Shield
The Article 29 Working Party released an opinion yesterday stating that it would not endorse the EU-US Privacy Shield. Norton Rose Fulbright partners Boris Segalis and Marcus Evans spoke with Law360 to discuss how the opinion will affect private
EU Data Protection Reform: EU Council of Ministers Publishes Updated Version of the GDPR, Formally Adopts Its Position at First Reading, Announces Crucial Second Reading to Take Place on 14 April
On 8 April 2016 (see here), the Council of the European Union announced that it has formally adopted its position at the first reading on the EU General Data Protection Regulation, a key step in the data protection reform
European Union-United States Privacy Shield – A Comprehensive Overview: Webinar
Data privacy partners at Norton Rose Fulbright invite you to join them on Thursday, April 21 for a discussion on the EU-US Privacy Shield and the impact of the Article 29 Working Party’s formal opinion on the adequacy of the Privacy Shield. The WP29’s formal opinion is expected on April 12th or April 13th.
The discussion will be led by Boris Segalis, co-chair of Norton Rose Fulbright’s Data Protection, Privacy and Cybersecurity practice in the US, Marcus Evans, data privacy partner in Norton Rose Fulbright’s London office and Jay Modrall, anti-trust and competition partner in Norton Rose Fulbright’s Brussels office.
OCR Launches Phase 2 of the HIPAA Audit Program
The HHS Office for Civil Rights (OCR) announced on Monday that it has launched the long-awaited Phase 2 of its HIPAA Privacy, Security, and Breach Notification Audit Program.