Data Protection, Data Privacy, and Duty of Care The U.S. Perspective. Ron N. Dreben, CIPP Morgan, Lewis & Bockius LLP

Similar documents
Data Privacy & Security in the Cloud: Legal Basics and New Developments

Clients Legal Needs in HIPAA Security Compliance

Bloomberg BNA Professional Learning Legal Course Catalog OnDemand Programs

Introduction to Data Privacy & ediscovery Intersection of Data Privacy & ediscovery

A Guide To Conducting IP Due Diligence In M&A

Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS

The Importance of Privacy & Data Security in a Changing World

Recognition. Awards & Top Trademark Law Firm World Trademark Review 1000, U.S. Trademark Case of the Year: In re Bose

Information Security Law: Control of Digital Assets.

Intellectual Property Issues for Asset Managers

Fish s Trademark Clients Include:

10/29/2012 CONSUMER AFFAIRS AND BUSINESS REGULATION AND DATA SECURITY LAW

We are required to provide this Notice to you by the Health Insurance Portability and Accountability Act ("HIPAA")

STEPHEN J. COSENTINO Partner

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013

APPENDIX A that is not acceptable. Arbitration settled by arbitration arbitration shall be held in New Jersey substantive law of New Jersey

Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN Ph: (952) Fax: (651)

Policy Implications: Privacy, Security and Liability Big Data in Telecom. June TIA 2012: INSIDE THE NETWORK Dallas TX

IP Considerations in Outsourcing Agreements

Business Associate Agreement

stacktools.io Services Device Account and Profile Information

Guylyn Cummins, Esq. Elizabeth Balfour, Esq.

Online Behavioral Tracking and Targeting Concerns and Solutions from the Perspective of:

Jan Philipp Albrecht Rapporteur, Committee on Civil Liberties, Justice and Home Affairs European Parliament

Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

f - INDEPENDENT CONTRACTOR SERVICES AGREEMENT The University Of North Carolina at Chapel Hill WITNESSETH

What Every Business Lawyer Should Know About International Transactions

Practical Lessons Learned: An Overview of Cybersecurity Law & Information Governance

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

Government Dimensions of Cloud Computing

Data, Privacy, Cookies and the FTC in Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller

PINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM

HCCA Compliance Institute 2013 Privacy & Security

BUSINESS ASSOCIATE AGREEMENT Tribal Contract

Information for Agents and Brokers Regarding the HIPAA Business Associate Agreement

Data Security. The dominant business communication tool

Data Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015

Protected Health Information. Notice Information. Notice of Privacy Practices. Nystrom & Associates, Ltd Family Support Services, Inc.

IGO GROUP GOVERNANCE STANDARD 4 - SOCIAL MEDIA INDEPENDENCE GROUP NL

HIPAA INFORMATION FOR METLIFE GROUP DENTAL and/or VISION INSURANCE CUSTOMERS

BUSINESS ASSOCIATE AGREEMENT. (Contractor name and address), hereinafter referred to as Business Associate;

INTELLECTUAL PROPERTY. You have the idea. We ll protect it.

Your use of this site is subject to the following privacy policy statement and the web site terms of service.

HIPAA Notice of Privacy Practices HAND & MICROSURGERY ASSOCIATES, INC.

Healthcare Payment Processing: Managing Data Security and Privacy Risks

Effective Date: March 23, 2016

Conducting due diligence and managing cybersecurity in medical technology investments

Wearables and Big Data and Drones, Oh My! How to Manage Privacy Risk in the Use of Newer Technologies 1

HIPAA Notice of Patient Privacy Practices

Data Privacy Considerations When Conducting E-Discovery

2015 NMSBA SCHOOL LAW CONFERENCE

Negotiating EHR Acquisition Contracts

Protecting Personal Information in Third Party Hands An Overview of Legal Requirements

CLOUD COMPUTING AND PRIVACY CURRENT PRACTICES IN FAIRFAX COUNTY PUBLIC SCHOOLS

Privacy Policy. Introduction. Scope of Privacy Policy. 1. Definitions

WIPO Summer Schools on Intellectual Property

DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY

Unless otherwise stated, our SaaS Products and our Downloadable Products are treated the same for the purposes of this document.

This notice describes how psychological and medical information about you may be used and disclosed and how you can get access to this information.

Risk Management of Outsourced Technology Services. November 28, 2000

Our Commitment to Information Security

PERSONAL HEALTH RECORDS AND

Resthave Home of Whiteside County, Illinois Resthave Nursing Home Resthave Home Assisted Living. Notice of Privacy Practices

Overview of the HIPAA Security Rule

Online and Mobile Privacy Notice ( Privacy Notice )

Implications for Cloud Computing & Data Privacy

NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES

Sample Business Associate Agreement (4. Other Bus. Assoc., Version )

THE PHONE RINGS FROM DOWN SOUTH: WHAT ISSUES SHOULD I CONSIDER FOR EXPANDING MY U.S. FRANCHISE INTO CANADA?

Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World

Responding to New Identity Theft Laws

Legal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009

How To Help Your Business With Data Security And Privacy

Cloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns. Privacy and Information Management Practice / Washington, DC

SCDA and SCDA Member Benefits Group

BUSINESS ASSOCIATE AGREEMENT

What Every Non IP Attorney Should Know

Working Through the Internet: Intellectual Property, Privacy, and Other Issues for Non-Profits. September 28, 2010

ITS Policy Library Use of . Information Technologies & Services

To: Our Clients and Friends March 25, 2014

Select Internet Privacy Issues for the Business Lawyer, Including Website Privacy Policies

Section C: Data Use Agreement. Illinois Department of Healthcare and Family Services. And DATA USE AGREEMENT

DISCLAIMER. HIPPAA Notice of Privacy. HIPAA Notice of Privacy Practices Printable PDF. Effective November 1, 2015

Privacy Law Basics and Best Practices

DATA USE AGREEMENT RECITALS

Top Issues for Safeguarding Brand Reputation When Engaging In Social Media Activities

BUSINESS ASSOCIATE AGREEMENT

1/23/2015. MSBO Technology Committee January 22, Examples of Online Educational Services

Signed into law on February 17, 2009, the Stimulus Package known

Additionally, Fishsticks may acquire information from you through:

A Guide to Crowdfunding for Companies Seeking to Raise Capital

BUSINESS ASSOCIATE AGREEMENT

Best Practices for Consumer Wearables & Wellness Apps & Devices

New York Chicago Los Angeles Washington D.C. Area London Munich

Shipman & Goodwin LLP All rights HARTFORD STAMFORD GREENWICH WASHINGTON, DC

Transcription:

Data Protection, Data Privacy, and Duty of Care The U.S. Perspective Ron N. Dreben, CIPP Morgan, Lewis & Bockius LLP

Let s talk about the patchwork Financial information Gramm-Leach-Bliley Act and the Safeguards Rule Credit card information and PCI-DSS compliance Medical information Health Information Portability and Accountability Act of 1996 (HIPAA) Personal Health Information (PHI) must be protected in compliance with the HIPAA Privacy Rule Children s information Children s Online Privacy Protection Act (COPPA) Student Information Family Education Rights and Privacy Act (FERPA) Commercial Email, Email Scanning and Email Hacking Video Privacy Protection Act Text messaging, Cell Phone Calls and Faxing 2

50 States and Privacy Laws Medical and financial information Personally Identifiable Information in General Biometric data, including facial recognition Social security numbers Drivers licenses Mug shots Age Obligations to encrypt Obligations to have privacy policies and to comply with them Obligations to report and respond to data breaches 3

Privacy Shield As of mid-october, more than 1500 companies, including Google, Microsoft and DropBox, have submitted selfcertifications under the Privacy Shield framework. The United States has given the European Union assurances that the access of public authorities for law enforcement and national security purposes is subject to clear limitations, safeguards, and oversight mechanisms. The US has stated it will not perform indiscriminate mass surveillance of personal data transferred to the US under the Privacy Shield arrangement. The US Secretary of State has established possible redress for EU residents through an ombudsman mechanism within the US Department of State. 4

Examples of Data Collection by Businesses Spokeo The Vibrator Case Talking Barbie Pokemon Go Information collected by your car Information collected by hotels Contests and Sweepstakes Yahoo breach Personal Data and Bankruptcies Drones 5

Making Consumers More Comfortable with Disclosing Data Privacy Policies Opt-in s, Privacy Controls and Access/Control of Personal Information Privacy Certifications (Data Privacy Management companies) Bug bounty programs, or vulnerability disclosure programs White hat hackers test security PCI-DSS credit card controls Tokenization a non-sensitive unique identifier instead of the original data Watchdog associations like EPIC (Electronic Privacy Information Center) and Electronic Freedom Foundation (EFF) Credit watching services 6

U.S. Government Guidance and Enforcement Federal Trade Commission (FTC) actions based on security breaches and improper or unfair personal data collection. FTC released a January 2015 report identifying its information security expectations for companies that manufacture health monitors, home security devices and other internet of things. The FCC more recently approved new rules for Internet Service Provider s use and sharing of customer data. US Food and Drug Administration (FDA) provided privacy guidance in January 2015. Office of the Comptroller of the Currency (OCC) has issued guidelines regarding cyberattacks. The U.S. Securities and Exchange Commission s Office of Compliance Inspections and Examinations (OCIE) has taken enforcement actions against investment advisers and broker dealers for failing to take reasonable steps to protect customer records and information. National Infrastructure Protection Plan of 2013. 7

U.S. Government Data Collection Electronic Communications Privacy Act of 1986 The U.S. Patriot Act and Foreign Intelligence Surveillance Act (2008 amendments) Edward Snowden Private companies (for example, Apple, Microsoft and others) challenging government requests for personal data and gag orders 8

About Ron N. Dreben Ron N. Dreben Partner Washington DC T +1.202.739.5213 ron.dreben@morganlewis.com Ron N. Dreben advises clients on intellectual property and technology issues in business transactions. He provides advice in connection with mergers, acquisitions, and licensing arrangements, as well as trademark, copyright, trade secret, and related IP law. A Certified Information Privacy Professional (CIPP), Ron helps companies address privacy issues and respond to security breaches and advises US companies on the relevance of the EU Data Directive. Ron has experience negotiating with most of the leading technology product and service vendors. Ron counsels clients on all aspects of IP issues as they merge or acquire businesses. He conducts worldwide IP diligence, and addresses IP representations and indemnification, and confidentiality and noncompete provisions. Ron handles IP documentation in a host of other types of transactions. He drafts and reviews IP, technology, and software agreements. Additionally, Ron has experience creating website hosting and e-commerce agreements, terms and conditions, and privacy policies; development agreements; trademark co-existence agreements and licenses; consulting and independent contractor agreements; software licenses; and data use agreements. He also works with clients to secure domain names and has experience with proceedings under ICANN s Uniform Domain-Name Dispute Resolution Policy (UDRP), Anticybersquatter Consumer Protection Act (ACPA); and negotiations. This material is provided for your convenience and does not constitute legal advice or create an attorney-client relationship. Attorney Advertising. 2016 Morgan, Lewis & Bockius LLP 9

10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information