As we wrote about last week, the Federal Trade Commission (FTC) recently announced that it had entered a proposed settlement with video equipment surveillance company Verkada over the company’s alleged security failures. What’s interesting about the Verkada settlement is that it’s really a data security case with some additional marketing violations thrown in. And
Data Counsel
Commentary Addressing Risks and Opportunities Through the Lifecycle of Data, Technology, Advertising and Innovation
Blog Authors
Latest from Data Counsel
CMMC Barrels Closer to Implementation with Latest Proposed Rule Establishing DFARS Contract Clauses
Cybersecurity Maturity Model Certification (CMMC) is coming — and now appears to be coming faster than many defense contractors believed. In the latest signal of CMMC’s forward momentum, the Department of Defense (DoD) issued a proposed rule on August 15, 2024, amending Title 48 CFR (Cybersecurity Requirements Proposed Rule), which defines how CMMC requirements should…
Looking in the Mirror: HHS OIG Audit Demonstrates HHS Agency’s Own Need for Focus on Cloud Security
Key Takeaways:
- In March, the Office of Inspector General of the Department of Health and Human Services (OIG) published a report of its audit of Administration for Children and Families (ACF) “data hosted in certain cloud information systems.”
- The report explains that the audit is part of a series examining “whether HHS and its Operating
…
FedRAMP Rewritten: OMB Publishes Guidance with FedRAMP’s Updated Vision, Scope and Governance Structure
To dramatically scale up the Modernizing the Federal Risk and Authorization Management Program (FedRAMP) marketplace, the Office of Management and Budget (OMB) has completely rewritten FedRAMP’s vision, scope and governance structure. OMB rescinded its memorandum from 2011 establishing FedRAMP and replaced it with a new memorandum updating FedRAMP.
As we’ve previously highlighted, FedRAMP recently revealed…
Deeper Dive: Understanding the 2023-24 Crypto Threat Landscape
As the Web3 and digital assets ecosystem continues to grow, hacks, scams and other threats remain a major cause for concern and a potential impediment to broader adoption. Data from various sources indicates that after a year of relative respite in 2023, crypto threats have increased dramatically in 2024. Web3 and digital assets market actors…
Deeper Dive: FTC in 2024 Continues Aggressive Privacy Path – But Don’t Forget About that Rulemaking
We have seen a dizzying amount of Federal Trade Commission (FTC or Agency) enforcement on the privacy front in 2024, with a heavy focus on the collection and sharing of health data, browsing and geolocation data, and children’s data. Today we are going to explore some of the significant FTC privacy developments from the past…
FedRAMP Begins to Implement Its Vision: Introducing the Agile Delivery Pilot, Developer’s Hub and Knowledge Management System
In our recent article, we discussed FedRAMP’s Roadmap to the Future, outlining FedRAMP’s ambitious plan to breathe new life into the FedRAMP program by, among other goals, updating the authorization process and automating key deliverables in the FedRAMP program, including the Security Assessment Plan (SAP), Security Assessment Report (SAR), and Plan of Actions and…
The Future for Healthcare Is So Loper Bright, I Gotta Wear Shades
On June 28, in Loper Bright Enterprises v. Raimondo (Loper Bright), the U.S. Supreme Court overturned the doctrine of Chevron deference, upending 40 years of precedent and significantly shifting power to the courts to interpret laws administered by federal agencies. As one of the most heavily regulated industries at the federal level, the healthcare industry…
Pennsylvania Makes Significant Changes to Its Data Breach Notification Law
On June 28, 2024, Pennsylvania Governor Josh Shapiro signed an amendment to Pennsylvania’s Breach of Personal Information Notification Act into law. The amended law, which includes significant changes to the Keystone State’s data breach notification law, goes into effect on September 26, 2024. Below, we discuss the major changes set forth in the amended law.…
Northern District of Texas Flashes the ‘Blue Lights’ on OCR’s Pixel Guidance
On June 20, 2024, the Northern District of Texas issued its final order in American Hospital Association, et al. v. Becerra, et al. (AHA), granting the plaintiffs’ (the American Hospital Association, two Texas health systems and the Texas Hospital Association) motion for summary judgment. The thorough (and delightfully irreverent) opinion – which aligned with…