Written by Ernie Cooper
Businesses that engage in fax advertising and solicitation should pay careful attention to the recent ruling by the Federal Communications Commission clarifying that even fax advertisements sent with the prior express invitation or permission of the recipient must include an opt-out notice that: (1) is clear and conspicuous and on the first page of the ad; (2) states that the recipient may request the sender not send any future ads and that failure to comply with an opt-out request within 30 days is unlawful; and (3) contains a telephone number and fax number for the recipient to transmit an opt-out request.
Because there had been some confusion about whether the opt-out requirement applied to solicited fax advertisements, the FCC granted a retroactive waiver of the requirement to 24 companies that had asked for the clarification, allowing them until April 30, 2015, to come into full compliance with the opt-out requirement.
The FCC also said that it would entertain similar requests from other parties for retroactive waiver of the rule, but warned that it expected those parties “to make every effort to file such requests prior to April 30, 2015.” It said that such requests would be adjudicated on a case-by-case basis. The FCC recently asked for public comment on retroactive waiver petitions filed in November by eight additional fax advertisers.
There has been no confusion about the requirement to include an opt-out notice in unsolicited fax advertisements sent to persons with whom the sender has an existing business relationship or “EBR,” and the FCC window for waiver requests does not apply to any violation of those rules. Sending an unsolicited fax advertisement to a person with no EBR remains prohibited.
Fax advertising and telemarketing calling campaigns have increasingly been the subject of class action suits filed under the Telephone Consumer Protection Act (TCPA), underscoring the importance of understanding and applying the rules – even where apparent permission to send the fax or make the call has been obtained.
And what will that new gadget be spilling about you??
Written by Julia Siripurapu, CIPP
There is no doubt that wearable devices are among the hottest gifts of the season! From fitness bands and smart watches to wearable cameras and the Google Glass, there is definitely someone on your list (including you!) who may benefit from a wearable gadget. While wearable technology has great potential to improve our lifestyle, health, and even work productivity, it also causes concern for current and future users. Continue Reading
..new insurance coverage endorsements
Written by Nancy Adams
A few days ago, media outlets released a video of a kangaroo knocking a drone out of the sky.
Apparently, this “privacy loving” kangaroo was less than pleased with the drone following her family. While the drone obtained impressive footage of the kangaroos, it was clear that this kangaroo had had enough. As new technologies enter the stream of commerce, companies using such technologies likewise face new risk and exposures – whether from a kangaroo or other source. Continue Reading
……………..a cumbersome C-A-P
Written by Dianne Bourque
The U.S Department of Health and Human Services Office for Civil Rights has received tremendous publicity in recent years for its upward-trending fines and aggressive enforcement of HIPAA violations. Seven-figure fines are becoming the norm for serious violations, for example, in May of this year, OCR fined a hospital and university a combined total of $4.8 million dollars for their separate HIPAA violations. While the risk of steep fines and bad publicity should be sufficient motivation for regulated entities to maintain a robust HIPAA compliance program, there is another aspect of HIPAA enforcement that receives far less media attention but can be just as onerous: the corrective action plan, or “CAP.”
Much like a year-long membership in the Jelly of the Month Club, the CAP is the gift that keeps on giving – the whole year. Actually, most CAPS spread the cheer for at least three years following an initial OCR settlement. For the 10th Day of Privacy, we take a closer look at the CAP. Continue Reading
a tracking device in my car …. she is now my ex-true love….
Written by Jonathan Cain
A year ago, privacy and data security issues in the media were all about credit cards and identity theft. Concerns about privacy related to location data were, at least among the general public and Congress, somewhere in a galaxy far far away. Users of mobile devices had relatively few complaints about the scraping , aggregation and sale of location data, if they were even aware that it was occurring.
What a difference a year makes.
When is “sharing” too much of a good thing? And will it get worse for health care systems in 2015? Read on…..
Written by Stephanie D. Willis
Data sharing has become a point of sharp focus in the efforts to improve the quality and efficiency of health services in the United States. Given all that has happened in health care privacy (e.g., higher than ever penalties under the Health Insurance Portability and Accountability Act (HIPAA) and the involvement of more government agencies in the enforcement of privacy violations), next year promises to be an important one for health care and privacy, particularly for integrated health care systems.
So what are the challenges that integrated health care systems should anticipate in 2015 and beyond as they try to streamline the fragmented care model that has dominated for so long in the United States? Continue Reading
Questions of Authority – who will be the federal regulatory cop on the privacy beat? FTC? FCC? Privacy, Data Security Jurisdiction Questions to the Forefront in 2015
Written by Christopher Harvie
As privacy and data security gain more visibility among policy-makers, questions of federal agency authority and jurisdiction are also gaining a higher profile.
Since 2002, the Federal Trade Commission (FTC) has brought 50 enforcement actions under Section 5 of the Federal Trade Commission Act, which prohibits “unfair or deceptive acts or practices,” against companies alleged to have put consumers’ personal data at unreasonable risk. Earlier this year, in response to a court challenge brought by Wyndham Hotels, a Federal court in New Jersey upheld the FTC’s authority under Section 5 to bring enforcement actions to remedy unreasonable data security practices that lead to data breaches that cause consumer harm. The court ruled that Congress need not explicitly grant the FTC authority to bring Section 5 actions against companies that cause consumer harm through inadequate data security practices and that the FTC does not need to adopt prior data security regulations detailing permissible and impermissible data security practices. Instead, the court determined that the FTC complaint against Wyndham adequately plead “substantial injury to consumers” caused by data breaches linked to Wyndham’s “failure to implement reasonable and appropriate security measures” – including the failure to require use of complex passwords, erect adequate firewalls to prevent access by 3rd parties and insecure devices to enterprise servers, utilize up-to-date operating systems that could receive security patches and upgrades, or adequately inventory its computers in order to readily locate compromised device. Issued in response to a Wyndham motion to dismiss for lack of jurisdiction, the courts’ decision does not constitute a ruling on the merits of the FTC complaint. The jurisdictional issue is the subject of an interlocutory appeal to the 3rd Circuit, which remains pending while the parties engage in court-ordered mediation. Read our posts here and here for more information on the Wyndham case. Continue Reading
many more than six different hacks…….and headaches……
Written by Jonathan Ursprung
With the holiday season in full swing, many of us are struggling with that age-old question: “what do you get for the person who has everything?” Well, if that person happens to be your supreme leader, the answer may very well be “a massive download of electronic dirty laundry on their sworn enemy”.
In late November of this year, the disturbing outline began to form of a massive data breach at Sony Pictures. Early indications suggested that the perpetrators may have been acting on behalf of, or to curry favor with, Kim Jong-un of North Korea; Sony Pictures had been promoting its upcoming film “The Interview”, which features a fictional assassination plot targeting the head of state. While North Korea has since denied involvement, the possibility that state-sponsored hackers had carried out this attack was both credible and, ultimately, unsurprising. Continue Reading
sing it with me now….
Five Golden Rules…….(well, five new privacy laws/requirements)
There are five significant new privacy laws/amendments that will be effective as of New Year’s Day — January 1, 2015 — and four are from California. Pull up a chair, brew that cup of tea. It’s time to review and prepare. Continue Reading
gaps in my cyber liability coverage……………..
Written by Heidi Lawson and Danny Harary
What can companies and insurers expect in the new year when it comes to cyber liability insurance coverage? While we wait for some court decisions interpreting these new stand-alone cyber liability insurance policies that are being heavily pushed in the market, there are some steps a company can take now to make sure the scope of their insurance coverage is consistent with their expectations.
With many insurers now entering the market looking to make a profit on this new coverage, the question is: how broad is this new coverage – really? Continue Reading