We use cookies to customise content for your subscription and for analytics.
If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.


Refine your search

Content type


Firm name


491 results found


Robinson & Cole LLP | USA | 21 Feb 2019

HIPAA Data Breach Reports Due to OCR by 22819

The HIPAA (Health Insurance Portability and Accountability Act) breach notification regulations require covered entities to self-report the


Nelson Mullins Riley & Scarborough LLP | USA | 28 Oct 2016

New FCC Privacy Rules for ISPs

On October 27, 2016, the U.S. Federal Communications Commission (the "FCC") adopted the Open Internet Order (the "Order"). The Order reclassified


Steptoe & Johnson LLP | USA | 13 Aug 2016

LabMD Suffers Relapse, As FTC Condemns Its Data Security Practices

Overruling the surprise decision last year of an administrative law judge, the Federal Trade Commission has held that LabMD's data security practices


K&L Gates | USA | 10 Aug 2016

Hold On, You Didn’t Overpay for That: Courts Address New “Overpayment” Theory from Plaintiffs in Data Breach Cases

With the ever-increasing amount of personal information stored online, it is unsurprising that data breach litigation has become increasingly common


Montgomery McCracken Walker & Rhoads LLP | USA | 2 Aug 2016

No Harm, No Foul? Not According to the FTC’s LabMD Decision

Last Friday, the FTC reversed an Administrative Law Judge’s ruling in the FTC data security case against clinical laboratory LabMD, broadening the


Orrick, Herrington & Sutcliffe LLP | USA | 2 Aug 2016

Insurer’s Broad Interpretation of Data Breach Exclusion Rejected by Court

Non-cyber insurance policies often contain exclusions to limit or preclude coverage for data breaches. A Maryland federal district court recently


Hunton Andrews Kurth LLP | USA | 22 Jul 2011

Class action suit filed against cloud service over data breach

A putative class action complaint filed on June 22, 2011, in the United States District Court for the Northern District of California alleges that the popular cloud-based storage provider Dropbox, Inc. failed to secure users’ private data or to notify the vast majority of them about a data breach.


Hogan Lovells | USA | 28 Feb 2010

Data breach notification requirement for unauthorized disclosures of PHI now being enforced

The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009 (ARRA), generally requires employer-sponsored health plans and their business associates that handle protected health information (PHI) to notify affected individuals, the Department of Health and Human Services (HHS), and in some cases the media, when there is an unauthorized disclosure of the individuals' unsecured PHI.

Previous page 1 2 3 ...