Businesses in Texas that own or license computerized data will expect a shortened data breach notification deadline for any breach of sensitive personal information after January 1, 2020. Meanwhile, reporting to state attorney general (“AG”) will become mandatory if more than 250 Texans are involved in a single data breach.
On May 23, 2019, the United States Securities and Exchange Commission (“SEC”)’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert entitled “Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features” (the “Risk Alert”). The Risk Alert highlights the risks associated with the storage of customer records and information by broker-dealers and investment advisors on cloud-based storage platforms.
Touchstone Medical Imaging (Touchstone) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) entered into a no-fault settlement and two-year corrective action plan (CAP) to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).
On April 22, 2019, the FBI’s Internet Crime Complaint Center (“IC3”) released its Internet Crime Report (the “Report”) for 2018. IC3 issues the Report annually as a means to highlight data and identify key trends about Internet crimes.
In an active week of FTC announcements, the agency on March 26, 2019, announced four major settlements with entities that were responsible for billions of illegal robocalls made to consumers nationwide. The entities targeted by the agency initiated illegal robocalls across a number of industries – they pitched auto warranties, debt-relief services, home security systems, fake charities, and Google search results services. These settlements resolved FTC allegations that the defendants had violated the FTC Act and the FTC’s Telemarketing Sales Rule.
In Veterans of America, the FTC’s complaint against Travis Deloy Peterson alleged that he “created and used a series of corporate entities and fictitious business names that sound like veterans’ charities to operate a telemarketing scheme that used robocalls to trick generous Americans into giving their vehicles or other valuable property to him” since at least 2012. The settlement includes a monetary judgment of $541,032.10 and would permanently ban defendant Peterson or his employees or contractors from soliciting charitable contributions, making misrepresentation in advertising or promoting any good or service, initiating robocalls, and engaging in deceptive and abusive telemarketing.
Following congressional hearings last month on potential federal data privacy legislation − Hearing on Policy Principles for a Federal Data Privacy Framework in the United States before the Senate Committee on Commerce, Science, and Transportation; Hearing on Improving Data Security at Consumer Reporting Agencies before the House Subcommittee on Economic and Consumer Policy − the Federal Trade Commission (FTC) on March 26, 2019, announced the initiation of a study concerning the privacy policies, procedures, and practices of seven internet service providers (ISPs). The FTC has used this process in other industries or areas of focus to gather information that it may later share in a public report.