MenuClose
Aug 02

No Harm, No Foul? Not According to the FTC’s LabMD Decision

This post was co-authored by Mara Smith, a summer associate with Montgomery McCracken, and Stephen Grossman, a partner and chair of Montgomery McCracken’s Data Privacy Practice Group. Last Friday, the FTC reversed an administrative law judge’s ruling in the FTC data security case against clinical laboratory… Read More

Jul 28

HIPAA Privacy and Security: Not Just for Healthcare Providers

This guest post was authored by Bianca A. Valcarce, a summer associate with Montgomery McCracken. HIPAA regulations don’t just impact doctors and health plans.  Lawyers, Certified Public Accountants, billing companies, and other third-party vendors who work with protected health information are not only covered by HIPAA… Read More

Jul 18

District Court: No Warrant Needed to Deploy Malware on Computers

In a controversial decision, the Eastern District of Virginia ruled last month that the government does not need a warrant to deploy malware that gathers identifying information about computers visiting a specific host site. In United States v. Matish, the host site provided child pornography,… Read More

Jun 29

It wasn’t me! What happens when users are “hacked” but your servers are still secure?

Deutsche Telekom, one of the largest mobile telecommunication companies in the world and the corporate parent of T-Mobile, recently announced that “real and current” consumer passwords were available for anyone to buy on the internet equivalent of the black market.  The precise number of consumers… Read More

May 19

Right to Privacy: Does the Fourth Amendment Apply to Emails?

Many of our most personal communications and financial records are accessible through our emails. Law enforcement officers, however, can obtain much of this information without a warrant. The government often uses legal processes that allow for searches of electronic records such as emails without any… Read More

Apr 19

Still Standing: Data Breach Class Action Against P.F. Chang’s Revived on Appeal

We have previously written here and here on the evolution of standing in data breach/theft cases.  P.F. Chang’s China Bistro is the latest defendant to lose its bid to dismiss a class-action complaint for lack of standing.  Last Thursday, the 7th Circuit Court of Appeals… Read More

Feb 11

Obama’s Cybersecurity National Action Plan: Something for everyone to love (and hate)

This post was co-authored by David F. Herman, an associate in Montgomery McCracken’s Litigation Department. He serves as an editor of the firm’s Data Privacy Alert blog, which focuses on data privacy and cybersecurity issues. David can be reached at 215.772.7614 or at dherman@mmwr.com. In the wake of… Read More

Feb 08

Key Components of FDA’s Draft Guidance for Medical Device Cybersecurity

On January 22, 2016, FDA issued draft guidance to manufacturers regarding the postmarket management of cybersecurity vulnerabilities in medical devices. This draft guidance comes on the heels of draft guidance issued in 2013 to manufacturers on the premarket management of cybersecurity risks related to the… Read More

Jan 29

New Authority for Companies to Monitor and Share Information on Cybersecurity Threats

Private entities have broad new powers to monitor their information systems and share cybersecurity information under the Cybersecurity Act of 2015 (“Act”), which was signed on December 18, 2015 into law as part of the Consolidated Appropriations Act.  Further, private entities are immune from liability… Read More

Dec 14

Reigning in the FTC’s Regulation of Data Security Practices…Maybe

In a closely watched case, an administrative law judge recently dismissed the Federal Trade Commission (FTC) complaint against cancer-screening company LabMD. The FTC’s enforcement authority for data security practices is limited to cases of substantial consumer injury or cases where such injury is probable, emphasized… Read More