Privacy and Cybersecurity – Taking Care of Business

HHS Finalizes New Rules Seeking Interoperability for Electronic Health Information

Mar 13, 2020

On March 9, 2020, the United States Department of Health and Human Services (HHS) issued two new sets of rules under the 21st Century Cures Act designed to provide patients with more control over their health care data. With the goal of interoperability, the final rules developed by each of the HHS Office of the National Coordinator for Health Information Technology (ONC) and Centers for Medicare & Medicaid Services (CMS) require providers, payers and information technology vendors to provide patients with the ability to easily access their electronic health information (EHI) on electronic devices, including smart phones. (more…)

Cybersecurity and Legal Due Diligence Considerations in M&A Transactions

Jul 24, 2019

By: Joshua Mooney, Lori Smith and Jeremy Miller

When prospective buyers conduct legal due diligence in merger and acquisition transactions the main focus is typically on the traditional items, such as financials, debt instruments, major contracts and other key metrics customarily analyzed. These items, among others, remain critical to evaluating a business. However, with technology continuing to advance at an exponential rate and hackers successfully breaching company information systems more frequently, as seen with Target, Equifax and many others, it is critical that prospective buyers thoroughly consider the risks associated with the target’s cybersecurity practices or lack thereof. (more…)

The Dangers of Transactional Precedent – The Times They Are-A-Changing

Mar 13, 2019

By: Lori Smith

The other day I had a client ask me to review some form documents that another party wanted to use in connection with the client’s website. The basis of the request was that he thought I had prepared, or at least reviewed, these documents when they were originally created – over 10 years ago (coincidentally I had reviewed them, but had been somewhat critical, in part, at that time as off-market). This got me thinking about how many companies (and lawyers) rely on templates or precedential deal documents collected over many years, without thinking about the specific facts and circumstances of the deal they are doing or the passage of time and how that might implicate the need for updates and revisions.

(more…)

California Implements the Most Stringent Privacy Law in the United States: Will Businesses Be Affected?

Jul 13, 2018

By: Richard Borden, Gwenn Barney and Emma Bechara

On June 28, 2018, California passed a new privacy law that is one of the most stringent consumer protection privacy laws in the nation. The California Consumer Privacy Act of 2018 (Act) introduces onerous new requirements and limitations on any businesses that collect and sell personal information of California residents. (more…)

Technology, the New Frontier of National Security: Trump Blocks Broadcom’s Proposed Takeover of Qualcomm

Apr 10, 2018

By: Ryan Udell and Gwenn Barney

For the second time in a year, President Donald Trump has taken the historically extraordinary measure of issuing an executive order to block a foreign company’s takeover of a US technology company based on national security concerns. This time, it was to thwart Broadcom’s proposed takeover of US-based chipmaker Qualcomm. (more…)

DC Circuit Court Rejects FCC’s Expansive Definition of ATDS in Long-Awaited TCPA Decision

Apr 5, 2018

By: Richard Borden, Lori Smith and Kate Woods

On March 16, 2018, the US Court of Appeals for the District of Columbia Circuit released its much anticipated ruling in ACA International, et al., v. Federal Communications Commission rejecting the expansive definition of automated telephone dialing system (ATDS) and setting aside the “one-call safe harbor rule” for reassigned cell phone numbers set forth in the Federal Communications Commission’s (the “Commission” or “FCC”) July 2015 Declaratory Ruling and Order interpreting the Telephone Consumer Protection Act (TCPA). The court also upheld the scope of the Commission’s exemption to the prohibition of robo-calls specifically for healthcare-related calls of a time sensitive nature. (more…)

SEC Updated Guidance on Cyber Disclosure by Publicly Traded Companies in a Digitally-Connected World

Feb 22, 2018

By: Rick Borden, Alexandria Kane and Kate Woods

“To win a race, the swiftness of a dart availeth not without a timely start.”
~ Jean de La Fontaine

The Securities and Exchange Commission (the “Commission”) Wednesday announced updated cybersecurity guidance for public companies. This guidance reinforces the Division of Corporation Finance guidance issued in October 2011 and expands upon it to include two new topics: (i) the importance of cybersecurity policies and procedures and (ii) the application of insider trading prohibitions in the cybersecurity context. The guidance itself and early reactions make it evident that the Commission is committed to aggressively regulating this area over the long haul. (more…)

Congressman Calls for Delay as CAT Deadline Nears

Oct 25, 2017

By: Gwenn Barney

As the deadline nears for exchanges to report all stock and option trades to the Consolidated Audit Trail (CAT) database of the Security and Exchange Commission (SEC), calls are increasing for the launch of the planned massive inventory of equity and options markets activity to be delayed.

(more…)

Federal Judge Issues Opinion Concerning The Viability Of Data Breach Claims

Oct 20, 2017

A federal judge in the Southern District of New York recently issued an opinion providing guidance concerning the viability of data breach claims, particularly in the context of a breach of employee information. Sackin v. Transperfect Global, Inc. involves a purported class action filed on behalf of Transperfect employees whose personally identifiable information (PII) was disclosed as a result of a cyber attack. In January 2017, a targeted phishing email was sent to a Transperfect employee designed to look like it had come from the company’s CEO, requesting payroll information regarding Transperfect employees. The Transperfect employee fell for the scheme and sent unencrypted PII to the attacker including names, addresses, Social Security Numbers, and bank account numbers for Transperfect employees. According to the complaint, the disclosure involved thousands of employees. Read more at Cyber News.

UK Proposes Heightened Oversight Over Certain M&A Transactions to Protect National Security

Oct 20, 2017

By: Gwenn Barney

The United Kingdom government proposed changes to its rules on mergers and acquisitions this week to give itself more oversight over deals that have national security implications.

The proposed rule will allow the government to intervene in a merger or acquisition involving a UK company with at least £1 million ($1.32 million) in revenue in the industries of military or dual use product design and manufacture, computer chip design, and quantum technology. Prior to this proposal, the turnover threshold for such an intervention was £70 million ($92.21 million) or where the effective market share of the combined business reached 25 percent or more.

(more…)

Recent Posts