Certified to the Privacy Shield? Great! So you’re done in terms of GDPR compliance, right? Think again.

As we have discussed in previous newsletters, no matter where you are in the world, the General Data Protection Regulation (GDPR) applies to you if you are collecting or processing personal data of any EU individual. The law goes into effect in May.

The High Court has confirmed that all rights relating to the control of data belonging to, or being controlled by, a company at the time it entered into liquidation remain vested in the company at and following its liquidation. Liquidators are therefore not personally liable for compliance with the Data Protection Act 1998 in respect of this data as they will be viewed as agents acting for the company rather than as 'data controllers'.

High Court considers “test case” of Wall v Royal Bank of Scotland [2016] EWHC 2460 (Comm)

The claims

The Claimant, Mr Wall (W), brought claims against the Defendant, Royal Bank of Scotland Group (RBS), in relation to RBS’s dealings with a now insolvent group of companies owned and controlled by W. W brought the claims in his capacity as assignee of the group’s rights and/or as beneficiary of a trust as declared by the group’s liquidators.

David Vladeck, Director of the FTC’s Bureau of Consumer Protection, recently sent a letter to creditors of XY Magazine, warning that the creditors’ acquisition of personal information about the debtor’s subscribers and readers in contravention of the debtor’s privacy promises could violate the Federal Trade Commission Act (“FTC Act”).

The Federal Trade Commission has had a full mailbox recently. It received a request to investigate caffeine-infused malt beverages and a request for a new privacy law. And the FTC sent a cautionary letter to a magazine addressing privacy issues in a consumer bankruptcy.

After receiving a letter from David Vladeck, the Director of the Bureau of Consumer Affairs at the Federal Trade Commission, a bankruptcy judge allowed the destruction of personal information of gay teens who subscribed to the now defunct XY magazine.

The judge presiding over the bankruptcy proceeding of the operator of a Web site and magazine aimed at gay teens has approved a settlement allowing the destruction of personal information of users rather than a sale to creditors as part of the bankruptcy estate. The court approved the settlement after the Federal Trade Commission raised objections to the sale, citing the Web site sign-up confirmation page, which stated that "[w]e never give your info to anybody," and a similar statement directed to subscribers of an associated print magazine.

Perhaps prompted by revelations that one or more Connecticut-based insurers failed to notify individuals or report known data security incidents or breaches until weeks, or even months, after the data had been lost or stolen, the state's Insurance Commissioner has issued stringent new reporting obligations applicable to all entities regulated by the Connecticut Department of Insurance (CDI), including, for example, insurers, agents, brokers, adjusters, health maintenance organizations, preferred provider networks, discount health plans and certain consultants and utilization review companie

The Supreme Court’s 2010-2011 term began in October, and it is expected to conclude by the end of April. We have been monitoring the decisions of our nation’s highest court and you may have already read some of the summaries of the major decisions written by Larkin Hoffman attorneys. This update provides a brief look at some of the cases that have been scheduled for oral argument since our last update in November.

This blog series has been following the continuing flow of large security breaches of Protected Health Information (“PHI”) and how affected providers and insurers have been responding to their discovery. The New York City Health and Hospitals Corporation’s North Bronx Healthcare Network (“HHC”) has recently become perhaps the largest marcher in the parade of PHI security breaches with a reported 1,700,000 persons affected.