Marianne Kolbasuk McGee reports: Justices on the U.S. Supreme Court seem ready to restrict federal prosecutors’ use of a federal law criminalizing identity theft after hearing a case challenging its application in a Medicaid fraud case. Traditional identity theft involving appropriation of personal information for criminal ends, such as obtaining fraudulent prescriptions or submitting fake…
Category: Federal
Digital Healthcare Platform Ordered to Pay Civil Penalties and Take Corrective Action for Unauthorized Disclosure of Personal Health Information
Following up on the FTC’s February 1 announcement about its enforcement action against GoodRx, the Department of Justice announced yesterday: The Department of Justice, together with the Federal Trade Commission (FTC), announced today that the government has resolved allegations that GoodRx Holdings Inc., doing business as GoodRx Gold, GoodRx Care, and Hey Doctor (GoodRx), violated…
Thoughts on Dubin v. United States and the Aggravated Identity Theft Statute
Law professor Orin Kerr writes: On February 27, the Supreme Court will hear argument in Dubin v. United States, a case on the Aggravated Identity Theft Statute, 18 U.S.C. § 1028A. This statute comes up often in the context of computer crimes, and its interpretation raises some interesting and important questions. So I thought I would blog…
Department of Education to Enforce Revised Cybersecurity Requirements and Expands Interpretation of “Third-Party Servicer” Definition
Duane Morris writes: The Department of Education has issued an electronic notice relating to the updated cybersecurity regulations published by the Federal Trade Commission (FTC). On December 9, 2021, the FTC amended the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA). This comprehensive amendment updated data security requirements for financial institutions, including all Title IV institutions of higher…
Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements
POSTED DATE: February 09, 2023 AUTHOR: Federal Student Aid ELECTRONIC ANNOUNCEMENT ID: GENERAL-23-09 SUBJECT: Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements On December 9, 2021, the Federal Trade Commission (FTC) issued final regulations (Final Rule) to amend the Standards for Safeguarding Customer Information (Safeguards Rule), an important component of the Gramm-Leach-Bliley Act’s (GLBA) requirements for protecting the…
A Tale of Two Breach Notification Rules
Matt Fisher writes: The early days of February 2023 saw two very different settlements announced related to healthcare data breaches. One arguably follows a well-known course and the other could be a sign of things to come. After having a health breach notification rule on the books since 2009, the Federal Trade Commission (“FTC”) had…