Monthly Archives: July 2018

Don’t Misrepresent Your U.S. – E.U. Privacy Shield Status: FTC Brings An Enforcement Action

Posted by Ryan Blaney on July 06, 2018
cybersecurity, Federal Trade Commission, FTC, Privacy, Uncategorized / No Comments

As US companies continue to spend time and effort complying and responding to all of the new privacy laws and regulations both in the United States and aboard (i.e. GDPR and California Consumer Privacy Act of 2018) companies cannot forget the basics.  If you represent something in your Privacy Policy it better be accurate, up to date, and not misleading!

On July 2, 2018, the Federal Trade Commission (FTC) issued a number of press releases and a proposed settlement with California-based employee training company ReadyTech Corporation.  In announcing the settlement, FTC Chairman Joe Simons said, “Today’s settlement demonstrates the FTC’s continuing commitment to vigorous enforcement of the Privacy Shield.”  According to the FTC, this is the 4th case enforcing the Privacy Shield and 47th case enforcing international privacy frameworks such as the Safe Harbor framework and the Asia Pacific Economic Cooperation Cross Border Privacy Rules.

The ReadyTech settlement should be a warning for other companies that make representations in their Privacy Policies about the Privacy Shield, GDPR, CCPA and other data security and privacy frameworks.  By way of background, the Privacy Shield framework allows companies to transfer personal data lawfully from the EU to the United States.  To join the Privacy Shield framework, a company must self-certify to the U.S. Department of Commerce that it complies with the Privacy Shield Principles and related requirements that have been deemed to meet the EU’s adequacy standard.  A company, like ReadyTech, that claims it has self-certified to the Privacy Shield Principles, but failed to self-certify to the U.S. Department of Commerce, may be subject to an enforcement action by the FTC. Continue reading…

Ryan Blaney

Ryan Blaney

Ryan represents health care and life sciences clients in a wide range of litigation, regulatory, and transactional matters, but has particular experience in the areas of privacy law compliance and health care fraud litigation. In his regulatory and transactional practice, Ryan serves public and private health care companies, academic medical centers, health systems, hospitals and physician organizations, manufacturers, medical devices, information technology and health plans

More Posts - Website

Governor Wolf Signs Amendment to PA Medical Marijuana Act

Posted by J. Nicole Martin on July 05, 2018
DOH, Medical Marijuana, Pennsylvania / No Comments

On June 22, 2018 Governor Wolf signed HB 2477 (“Amendment”) into law breathing new life into Chapter 20 of the Medical Marijuana Act (“Act”), the country’s first-of-its-kind law for cannabis research. This follows Commonwealth Court Judge Patricia McCullough’s May 22, 2018 issuance of a preliminary injunction halting the Department of Health’s (“DOH”) implementation of the Act’s Chapter 20 regulations. Chapter 20 of the Act governs the registration and operation of clinical registrants, the certification of academic clinical research centers (“ACRC”), and partnerships between clinical registrants and ACRCs for research purposes. A clinical registrant is a grower/processor and dispensary that will have a contractual relationship with an ACRC. An ACRC is an accredited medical school in the Commonwealth of Pennsylvania that “operates or partners with an acute care hospital licensed within this Commonwealth.” As of May this year, DOH had already certified eight medical schools as ACRCs under the Act. Continue reading…

J. Nicole Martin

J. Nicole Martin

Nicole assists accountable care organizations, health care systems, long term care providers (e.g., skilled nursing facilities, continuing care retirement communities), behavioral and mental health providers, medical device manufacturers, physician practices, and pharmacies with their compliance, regulatory, and transactional needs. Nicole’s practice includes providing clients with counsel regarding telehealth laws, HIPAA/HITECH and state privacy and security laws, data breaches, business associate and covered entity obligations, licensure laws, Medicare, Medicaid and third-party payer matters, medical staff issues, and fraud and abuse laws.

More Posts - Website