Hosch & Morris, PLLC

Hosch & Morris, PLLC Blogs

Blog Authors

Latest from Hosch & Morris, PLLC

Privacy Plus+ Privacy, Technology and Perspective A New Way to Move Data from the EU to the US:  The European Commission has adopted an updated version of the Standard Contractual Clauses (SCCs), which are designed to facilitate data transfers from the European Economic Area (EEA) to non-EEA countries (known as “third countries”).  Click on the following link for a good overview: https://www.natlawreview.com/article/european-commission-adopts-final-version-new-data-transfer-agreement-sccs Generally, the new SCCs align with the European Union’s General Data Protection Regulation of 2018 (GDPR), setting out appropriate safeguards including enforceable data subject rights and effective legal remedies. Here is a link to a website with a…
Privacy Plus+ Privacy, Technology and Perspective “Cyber Pearl Harbor,” Cybersecurity Executive Order, Pipeline Security Directive, and More.  This week, let’s consider the latest information security developments: “Cyber Pearl Harbor”: In a 2012 speech that many considered hyperbolic, then-Secretary of Defense Leon Panetta warned of the very real, very urgent possibility of a “Cyber Pearl Harbor” – a large-scale coordinated attack on critical infrastructure that “would cause physical destruction and the loss of life, an attack that would paralyze and shock the nation and create a profound new sense of vulnerability.” Since then, we’ve watched the lights go out in Ukraine,…
Privacy Plus+ Privacy, Technology and Perspective Spread the News: NYC Joins in Regulating the Use of Biometric Data.  In about six weeks from now, New York City (not State) will join the states of Illinois, Texas, Washington and California in regulating the collection and dissemination of “biometric identifier information” – at least for some businesses.  “Biometric Identifier Information” – What is it?: Under NYC Administrative Code Chapter 12, the term “biometric identifier information” generally covers any information used by or on behalf of a commercial establishment to identify a person.  Think retina or iris scans, fingerprints or voiceprint, hand scans,…
Privacy Plus+ Privacy, Technology and Perspective Antitrust Takes Center Stage in China?  China is increasing both its antitrust-like regulation of its largest e-commerce companies, and its iron grip on consumer data and personal information.  You can read about those developments by clicking on the following links: https://technode.com/?s=antitrust https://technode.com/?s=privacy China’s Nine “Do Nots:”  Prefacing China’s increased regulatory scrutiny is an “administrative guidance meeting” that took place in December, wherein the State Administration for Market Regulation (SAMR) warned China’s “big tech” companies to pay attention to problems of “low price dumping and squeezing jobs,” issuing a list of nine “must nots” or…
Privacy Plus+ Privacy, Technology and Perspective Advertising by Email:  1 Tricky Definition and 3 Practical Tips.   If you’re in business today, chances are you reach out to new customers by sending ads, promotions, or solicitations by email.   You know about the CAN-SPAM Act, and you’ve received enough solicitations yourself that you know to tell the truth and include an “unsubscribe” option legibly.  (If you’d like a refresher on CAN-SPAM, click on the following are links to the Act, and the Rule which the Federal Trade Commission (FTC) has published pursuant to it:)  https://www.law.cornell.edu/uscode/text/15/7703 https://www.ecfr.gov/cgi-bin/retrieveECFR?gp=1&SID=cea8be427690a26231dda41b8ccb5f75&ty=HTML&h=L&n=16y1.0.1.3.40&r=PART The FTC has also published…
Privacy Plus+ Privacy, Technology and Perspective Data Breaches, Employment Relationships and Inadvertent Mass Emails. Recently, the United States Court of Appeals for the Second Circuit issued a unanimous opinion in McMorris v. Carlos Lopez & Associates, addressing one of the hot issues data breach class actions – whether victims of a data breach can establish Article III standing by alleging they are at an increased risk of identity theft or fraud, even if their personal data has not yet been misused.  The answer is: It depends.  The case raises at least four other important issues, so let’s look at the…
Privacy Plus+ Privacy, Technology and Perspective Privacy and Security Risk Management – Contractual Requirements.  Organizations increasingly rely on outsourcing to third-party service providers to maximize efficiencies and often minimize costs.  However, as organizations rely on service providers, risk management becomes critical, especially in relation to privacy and security where service providers perform critical personal data processing activities on behalf of an organization.  Due diligence, privacy and data protection risk assessments, contract terms, ongoing monitoring to enforce compliance are all important components of robust privacy and security risk management. In this post, we focus narrowly on provisions you need to include…
Privacy Plus+ Privacy, Technology and Perspective State Requiring Reasonable – and Documented – Data Security.  In the United States, implementing and maintaining “reasonable” data security measures and avoiding deceptive privacy and data security claims are the touchstones of data privacy.  While the Federal Trade Commission (FTC) has taken the lead in enforcing numerous cases against both B2C (business-to-consumer) and B2B (business-to-business) companies based on inadequate information security and/or inaccurate privacy and data security claims in violation of the FTC Act, states are also enforcing numerous state-based data security laws requiring reasonable security measures.  The following link references some of those…
Privacy Plus+ Privacy, Technology and Perspective Britain Moves a Step Closer to “Adequate.” This week, the United Kingdom took another step forward towards smoothing out the privacy difficulties caused by Brexit, as the European Data Protection Board (EDPB) generally approved Britain’s mechanisms for protection of personal data as “adequate” under the EU’s General Data Protection Regulation (GDPR). “Adequacy” under the GDPR Put broadly, the GDPR restricts transfers of personal data outside the European Economic Area (EEA), or the protection of the GDPR, unless the rights of the individuals with respect of their personal data are protected in another way, or…
Privacy Plus+ Privacy, Technology and Perspective Free Speech, Twitter and the Law of Unintended Consequences. Increasing talk about the role(s) and responsibilities of big platforms has us thinking this week about the difference between what is “private” and what is “public.”  This week, the U.S. Supreme Court decided that since he is no longer president, Donald Trump’s lawsuit objecting to the lower courts’ order preventing him from “blocking” critics on his Twitter account is now moot. Justice Clarence Thomas did not disagree, but concurred to warn that: ·       “the concentrated control of so much speech in the hands of a…