Archives

Dittman v. UPMC and the Duty of Care to Secure Employee Data

The security and privacy legal landscape drastically shifted in the past month, with the Pennsylvania Supreme Court issuing its opinion in Dittman v. UPMC, __ A.3d __, No. 43 WAP 2017, 2018 WL 6072199 (Pa. 2018). The facts in this case that form the basis of the Court’s opinion will resonate with every business: plaintiffs […]

An Official Federal Cybersecurity Agency – Will This Provide The Protection That Small Businesses Need?

By Antonia Dumas, an Associate at XPAN Law Group. Regarding the newly signed Cybersecurity and Infrastructure Security Agency Act of 2018, I came across an article that proclaimed: “The US now has an official federal cybersecurity agency.” And yes, technically this is an accurate proclamation because this Act did create an official federal level cybersecurity […]

A Brief Overview of the EDPB’s Provisional Guidelines on Art. 3 of the GDPR

On November 16, 2018, the European Data Protection Board (“EDPB”) adopted Guidelines 3/2018 on the territorial scope of the GDPR, soliciting public consultation through January 18, 2019. These are not final, but are providing some key guidance on the jurisdictional reach of the GDPR, a critical aspect for many entities. Article 3 of the GDPR […]

Scammers are Grateful to Oversharers

A few months back, we posted a blog entitled “Privacy is the New Black”. In that blog, we discussed the way our world is starting to view privacy differently and that protecting data privacy has become the new “hot thing”, or is at least dominating more and more of the conversation. We frequently focus on […]

Show Me the Money: How the CCPA Applies to GLBA-Regulated Entities

This post is authored by Kacey Jennings, a second-year law student at Villanova University’s Charles Widger School of Law. Ms. Jennings is a legal-intern with the XPAN Law Group. At first blush, the language in the most comprehensive piece of data privacy legislation in any US state to date — the California Consumer Privacy Act […]

Privacy in US Elections: When An Absentee Ballot Requires You to Publicly Divulge Information

The much-anticipated mid-term elections are finally upon us. If you have any hesitations about exercising your right to vote, here is your friendly (and forceful) reminder to go vote! If this is a surprise to you that it is Election Day, do your research and still go vote! Ok, now we can move past the […]

Healthcare Industry Needs to Get Back to Basics

Cybersecurity breaches and incidents are starting to feel like Groundhogs Day. Who do we have today? None other than HealthCare.gov, with the Washington Post recently reporting that HealthCare.gov was hacked compromising approximately 75,000 individual’s private information. HealthCare.gov is the system through which individuals can obtain healthcare coverage under the Affordable Care Act. As of 2018, […]

First Step of Data Privacy Compliance: Understanding Your Data

By Antonia Dumas, an Associate at XPAN Law Group. If you have been following our blog, we hope you know (and agree) that that data privacy is a priority. The next question is: what can you do for your company? You have recognized the importance of addressing data privacy issues and having been introduced to […]

Your Motherboard: Did Bloomberg Businessweek Cry Wolf About Tech Giants’ Supply Chains?

This post is authored by Kacey Jennings, a second-year law student at Villanova University’s Charles Widger School of Law. Ms. Jennings is a legal-intern with the XPAN Law Group. China has allegedly used tiny microchips to hack the most valuable publicly traded company in the world. No, this is not a description of a one-star […]

Lessons from the first GDPR Enforcement Notice

Since the European Union’s General Data Protection Regulation (“GDPR”) went into effect in May of this year, and for months prior to “GDPR Day”, the number one question has been how will the various data protection authorities enforce the GDPR? Will the EU use this new regulation as a hammer? Will there really be fines […]