Since the start of 2021, cyber-attacks have dominated headlines across every industry. From governments and government organizations, healthcare companies, and banks, to gaming companies and oil pipelines, ransomware has impacted organizations of all types and sizes. The scale and scope of these attacks have continued to grow and have far reaching consequences. Despite current agency attempts to strengthen cybersecurity through regulation, individual users continue to pose a serious threat due to insufficient security education.
In the age of online consumerism, many companies utilize automatic renewal programs to deliver their products and services to customers on a recurring basis for a monthly or annual charge. Recently, autorenewal programs have seen an increase in consumer protection through legislation at both the state and federal level along with enforcement actions brought by private plaintiffs, state attorney generals, and the Federal Trade Commission (“FTC”). Organizations that utilize automatic renewal should be aware of the uptick in autorenewal program enforcement and look to strengthen and update their policies where appropriate.
On July 16, 2020, the Court of Justice of the European Union (“CJEU”) issued its deafening decision that summarily and immediately invalidated the EU-US Privacy Shield. The regulatory program established between the European Council and the U.S. Dept. of Commerce allowed for the transfer of personal data of EU residents to be sent from the EU to the US without violating the data transfer restrictions of the General Data Protection Regulation (“GDPR”). The decision went on to cast serious doubt on the sufficiency of standard contractual clauses to adequately protect data transferred to any third country, not just the US. Several months later, data exporters in the EU are still sorting through the wreckage of their privacy programs and waiting for practical advice on the way forward.
The COVID-19 pandemic has impacted residents and staff of nursing homes and long-term care facilities more than any other demographic, accounting for nearly 40 percent of the total mortality rate from the virus in the United States. According to Centers for Medicare & Medicaid Services (“CMS”), at least 132,000 residents and employees have died from complications of the COVID-19 across 31,000 facilities, although some estimates place the death count closer to 200,000. One factor aggravating the number of deaths in nursing homes is the extraordinarily high rate of staff turnover each year.
On December 12, 2020, the European Commission (the “EC”) issued a highly anticipated draft of newly revised standard contractual clauses (“new SCCs”) that may be used by European Union-based companies to safeguard data transfers of personal data to third countries, such as the US, in compliance with GDPR Art. 46(1). The release comes at a decidedly inopportune time as it follows on the heels of the Court of Justice of the European Union’s (CJEU) Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems (“Schrems II”) decision which casts serious doubt on the adequacy of SCCs alone to safeguard against the “high-risks” involved in EU to US data transfers. And for many data protection experts, the language of the revised SCCs only adds to the confusion, raising even more questions. But one question in particular seems to be prominent among others—for transfers to importers, directly subject to GDPR, are SCCs really necessary?
The regulation of hedge funds has largely been unchecked allowing big Wall Street players to manipulate the market for the benefit and at the detriment of other investors. But forced by an unprecedented movement of retail investors, Wall Street is being forced to reckon with the hypocrisy of their practices.
The current social and political climate, as well as our planet’s environmental climate, have shown the new role that corporations play in society. The pandemic and the current social upheaval seen worldwide have increased the need for real and meaningful corporate commitment to social responsibility.
Yet another privacy and data security-related lawsuit has been filed against Zoom Video Communications, Inc. (“Zoom Inc.”). Zoom Inc. has been the subject of several complaints related to its video-conferencing service since its meteoric and spectacular rise in popularity due to the Coronavirus pandemic and related quarantine measures beginning in March 2020. In this particular case, there are compliance lessons to be learned from the unfair and deceptive practices claims alleged against Zoom Inc. in the plaintiff’s D.C. Superior Court filing.
On October 9, 2019, the Centers for Medicare & Medicaid Services (CMS) issued a proposed rule to modernize and clarify the regulations that interpret the Medicare physician self-referral law (often called the “Stark Law”), which has not been significantly updated since it was enacted in 1989. As CMS tries to reconstruct the healthcare field, it is imperative for compliance programs to prepare for the changes in regulations to come. The following discussion provides a brief overview of the proposed changes but is not an exhaustive list of all rulemakings related to the physician self-referral law.
Workplace wellness programs — efforts to get workers to lose weight, eat better, stress less and sleep more — are an $8 billion industry in the U.S. Recently, Centers for Medicare and Medicaid Services (CMS) launched a pilot project for states to implement health-contingent wellness programs in the individual market. The project is part of a mandate under the Affordable Care Act that added a provision to the Public Health Service Act calling for health-contingent wellness programs to be tested in the individual market through a pilot project operated by HHS, the Department of Labor and the Treasury Department.