Fight Hunger, Help Others in the COVID-19 Pandemic – Participate in the Legal Feeding Frenzy and Support Your Local Food Bank!

Michele Livingstone

Will Quick

By Michele Livingstone and Will Quick

We are in unprecedented times with COVID-19 (Coronavirus).  It is now more important than ever that we help our neighbors and those who are not as fortunate. I am confident that each of you is doing your part.

Even in the best of times, however, over 1.5 Million North Carolinians struggle with hunger—of those, nearly half a million are children. With public schools and many religious and nonprofit organizations that traditionally serve the food insecure in our communities being closed for indefinite periods, and government leaders calling for social distancing to help limit the spread of Coronavirus, that need is never more pressing than now.

Read more

A Message from the Chair of the NCBA Privacy and Data Security Section

By Alex Pearce

Greetings Privacy and Data Security Section members!  It’s hard to believe we’re more than halfway through our inaugural year as a Section.

Following the Section Council’s February meeting, I wanted to provide an update on the Section’s activities and highlight some opportunities for members to get involved in the Section’s work.

Annual Meeting and CLE – Planners Needed

On October 24, 2019 the Section held its first Annual Meeting and CLE at the Bar Center in Cary.  The meeting was jam-packed with useful content and was well-received by attendees.  Thanks again to the speakers and to Karin McGinnis and Kate Kliebert, the co-chairs of the CLE committee, for their work in making the program a resounding success.

Read more

Was 2019 the “Year of Privacy” in the U.S.? (Or Will It Be 2020?)

By Matt Cordell

What a year it has been!  As one year closes and another begins, let us take a moment to reflect on the significance of 2019.  It may not be an exaggeration to say that 2019 brought some of the most important changes in privacy and data security law that most of us have seen in our professional careers.

Yet, with all the momentum toward heightened consumer data protection, there remain conspicuous absences: Congress again considered, and again failed to deliver, a comprehensive privacy and data security bill.  The North Carolina General Assembly declined to meaningfully revise the State’s core privacy and cybersecurity statute (the Identity Theft Protection Act or ITPA); House Bill 904, the most recent incarnation of Representative Jason Saine’s and Attorney General Josh Stein’s bipartisan update to the ITPA, languishes in the General Assembly.  The General Assembly did, however, approve some modest updates to the data security laws affecting North Carolina government entities, in HB 217/SL 2019-200, giving the State Chief Information Officer greater oversight of State agencies’ cybersecurity controls.

Read more

Equifax and the Increasing Role of State Attorneys General in Data Privacy Regulation and Enforcement

By Will Quick

In June of this year, Alex Pearce and Sean Fernandes wrote on this blog about the increasing role of state AGs in data security enforcement actions.  Boy were they right!

Just a month later, on July 22, 2019, the attorneys general of fifty U.S. states and territories, including North Carolina, the Federal Trade Commission (FTC), and the Consumer Financial Protection Bureau (CFPB) announced a settlement with Equifax, Inc., following what has been reported as the largest-ever breach of consumer data in the U.S.[1]

The Equifax Breach

In September 2017, Equifax, one of the “big three” consumer reporting agencies, announced a data breach affecting more than 147 million consumers—a number that represents nearly half of the population of the United States.  The information reportedly exposed included consumers’ names, social security numbers, dates of birth, addresses, credit card numbers, and driver’s license numbers.

Attorneys general from the across the U.S. moved quickly to organize a coalition to undertake a multi-state investigation of the breach in conjunction with federal regulators.  The investigation found that Equifax had failed to implement adequate security measures to protect consumers’ sensitive personal information.[2]

Read more

NCBA Privacy and Data Security Section 2019 Annual Meeting

By Karin M. McGinnis

On behalf of your NCBA Privacy & Data Security Section, we would like to invite you to attend the Section’s 2019 Annual Meeting, to be held at the NC Bar Center in Cary on Thursday, October 24.

Whether you’re an experienced privacy and data security practitioner, an attorney hoping to learn more about this exciting area of practice, or a general practitioner looking to be prepared when a client inevitably calls with a data privacy concern, this CLE provides valuable insight from seasoned experts on the current privacy landscape. It’s an opportunity you don’t want to miss!

Join your fellow Privacy & Data Security colleagues for a day of interesting and timely CLE presentations including:

  • ·         Update of US Data Privacy Law
  • ·         GDPR – A Year Later and Beyond
  • ·         Privacy & Technology and the Lawyer (ethics and tech credit!)
  • ·         Mock Data Breach

During lunch we have a Keynote Speaker, Representative Saine – “A Legislative Perspective on Cyber Security and Identity Theft in North Carolina.”

For more information or to register click here.

Also, Wednesday, October 23, join us for a Reception at The Oak in Raleigh. Be on the lookout for an invitation!

We look forward to seeing you there!

Welcome To the NCBA Privacy and Data Security Section’s Inaugural Year

By Alex Pearce

Dear Members of the Privacy and Data Security Section:

It is my privilege to serve as the chair of the Privacy and Data Security Section during the 2019-2020 bar year.  Following our inaugural Section Council meeting on July 31, I wanted to take this opportunity to welcome everyone to the Section and provide updates on the Section’s work and upcoming events.

Read more

The Medical Informatics HIPAA Settlement: Implications for the Future of State Data Security Enforcement

By Alex Pearce and Sean Fernandes

Last month, the attorneys general (“AGs”) of sixteen states, including North Carolina, settled a multistate HIPAA enforcement lawsuit against Medical Informatics Engineering (MIE), a cloud-based electronic health records vendor.

The lawsuit was the first time that state AGs have joined together to pursue a HIPAA-related data breach case in federal court.

This post explores the case, State of Indiana v. Medical Informatics Engineering, and its potential implications for future state data security enforcement efforts.

Read more

GDPR Reaches the ‘Terrible Twos’

By Orla M. O’Hannaidh and Taylor Ey

We cannot believe that the European Union’s General Data Protection Regulation (GDPR) just turned one.  And we know we are not alone — many of you have advised your clients on the GDPR, sat through a CLE on the GDPR or, at a minimum, googled “the GDPR” in the days and months leading up to its enforcement date of May 25, 2018.  After all, according to the European Commission, in May 2018 the GDPR was googled more times than Beyoncé and Kim Kardashian. [1]

Read more

Spring Has Arrived, But the National Credit Security Freeze Is Here To Stay

By Eva Lorenz and Suzanne Begnoche

During 2018, the North Carolina Department of Justice received notices from businesses of a total of 1,057 data breaches, affecting 1.9 million North Carolinians.[1] Businesses subject to N.C. Gen. Stat. § 75-65 must provide breach notices to all affected persons.[2] Although not legally obligated to do so under North Carolina law, many affected businesses also offer victims a period of free credit monitoring. Credit monitoring does alert a subscriber to credit file changes. Anyone who wants to do more than sit and wait for identity theft to happen, however, must lock down access to their credit reports by initiating statutory security freezes.

Read more

Think the CCPA Does Not Apply To You Or Your Clients? Better Think Again.

By Steven T. Snyder

In late February 2019, a new amendment to the California Consumer Privacy Act (“CCPA,” “Act,” “title”) was proposed—SB-561. On its face this is a very significant amendment in that it changes the consumer’s private right of action from a very constrained set of circumstances to the violation of any “right under this title.”  But a closer look at this proposed amendment reveals that the impact is far more profound in that it greatly expands the scope of the potential defendants by extending the private right of action to violations not just by “businesses” but also any other third parties.

Read more