Tag: privacy

California To Expand Its Data Breach Notification Rules

Sheppard Mullin Law Firm

California has broadened its data breach notification statutes in response to the increasing number of large data breaches of customer information.  AB 1710, which Governor Jerry Brown signed into law, amends California’s Data Breach Notification Law to (1) ban the sale, advertising for sale or offering for sale of social security numbers, (2) extend the existing data-security law and obligations applicable to entities that own or license customer information to entities that “maintain” the information, and (3) require that if the person or business providing notification of a breach under the statute was the source of the breach then the notice must include an offer to provide appropriate identity theft prevention and mitigation services, if any, at no cost for 12 months along with any information necessary to take advantage of the offer.  The last of these amendments has spurned some debate over whether the statute actually mandates an offer of credit monitoring or other services given its use of the phrase “if any.”  It is also unclear what exactly is intended by or who qualifies as “the source of the breach.”

The use and placement of the phrase “if any” in the statute does create some ambiguity.  The statute, however, speaks in mandatory terms when it states the notification “shall include” an offer of these services.  Its plain language also suggests the phrase “if any” is directed to the question of whether appropriate identity theft or mitigation services exist and are available – not whether or not they must be offered.  A review of the measure’s legislative history confirms this.  The Committee analyses all discuss this element of the statute as “requiring” an offer of services.  Indeed, the legislative analysis immediately following the addition of the phrase “if any” defined the problem under existing law to be that it does not require any prevention or mitigation steps and states that this measure (AB 1710) addresses this issue by requiring an offer of appropriate “identity theft prevention and mitigation services, if any are available,…”  This interpretation is also consistent with the fact that an offer is only required when the breach involves disclosure of highly sensitive information that tends to lead to identity theft or credit card fraud, i.e., the customer’s social security, driver’s license or California identification number.

The standard of whether or not such services would, to some degree, be appropriate will not likely be the primary conversation that this amendment sparks.  The more lively topic will likely be who is the “source of the breach” (and even then the offer is only required when you are both the source of the breach and the party giving notice under the statute) and what standards apply for determining “appropriate” services.  The legislative history is not as equally helpful on these questions.  Thus, until the scope of this new requirement becomes more clear, businesses involved in a breach under the statute need to carefully think through the risks of offering certain services when providing notice.

These new rules take effect on January 1, 2015.  To review the amended statute or its legislative history click here.

ARTICLE BY

Brian R. Blackman
OF
Sheppard, Mullin, Richter & Hampton LLP

Protecting Trade Secrets in the Cloud

FINAL SW logo wLLP2

The business community’s growing use of cloud-based computing services provides great benefits due to cost-savings and mobile information access.  However, business leaders should understand the risks of storing valuable trade secrets in the cloud.  This article provides the business community tips on how to safeguard valuable trade secrets stored in the cloud from being freely disclosed to the public, thus putting the business at risk of losing protections that courts grant trade secrets.

As businesses’ profit margins have continued to shrink since the Great Recession, more companies have looked to reduce costs by reducing growing expenses related to their information technology departments.[1] The first line item to draw attention in the IT budget is frequently the rising costs associated with maintaining and upgrading system hardware.  Businesses often find that housing and operating multiple servers stretches IT budgets thin by increasing maintenance, labor, and operational costs.  The solution so many businesses have turned to is to move their valuable data to virtual servers, or the “cloud.”[2]  A recent survey of IT executives provides that companies will triple their IT spending on cloud-based services in 2014 over 2011.[3]  Cloud service providers have also seen demand increase as they increase their cloud capabilities.[4]

Although cloud-based servers provide businesses with substantial financial and operational benefits, businesses must recognize that there are perils to shifting data to the cloud.  One of the key concerns businesses should consider before moving data to the cloud is the risk that its valuable trade secrets will lose protection as a result of insufficient safeguards to protect against disclosure.  This article addresses that concern and provides businesses keys for seeking to protect valuable secrets in the cloud.

What is a Protectable Trade Secret

The initial step for a business to determine how to protect its trade secrets is to understand how the law characterizes a trade secret.  Information qualifies as a trade secret only if it derives independent economic value as a result of not being generally known or readily ascertainable, and be subject to reasonable efforts to maintain its secrecy.  Trade secrets are broadly defined as information, including technical or non-technical data, a formula, pattern, compilation, program, device, method, technique, drawing, process, financial data, strategies, pricing information, and lists of customers, prospective customers, and suppliers.

Businesses Need to Take Reasonable Efforts to Protect Trade Secrets in the Cloud

Trade secrets are only protectable when the owner takes reasonable efforts to prevent them from being freely disclosed to the public so that the information does not become generally known.

Information does not have to be cloaked in absolute secrecy to be a trade secret, as long as a business’s efforts to maintain secrecy or confidentiality are reasonable.  It is easy for one to imagine how a business may protect confidential documents that are stored locally.  Computer files may be password-protected with several layers of encryption software, with access limited to specified personnel.  Similarly, paper files may be stored in locked cabinets, in secured rooms, where only specified personnel are granted access.

However, those seemingly straight-forward security protocols become murky when information is stored in the cloud.  Unlike storing data on local servers, storing data in the cloud requires the owner to disclose confidential information to a third-party vendor.  In most situations, disclosing data to a third-party eliminates trade secret protections.   Therefore, businesses must take additional steps to ensure that its data remains secure.

Three Keys to Protecting Trade Secrets Stored in the Cloud

There are no fail-safe measures to protect data stored in the cloud.  The best way for a business to protect its trade secrets is to locally store and protect its most valuable data with the proper data security protocols.  A business, however, should not fear the cloud as long as it takes certain steps to ensure that it exercises reasonable efforts to protect its cloud-based data.

First, business leaders must conduct appropriate due diligence before selecting a cloud-provider.  The business should conduct necessary research to select a reputable, well-established company that has the physical and technological capabilities to store and protect data.

Conducting due diligence on a provider includes ensuring that the provider has taken necessary steps to establish appropriate physical and virtual security protocols to protect the confidentiality of your information.  Inquire how the provider establishes physical security measures, and monitoring capabilities to prevent unauthorized access to its data centers and infrastructure.  Also, learn how the provider limits its employees’ access to customer data and determine the internal controls that the provider has in place to prevent unauthorized viewing, copying, or emailing of customer information.

A business should also inquire about the provider’s virtual security protocols.  A business must generally understand how its cloud-provider’s encryption software and security management systems work to protect data.  If your business is not capable of independently evaluating whether the provider has proper security protocols, a good indicator is to ask the provider for its client list.  If the provider has clients that are typically security-conscious companies, such as financial institutions or healthcare facilities, that is a good indication that the provider has been vetted and it has proper security measures in place.  Finally, the provider should maintain sufficient data-protection insurance coverage to protect against potential data breaches or system failures.

Second, a business must have contractual safeguards in place with its cloud-provider to adequately protect its intellectual property and trade secrets.  The contract should establish that the business owns the data, that it will be segregated from other data groups, and that the business may enjoy unfettered access to the data.  The contract should specify that the business can demand that the data be deleted or returned request, and detail how the provider will purge the data to ensure that it is properly deleted upon termination of the relationship.  The contract should require regular data backup and recovery tests, while restricting the provider from accessing, using or copying data for its own purpose.  Finally, the contract should establish the provider’s obligations to notify the business of a data breach or system failure.

Third, a business should also consider adding multiple layers of authentication and encryption to data containing trade secrets before transmitting it to the cloud-provider.  However, a business should consider if the additional encryption efforts could adversely affect the business’s ability to access, utilize, and port data for its normal business use.

Conclusion

There are several financial and operational benefits for a business to store data in the cloud.  However, businesses must understand that there are also risks to storing its valuable trade secrets on virtual servers.  Businesses need to take reasonable efforts to protect the confidentiality and secrecy of its most valuable data and information.

[1] Dave Rosenberg.  Reducing IT Infrastructure Costs via Outsourcing.  May 7, 2009.  news.cnet.com/8301-13846_3-10235742-62.html

[2] Thor Olavsrud.  How Cloud Computing Helps Cut Costs, Boost Profits.  March 12, 2013. www.cio.com/article/730036/How_Cloud_Computing_Helps_Cut_Costs_Boost_Profits

[3] Andrew Horne. Transformational Change in IT Will Drive 2014 Spending.  November 5, 2013.  http://blogs.wsj.com/cio/2013/11/05/transformational-change-in-it-will-drive-2014-spending/

[4] IBM Commits $1.2bn to Cloud Data Centre Expansion.  January 17, 2014. www.bbc.co.uk/news/business-25773266

Register for ARMA Live! 59th Annual Conference & Expo Oct. 26-28 San Diego, Calif.

ARMA Live! 59th Annual Conference & Expo Oct. 26-28 San Diego, Calif.

Register today!

The premier event in information governance is heading to the land of sand, sun, and surf. Join us for ARMA Live! Conference & Expo 2014 in San Diego on October 26-28 for the most comprehensive educational and networking experience in the profession. From inspiring keynotes to cutting-edge best practices and technology; your takeaways from this conference are worth far more to you and your organization than the price to attend. Visit our site often – we’ll be adding more and more details as we get them!

Five Reasons to Attend ARMA 2014

1. Find Real Solutions in Real Time
ARMA 2014 provides cutting-edge solutions to the challenges information governance professionals face today, such as developing automated, accurate retention schedules, managing mobile technologies, and outsourcing information to the cloud.

2. Establish Connections, Get Validation

  • Networking: ARMA 2014 provides a myriad of networking opportunities to make valuable connections with other information governance professionals and the companies that have the solutions you’re seeking.
  • Education: ARMA International’s education sessions and facilitators can help you validate the direction of your records management projects and avoid pitfalls along the way.
  • Expert Access: Our buzz session roundtable discussions will give you one-on-one time to speak with industry experts about the unique challenges you’re facing.

3. Learn Best Practices, Eliminate Pain Points
Are you curious about your peers’ best practices for eliminating the pain points you have in common? ARMA 2014 is your chance for serious, in-depth discussions and problem solving. Offering more than 70 sessions, access to industry-leading experts, and exposure to tomorrow’s technologies today, ARMA 2014 will give you a new perspective about your job. Get inspired, refreshed, and prepared to take back to the office an array of new ideas and approaches you can begin using immediately.

4. Get Acquainted with Emerging Technology
With more than 200 exhibitors at the ARMA 2014 Expo, the industry’s top emerging technologies will be on display. This is the year’s best opportunity to visit with vendors offering products and services you need for such responsibilities as electronic content management, document capture and destruction, digital preservation, e-discovery, e-mail management, and archiving. Exhibitors also can provide advice about the best solutions for your specific circumstances.

5. Have Access to the Industry’s Best and Brightest
ARMA 2014 is the PREMIER information governance event. You’ll be eager to take home and implement all you’ve learned from the best in the profession during ARMA 2014’s education sessions, Expo discussions, and networking opportunities.

Not By "Any Manner" Of Means: Securing Cyber-Crime Coverage After Zurich v. Sony

Gilbert LLP Law Firm

Much has been written about the New York Supreme Court’s landmark ruling in Zurich American Insurance Co. v. Sony Corp., Index. No. 651982/2011 (N.Y. Supr. Ct. Feb. 21, 2014), in which a New York trial court denied coverage to Sony Corporation for liabilities stemming from a 2011 cyber-attack on its PlayStation Network. The court held that while a wide-scale data breach represents a “publication” of private information, the PlayStation Network breach did not fall within the ambit of Sony’s commercial general liability (“CGL”) policy because the policy covered only publications by the insured itself—not by third-party hackers. The court rejected Sony’s argument that the phrase “in any manner,” which qualified the word “publication” in Sony’s policy, sufficed to broaden coverage to encompass third-party acts. Instead, the court determined that the “in any manner” language referred merely to the medium by which information was published (e.g., print, internet, etc.), not the party that did the publishing.

Most of the commentary surrounding Sony has focused on the court’s interpretation of the phrase “in any manner.” But that aspect of the court’s ruling was relatively unremarkable: other courts have similarly limited the phrase, most notably the Eleventh Circuit Court of Appeals inCreative Hospitality Ventures, Inc. v. United States Liability Insurance Co., 444 Fed. App’x 370 (11th Cir. 2011) (holding that the issuance of a receipt to a customer containing more than the last five digits of the customer’s credit card number does not represent a publication). Lost in theSony debate is the fact that Sony may be able to prevail on appeal even if the appellate court refuses to adopt a broad reading of the “in any manner” language. Indeed, Sony can make a compelling case that the term “publication,” when read in context with the policy as a whole, is intended to encompass both first-party and third-party acts.

In focusing narrowly on the language of the advertising injury coverage grant, the Sony court overlooked a “cardinal principal” of insurance law: namely, that an insurance policy “should be read to give effect to all its provisions and to render them consistent with each other.”Mastrobuono v. Shearson Lehman Hutton, Inc., 514 U.S. 52, 63 (1995). Had the court taken a more holistic approach, it might have noticed that language in other parts of the policy evidenced the insurers’ intent to cover third-party publications. If Sony’s policy resembled the standard Insurance Services Office, Inc. (“ISO”) CGL policy, its exclusions section was surely riddled with clauses restricting coverage for certain types of injury “caused by or at the direction of the insured.” Only six of the exclusions in the ISO policy are not so qualified, including the absolute pollution exclusion and the exclusion for publications that occur prior to the policy period. It makes sense that insurers would wish to broadly exclude such categories of injury, just as it makes sense that exclusions for intentionally injurious acts would be written narrowly to apply only to the insured’s own actions. These carefully worded exclusions—when read together and in context with the policy as a whole—evidence a conscious decision by Sony’s insurers to exclude some injuries only if caused by the insured, while excluding other types of injury regardless of who, if anyone, is at fault. This, in turn, suggests that the insurers contemplated coverage for third-party acts unless such acts are expressly excluded.

Nowhere is this better illustrated that in the ISO policy’s exclusion for intellectual property infringement. This exclusion purports to broadly bar coverage for injury “arising out of the infringement of copyright, patent, trademark, trade secret or other intellectual property rights.” However, this broad exclusion is qualified by the caveat that it “does not apply to infringement,in your ‘advertisement’, [sic] of copyright, trade dress or slogan.” Thus, the exclusion bars coverage in the first instance for all intellectual property infringements irrespective of the identity of the perpetrator, then adds back coverage for certain acts of the insured. This evidences the insurer’s understanding that unless otherwise excluded, the policy affords coverage for advertising injury regardless of who caused it.

At minimum, the fact that the ISO policy exclusions vary with respect to whether they exclude all acts or only first-party acts should be sufficient to raise an ambiguity, thus triggering “the common-law rule of contract interpretation that a court should construe ambiguous language against the interest of the party that drafted it.” Mastrobuono, 514 U.S. at 62. Even if the policy does not unambiguously afford coverage for third-party publications, it is at the very least “susceptible to more than one reasonable interpretation.” Discovision Assocs. v. Fuji Photo Film Co., Ltd., 71 A.D.3d 448, 489 (N.Y. App. Div. 2010) (internal quotation marks and citation omitted). Pointing to ambiguity in the policy as a whole would provide policyholders such as Sony with a more plausible and straightforward avenue to securing coverage for third-party publications than does narrowly parsing the phrase “in any manner.”

The question of whether third-party publications are covered under the typical CGL policy is of crucial importance to policyholders seeking insurance recovery for cyber-crime injuries. Importantly, victory on this point by Sony or another hacking victim would transform Sony into a policyholder-friendly decision, because the Sony court answered the other difficult question presented in the case—whether a data breach represents a “publication”—in favor of coverage. If the appellate court is willing to look past the narrow language of the advertising injury coverage grant and focus on Sony’s policy as a whole, Sony will have a good chance of prevailing on appeal and, in doing so, will set a strong precedent in favor of cyber-crime coverage for hacking victims.

ARTICLE BY

Kami E. Quinn
Miriam Smolen
James Liddell
OF
Gilbert LLP

Forever 21 Faces Point-of-Sale Data Collection Class Action Lawsuit

Covington BUrling Law Firm

Fast fashion retailer Forever 21 Retail Inc. faces a putative class action lawsuit alleging that the retailer violated California law by requesting and recording shoppers’ credit card numbers and personal identification information at the point-of-sale.

Forever 21 shopper Tamar Estanboulian filed the lawsuit on September 7 in U.S. District Court for the Central District of California.  Estanboulian alleges that Forever 21 has a policy requiring its cashiers to request and record credit card numbers and personal identification information from customers using credit cards at the point-of-sale in Forever 21’s retail stores in violation of the Song-Beverly Credit Card Act of 1971, California Civil Code § 1747.08.  The complaint further alleges that the retailer pairs the obtained personal identification information with the shopper’s name obtained from the credit card used to make the purchase to get additional personal information.

According to the complaint, Estanboulian purchased merchandise with a credit card at a Forever 21 store in Los Angeles, CA this summer.  The cashier asked Estanboulian for her email address without informing her of the consequences of not providing the information.  Estanboulian alleges that she provided her email address because she believed that it was required to complete the transaction and receive a receipt.  She also claims that she witnessed cashiers asking other shoppers for their email addresses.  Shortly after completing her purchase and leaving the store, Estanboulian received a promotional email from Forever 21.

The proposed Class would include:  “all persons in California from whom [Forever 21] requested and recorded personal identification information in conjunction with a credit card transaction within one (1) year of the filing of this case.”

Forever 21 is not the only retailer that has been hit with a class action lawsuit for its data collection practices at the point-of-sale.  In June 2013, a putative class action was filed in U.S. District Court for the District of Massachusetts against J.Crew Group Inc. alleging that it collected zip codes from customers when they made purchases with credit cards at its Massachusetts stores.  The lawsuit also alleged that J.Crew then used that information to send unsolicited marketing and promotional materials.  The court approved a preliminary settlement in June pursuant to which J.Crew will provide $20 vouchers to eligible class members, up to $135,000 in attorneys’ fees and costs, and up to $3,000 to each of the class representatives.

ARTICLE BY

Morgan Kennedy
OF
Covington & Burling LLP

HTTPS – Should I Implement It on My Site?

Consultsweb Logo

Google announced last Wednesday, August 6, that the search engine will use https as a ranking signal. HTTPS stands forHypertext Transport Protocol Secure, which protects the data integrity and confidentiality of users visiting a site. For example, when a user enters data into a form on a site in order to subscribe to updates or purchase a product, a secure site protects that user’s personal information and ensures that the user communicates with the authorized owner of the site. For the HTTPS connection to work properly, websites require an SSL certificate, which is what enables the site to make a secure connection.

HTTPS Hypertext Transport Protocol Secure

Even though Google is making this change, it is not something that webmasters should jump into lightly. Webmasters should implement https only when they really need it and have sections in their site where they need to protect their visitors’ information.

Before making any drastic changes to the site, it is important to take into consideration that Google stated that this change will affect less than one percent of queries, carrying less weight than other signals such as high-quality content.

Cons of using https

  • Up until this recent announcement, it was recommended only using https on the sections of the site that needed to protect the confidentiality of user data, such as payment forms that collected credit card information, the site’s login section or any page that would sends/receive other private information (such as street address, phone number or health records), because using https in the whole site can overload webservers and make sites slower, which affects negatively on a site’s ranking.
  • Changing to https also means that all of the URLs in your site will change and it will be necessary to redirect all of the URLs on the site, so that they can be indexed by Google and avoid having duplicate content between https and http URLs. Redirects usually increase the load time of the site, which can be negative ranking factor and reduce the link juice coming from external sites pointing to http URLs.
  • SSL certificates cost money, and certificates signed by well-known authorities can be expensive.

I advise against making an immediate decision to change to https because it is a recent change and apparently the effort to switch exceeds the benefit obtained in rankings. Right now it is better to stand back and observe how the change affects those sites that alter their URLs to https.

 

ARTICLE BY

Robert Padgett
OF
Consultwebs.com, Inc.

Employee Codes of Conduct: Really? Requiring Someone To Use Information “Fairly And Lawfully” Can Be Illegal?

Allen Matkins Law Firm

Companies have lots of very good reasons for adopting codes of conduct.  These reasons include:

  • Ensuring compliance with applicable exchange listing rules (e.g., NYSE Rule 303A.10 and NASDAQ Rule 5610);
  • Minimizing the risk of securities law violations (e.g., Regulation FD and Rule 10b-5);
  • Protecting company assets (trade secrets as well as reputational assets);
  • Complying with contractual obligations requiring confidentiality; and
  • Complying with customer and employee privacy laws and regulations.

Thus, I was amazed to see a recent decision by a panel of the National Labor Relations Board finding the following language in a code of conduct to be unlawful:

Keep customer and employee information secure.  Information must be used fairly, lawfully and only for the purpose for which it was obtained.

Fresh & Easy Neighborhood Market and United Food & Commercial Works Int’l Union, Cases 31-CA-077074 and 31-CA-080734 (July 31, 2014).   The NLRB found that this language violated employees’ rights under Section 7 of the National Labor Relations Act which guarantees employees “the right to self-organization, to form, join, or assist labor organizations, to bargain collectively through representatives of their own choosing, and to engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection”.  Reversing the administrative law judge, the panel found that employees would reasonably construe the above language “to prohibit discussion and disclosure of information about other employees, such as wages and terms and conditions of employment”.  Really?  This admonition was included at page 16 of a 20 page booklet primarily dedicated to a variety of ethical matters.  In my view, it is arbitrary and capricious, if not just plain bizarre, to interpret this language as conveying any limitation on employees’ Section 7 rights.

ARTICLE BY

Keith Paul Bishop
OF
Allen Matkins Leck Gamble Mallory & Natsis LLP

Firewall on the Hill: The Cybersecurity Information Sharing Act

Morgan Lewis logo

U.S. Treasury Secretary Jack Lew is urging Congress to pass legislation to bolster the country’s cyber defenses. The proposed bill—the Cybersecurity Information Sharing Act of 2014 (CISA)—may unleash a brute-force attack in the cyber war, but opposition based on privacy and civil liberties concerns could stop the bill dead in its tracks.

The CISA would enable companies to

  • share information with one another, including an antitrust exemption for the exchange or disclosure of a “cyber threat indicator,” which is broadly defined and includes information that indicates any attribute of a cybersecurity threat;
  • share information with the federal government, including the absence of any waiver of privilege or trade-secret protection and the retained ownership of the disclosed information;
  • launch countermeasures and monitor information systems under broad sets of circumstances, potentially expanding the information to be shared; and
  • monitor and share the information under an umbrella of protection from liability relating to the permitted activities, including a good-faith defense (absent gross negligence or willful misconduct) for activities not authorized by the CISA.

The CISA includes some protections for individuals. Namely, the U.S. Attorney General would develop governing guidelines to limit the law’s effect on privacy and civil liberties. Moreover, companies would be required to remove information that is known to be personal information (and not directly related to a cybersecurity threat) before sharing a cyber threat indicator.

In sum, companies could decide to share a wealth of information with one another and with the federal government if the CISA is passed, when sharing personal information depends on the reach of any future guidelines. If an extensive information-sharing program materializes, and there is at least a perception that sensitive personal information is being shared, companies could feel pressure from customers and advocacy groups to disclose their CISA activities and policies in their privacy statements. Companies should stay informed about developments in cybersecurity legislation, but the potential fallout regarding privacy could substantially weaken or postpone any new system. For every cybersecurity legislative effort, there will be bold countermeasures.

ARTICLE BY

Doneld G. Shelkey
A. Benjamin Klaber
OF:
Morgan, Lewis & Bockius LLP

Wyndham Data Breach Ruling Cleared for Potential Appeal to Third Circuit

COV_cmyk_C

 

U.S. District Court Judge Esther Salas ruled on Monday that the U.S. Court of Appeals for the Third Circuit can review her conclusion that Section 5 of the Federal Trade Commission Act provides the FTC with authority to bring actions arising from companies’ data security violations.

In April of this year, Judge Salas denied Wyndham Hotels and Resorts’ motion to dismiss a FTC lawsuit that alleges that Wyndham violated the FTC Act’s prohibition against “unfair practices” by failing to provide reasonable security for its customers’ personal information. Although her order is not a final ruling and is not binding on any other judge, it received considerable attention because it was the first time that a court has weighed in on the scope of the FTC’s authority over data security and privacy matters.

Denials of motions to dismiss ordinarily are not immediately appealable, absent permission from both the district court and the court of appeals.  In her ruling on Monday, Judge Salas granted Wyndham’s motion to appeal her order to the Third Circuit.  Judge Salas reasoned that there is substantial grounds for differences of opinion on two issues: (1) whether the FTC can bring a Section 5 unfairness claim involving data security; and (2) whether the FTC must formally promulgate regulations before bringing its unfairness claim.

If the Third Circuit grants Wyndham’s Petition to Appeal, the appellate court will review the legal conclusions in Judge Salas’s April order.  If the Third Circuit denies the petition, the case will proceed in the district court.  Even if the Third Circuit denies this petition for review, it ultimately may hear an appeal of the outcome of summary judgment proceedings or a trial in this case.

Article By:

Jeff Kosseff
Of:
Covington & Burling LLP

Privacy, Behavioral Health and Hospital Regulations: Recent Developments in Wisconsin Law [VIDEO]

vonBriesen

In recent months, the Wisconsin legislature has passed several bills relating to health information privacy, treatment of behavioral health patients, and regulation of hospitals. Please view this webcast that will provide a summary of the legislative action and tips for complying with the new law.

http://player.vimeo.com/video/90057974

Health Law Check-Up Webcast: Recent Developments in Wisconsin Law

Article By:

Meghan C. O’Connor
Ralph V. Topinka
Of:
von Briesen & Roper, S.C.