John L. Barlament, Partner

Safe & Sound Blog Feed

Our Safe & Sound blog provides a practical, business-focused discussion of the legal issues relating to the privacy and security of their data. This blog will keep clients and potential clients aware of current events, news, and legislation in this area.

Recent Blog Posts

  • Recently, the Illinois Biometric Information Privacy Act, 740 ILCS 14/1, et seq. (BIPA) has received a lot of attention after the Illinois Supreme Court’s decision earlier this year in Rosenbach v. Six Flags Entertainment Corp., where the Court held that a plaintiff need not allege an “actual injury or adverse effect, beyond violation of his or her rights under the Act [BIPA], in order to qualify as an aggrieved person.” We previously discussed the implications of this ruling and the... More
  • The big game is over and we find ourselves hunkering down for the remaining weeks of winter. We could all use an island vacation or, in the alternative, some light reading material to distract ourselves from the cold outside the walls of our homes and offices. We have you covered (for the light reading, not the Caribbean trip), and over the coming weeks we will be sharing a series summarizing recent legal decisions in the data privacy and security arenas. To... More
  • On September 28, 2018 California Governor Jerry Brown signed into law the first law in the United States governing the security of connected devices, set to take effect on January 1, 2020. The law places a burden on manufacturers of so-called “connected devices” to determine if changes to their security measures are required. The law applies to a broad range of “connected devices” and necessitates “reasonable” security. Quarles & Brady is working with manufacturers to determine whether products are covered... More
  • Just when you thought you’d heard enough of newly enacted data privacy and security laws (“GDPR” ring a bell?), there’s more news on that front. The California legislature recently passed The California Consumer Privacy Act of 2018 (CCPA). According to a report by the International Association of Privacy Professionals, CCPA will affect over 500,000 U.S. businesses. And that’s a conservative estimate. Undoubtedly, CCPA’s enactment was influenced by the EU’s General Data Protection Regulation (GDPR) and recent high-profile events such as the Facebook-Cambridge... More
  • What sort of damages must be pleaded to survive a motion to dismiss in a data breach class action? Recently, the Court of Appeals for the Seventh Circuit in Dieffenbach v. Barnes & Noble answered that question. In short, the court held that at the pleadings stage, damages may be just a “trifle.” The case arose when Barnes & Noble experienced a data breach that resulted from the compromise of its point of sale system in 63 of its company stores. The... More
  • Today, May 25, 2018, is a historic day in the global data privacy and security world as it is the effective day of the European Union’s (EU) General Data Protection Regulation (GDPR), a regulation designed to protect the “personal data” of EU residents by mandating standards for processing, using, and storing that data. Many organizations do not realize the full magnitude of what the GDPR requires, and non-compliance can cost organizations dearly. However, we are here to help. Some Very Quick... More
  • On April 30, 2018 a Massachusetts physician was convicted by a federal jury for violating the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and obstructing a criminal health care investigation after impermissibly disclosing protected health information and lying to federal agents during a criminal health care investigation. The physician’s convictions stemmed from a Department of Justice (DOJ) investigation of (and eventual $125 million settlement with) a pharmaceutical company that was suspected of felony health care fraud based on its... More
  • We have already provided you with the update on Health Information Technology, Privacy and Security 2018 First Quarter Update but we did not want the non-health care entities to feel left out! As such, we have assembled a few other noteworthy events in the data privacy and security world from the first quarter of 2018. FTC Published Report Raising Concerns with Mobile Device Security Updates In the February 2018 Commission Report on Mobile Security Updates: Understanding the Issues, the Federal Trade Commission... More
  • Is it April already? Where has the time gone? We have all heard about Facebook’s woes, but you have been so busy, you have probably missed a few of the other recent developments in health IT and data privacy and security. We have you covered with a roundup of some of the significant and interesting guidance and events from the first quarter of 2018. OCR Guidance on Cyber Extortion The U.S. Department of Health and Human Services (HHS) Office for Civil Rights... More
  • On March 28, 2018, exactly one week after South Dakota enacted a data breach notification law, and a little over sixteen years since California became the first state to pass a data breach law, Alabama became the fiftieth and final state to pass a data breach notification law. Until recently, Alabama and South Dakota were the only states that did not have data breach notification laws. Under Senate Bill 318, any person or business entity, including government entities, who handle electronically... More