From a post by Spencer Green and Stephen Page of McDermott Will & Emery: HIPAA’s Extraterritorial Flexibility The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the primary federal law that protects patients’ health information. HIPAA establishes standards for the privacy and security of a patient’s health and related information, known as protected health information…
Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
Zack Whittaker reports: A security vulnerability in a stealthy Android spyware operation called Catwatchful has exposed thousands of its customers, including its administrator. The bug, which was discovered by security researcher Eric Daigle, spilled the spyware app’s full database of email addresses and plaintext passwords that Catwatchful customers use to access the data stolen from…
Google Trackers: What You Can Actually Escape And What You Can’t
Shipra Sanganeria reports: Google’s presence across the web is vast and expands far beyond its own products. Even if users avoid using Google’s apps and services, its infrastructure — like analytics scripts, ad trackers, or other tools (maps, fonts, Google logins, or content delivery networks (CDNs)) — often track user activity and collect data across…
Oregon Amends Its Comprehensive Privacy Statute
Lindsey Tonsager, Libbie Canter, Jayne Ponder, and Sierra Stubbs of Covington and Burling write: Following the approach taken by the Kentucky and Connecticut legislatures this spring, Oregon has amended its comprehensive privacy statute to implement changes to the law. Specifically, the amendment extends the statutory cure period to July 1, 2026, but this extension is limited to certain controllers. …