March 2015

On Friday, March 27, 2015, the Federal Trade Commission and Wyndham Worldwide Corp. filed supplemental briefing in the Third Circuit regarding whether the FTC had made an adjudicative decision that the FTC Act prohibits unreasonable cybersecurity practices and, if not, whether a federal court could hear a case charging a violation of the FTC Act

In case you missed this development—which was buried in the preamble of a 129-page Federal Register notice dealing mainly with rules for the individual and small group markets—HHS has created a new out-of-pocket limit for group health plans that provide family coverage. HHS says that the limit for self-only coverage applies to each individual who

In 2010 the DOL published a final regulation requiring plan administrators of participant-directed individual account plans to disclose fees, expenses, and certain other plan information to participants and beneficiaries. The regulation requires plan administrators to provide these disclosures on or before the date on which a participant or beneficiary can first direct investments and “at

The House and Senate adjourned on Friday for a two-week recess.  Both chambers are set to return on Monday, April 13.

There was a steady flurry of activity prior to their adjournment, as both chambers considered their annual  budget resolutions (though the Senate had not considered a budget resolution for several years under Democratic control),

In an effort to improve international privacy rights, the United Nations Human Rights Council yesterday established a special rapporteur on the right to privacy.  Special rapporteurs are expert individuals appointed with specific mandates to investigate, monitor, and report on particular human rights concerns that range from access to water to extrajudicial killings.  Yesterday’s Resolution on

By Dan Cooper and Phil Bradley-Schmieg

On March 24, 2015, the Court of Justice of the EU (CJEU) heard arguments in Case C-362/14 (Schrems).  The High Court of Ireland has asked the CJEU whether Ireland’s data protection authority (DPA) — and by extension other EU DPAs — is bound by the Commission’s adequacy decision (Decision 520/2000/EC)