ADA Website Accessibility: Courts Continue To Provide Clarity, At Cost to Businesses

  • The California Court of Appeals ruled in Thurston v. Midvale Corp. regarding website-related Americans with Disabilities Act (ADA) suits, specifically requiring a restaurant to bring its website into compliance with the Web Content Accessibility Guidelines (WCAG) 2.0.
  • The court adopted the now-majority viewpoint that websites are covered by the ADA when there is a nexus between the website and access to a physical place of public accommodation
  • Prospective plaintiffs are now armed with caselaw out of multiple states establishing that WCAG 2.0 is essentially the

Continue reading...

NSA Launches Cybersecurity Directorate to Combat Cyber Attacks on Government and Private Sector Systems

The National Security Agency (NSA) has established a Cybersecurity Directorate that “unifies NSA’s foreign intelligence and cyber defense missions” to more closely align its offensive and defensive operations. The directorate, operating as of October 1, 2019 will help contribute to the NSA’s defensive mission to protect digital systems. It will focus initially on the defense industrial base and weapon security improvement.  The increased focus on cybersecurity comes in the wake of a 56-page report by the National Security Telecommunications Advisory Committee warning that the United…
Continue reading...

Resolution Agreement Requires Medical Imaging Company to Pay $3 Million to Settle Data Breach

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services revealed on May 6, 2019 that Tennessee-based Touchstone Medical Imaging (TMI) entered into a Resolution Agreement (RA) requiring them to pay a $3 million fine to settle a data breach that exposed over 300,000 patients’ protected health information (PHI). In addition to the significant monetary fine, TMI must adopt a corrective action plan that will address shortfalls in the company’s compliance with HIPAA Security and Breach Notification Rules, which is…
Continue reading...

Health Industry Cybersecurity Practices

Earlier this year the Department of Health and Human Services issued a report that in part detailed practices hospitals can use to avoid cyberattacks against the health care industry. The genesis of the report was the Cybersecurity Act of 2015 (CSA) and more specifically, section 405(d). That section calls for “aligning health care industry security approaches.” The forward to the report provides that “industry and government came together under the auspices of the 405(d) task group…focused on building a set of voluntary, consensus-based principles to…
Continue reading...

Employees’ Claim Under the Illinois Biometric Information Protection Act Escapes Arbitration Provision in Employment Agreement

A recent decision by an Illinois appellate court analyzed whether employees’ privacy violation claims fall within their employment agreements’ arbitration provision. At issue was an employer’s use of biometric information collected from its employees and the consequences of doing so in a manner that was allegedly inconsistent with applicable law, and whether those claims are subject to arbitration, rather than litigation in a court of law.  The Illinois Biometric Information Act As the court noted, the Illinois Biometric Information Protection Act was enacted in 2008…
Continue reading...

Vermont’s “Data Brokers” Law is a Glimpse into the Future for Many Industries

Cybersecurity has been a field where the concept of state governments acting as legislative laboratories has been observed in real time, with multiple states passing different pieces of legislation every year. One of the more unique laws passed in 2018, and effective as of January 1, 2019, is Vermont’s descriptively titled “act relating to data brokers and consumer protection.” Although unknown to most consumers, there is a booming industry of “data brokers” who act as middlemen between companies who collect data and those looking to…
Continue reading...

Absence of DOJ Regulations Does Not Bar Liability for Failure to Comply with the ADA

In the face of an ever-growing number of lawsuits based upon allegedly non-ADA compliant website designs, defendants have enjoyed little success obtaining dismissal at the pleadings stage of proceedings. One lingering glimmer of hope had been the viability of a due process argument premised upon the “primary jurisdiction” defense, which formed the basis of Judge Otero’s decision dismissing the plaintiff’s complaint in Robles v. Domino’s Pizza, LLC. In short, the defendant argued that the plaintiff’s action must be either stayed or dismissed because the…
Continue reading...

National Counterintelligence and Security Center Launches Effort to Protect Industry Against State Actors

On January 7, 2019, the National Counterintelligence and Security Center (NCSC), which coordinates counter-intelligence efforts within the U.S. government, announced that it would begin disseminating its “Know the Risk, Raise Your Shield” materials in an effort to assist the private sector in guarding against threats from foreign intelligence entities and other adversaries.  This campaign appears to have been prompted by the Trump administration’s efforts to drive U.S. companies to better protect their trade secrets from foreign hackers.  This comes on the heels of recent cyber-attacks…
Continue reading...

Department of Health and Human Services Releases Cybersecurity Guide for Healthcare Providers

Over a year of collaboration between the Department of Health and Human Services (HHS) and industry partners has culminated in the publication of a cybersecurity guide for medical providers of all sizes. HHS describes it as “a set of voluntary, consensus-based principles and practices to improve cybersecurity in the health sector,” that looks to “raise the cybersecurity floor” across the country. Although the guide emphasizes its wide applicability, much of the discussion appears directed at small and mid-sized providers. For example, HHS highlights a recent…
Continue reading...

TSA Releases Cybersecurity Roadmap to Guard Against Evolving Cyber Threats

The Transportation Security Agency (TSA) has released its first Cybersecurity Roadmap to prioritize cybersecurity measures within the TSA and the nation’s transportation system, the Transportation Systems Sector (TSS). The TSA’ Cybersecurity Roadmap closely aligns with the more general DHS Cybersecurity Strategy published earlier this year. The roadmap notes that TSA’s mission responsibilities include: (1) securing its own networks, and (2) working with its partners and TSS stakeholders, in coordination with the Department of Homeland Security (DHS), to secure its cyberspace. In order to ensure cybersecurity…
Continue reading...