law enforcement

Subscribe to law enforcement via RSS

On April 2, 2020, the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services released a notification related to the discretion that OCR will exercise concerning HIPAA enforcement during the COVID-19 public health emergency. Effective immediately, OCR will not impose penalties for violations of certain provisions of the HIPAA Privacy Rule against business associates for “good faith uses and disclosures of PHI by business associates for public health and health oversight activities.” HIPAA already permits covered entities to provide this data. With this new guidance from OCR, now business associates can disclose this data to certain public health authorities without risk of a HIPAA privacy enforcement action or penalty.

On Monday, the California Supreme Court ruled that the Fourth Amendment to the United States Constitution did not prohibit a deputy sheriff from conducting a warrantless, post-arrest search of the text messages of an arrestee. Specifically, the Court affirmed the decision of the Court of Appeal that the cell phone was “immediately associated with [defendant’s] person at the time of his arrest” and was therefore “properly subjected to a delayed warrantless search.” 

In People v. Diaz, filed on January 3, the Court considered whether the trial court properly denied Diaz’s motion to suppress evidence gathered during a search of his cell phone, which occurred approximately 90 minutes after he was arrested for being a coconspirator in the sale of drugs. Diaz denied knowledge of the sales. A deputy sheriff accessed Diaz’s cell phone, which had been seized from Diaz’s person, and found a coded text message that, based on the deputy’s training and experience, indicated Diaz knew of the transaction.

The California Supreme Court’s ruling hinged on its finding that the cell phone “was an item [of personal property] on [defendant’s] person at the time of his arrest and during the administrative processing at the police station.” People v. Diaz, S1666000, slip op. Majority Op. at 8 (Cal. Jan. 1, 2011). As such, the case was controlled by the United States Supreme Court’s holdings in United States v. Edwards, 415 U.S. 800, 802-803 (1974) and United States v. Robinson, 414 U.S. 218, 224 (1973), in which the High Court affirmed seizures of paint chips from clothing and a cigarette package containing heroin from a coat pocket (respectively).

As our readers know, many of the 44 state data breach notification laws allow for (and may even require) a brief delay in notifying affected individuals of the breach if that notification would interfere with or impede a law enforcement investigation. Last week, the governor of Maine amended that state’s data breach notification law. The amendment clarifies that notification may be delayed for no longer than 7 business days after a law enforcement agency determines that the notification will not compromise a criminal investigation.