Communication during a data breach is challenging in the best of circumstances, and control of information, especially early in a breach response, is critical. Below are some DOs and DON’Ts for communicating during a data...more
9/12/2024
/ Attorney-Client Privilege ,
Best Practices ,
Cyber Attacks ,
Data Breach ,
Discovery ,
Electronic Communications ,
Email ,
Incident Response Plans ,
Public Communications ,
Reputation Management ,
Work-Product Doctrine
With the recent wave of ransomware and other security incidents, it is now more important than ever for impacted organizations to have a thorough understanding of each element of a proper data breach response. That includes...more
Recently filed class action complaints allege that companies that utilize embedded trackers within emails, or “spy pixels” as the plaintiffs are calling them, violate Arizona law because they collect a “communication service...more
A recent trend in litigation has emerged that is causing companies to re-think conventional wisdom. Until now, it has been a widely adopted best practice for retailers and other consumer-facing companies to include mandatory...more
On March 18, 2024, the Office of Civil Rights (“OCR”) within the Department of Health and Human Services (“HHS”) updated prior guidance concerning the use of online tracking technologies, including cookies, by Covered...more
5/31/2024
/ Business Associates ,
Cookies ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Guidance Update ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
OCR ,
PHI ,
Popular ,
Tracking Systems ,
Web Tracking
Last year was a pivotal one for data privacy, as privacy received substantial attention from many regulators, including the Federal Trade Commission (“FTC”). Looking back at the FTC’s 2023 enforcement actions, statements and...more
What are the unique features concerning the processing of biometric data under the MHMDA?
The MHMDA defines “biometric data” very broadly. Specifically, biometric data is “data that is generated from the measurement or...more
On April 27, 2023, the Washington State governor signed into law the My Health My Data Act or the MHMDA. In spite of the onerous and at times confusing requirements of the MHMDA, the Washington Attorney General (AG) has only...more
The Colorado Privacy Act (CPA) requires that beginning on July 1, 2024, businesses provide consumers with the ability to opt-out of the use of targeted advertising cookies using a Universal Opt-Out Mechanism (UOOM). A UOOM is...more
The development and implementation of AI-powered tools, including in SaaS platforms, have experienced a meteoric rise over the course of the last year. Businesses are understandably looking to realize competitive advantages...more
On April 27, 2023, the Washington State governor signed into law the My Health My Data Act or the MHMDA. In spite of the onerous and at times confusing requirements of the MHMDA, the Washington Attorney General (AG) has only...more
1/30/2024
/ Compliance ,
Consent ,
Data Collection ,
Data Privacy ,
Data Subject Access Requests ,
Effective Date ,
Notice Requirements ,
Penalties ,
Personal Information ,
PHI ,
Privacy Laws ,
State Privacy Laws
With the onslaught of new privacy legislation and cyber threats coupled with upticks in enforcement, running a well-functioning and flexible privacy program is now, more than ever, a critical component of an organization’s...more
1/5/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
EU ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Personally Identifiable Information ,
Privacy Laws ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Sensitive Personal Information ,
State Privacy Laws ,
Targeted Digital Advertising
On October 10, 2023, California Governor Gavin Newsom signed SB 362 into law. The “Delete Act” is intended to bridge a gap in consumer privacy rights – whereas the California Privacy Rights Act (the CPRA) grants consumers the...more
On September 21, 2023, the Colorado Division of Insurance adopted a Final Regulation implementing S.B. 21-169, the 2021 law governing Colorado-licensed insurers’ use of external consumer data and information sources (ECDIS),...more
11/30/2023
/ Algorithms ,
Anti-Discrimination Policies ,
Artificial Intelligence ,
Consumer Privacy Rights ,
Data Collection ,
Final Rules ,
Insurance Industry ,
Life Insurance ,
NAIC ,
Predictive Analytics ,
Risk Management ,
Underwriting
The use of online tracking technologies for online behavioral advertising, analytics and related activities has come under increasing scrutiny by regulators in the U.S., Europe and elsewhere. The obligations under various...more
11/7/2023
/ Advertising ,
Behavioral Advertising ,
Cookie Banners ,
Cookies ,
Do Not Sell ,
EU ,
Opt-In ,
Opt-Outs ,
Privacy Laws ,
State Privacy Laws ,
Targeted Digital Advertising ,
Web Tracking
On October 30, 2023, the U.S. Department of Health and Human Services (HHS) released a proposed rule (Proposed Rule) to establish disincentives for healthcare providers that engage in information blocking under the 21st...more
BCLP actively tracks the proposed, failed and enacted AI regulatory bills from across the United States to help our clients stay informed in this rapidly-changing regulatory landscape. The interactive map is current as of...more
After nearly seven months of lawmaking, California legislators ended this session without the passage of a bill regulating the development or deployment of artificial intelligence (AI) systems....more
9/15/2023
/ Artificial Intelligence ,
Congressional Investigations & Hearings ,
Executive Orders ,
Governor Newsom ,
Innovation ,
Legislative Agendas ,
Public Procurement Policies ,
Public Sector ,
Risk Assessment ,
State Legislatures ,
State Procurement Contracts ,
Technology Sector
A divided SEC on July 26, 2023 approved new requirements for reporting of material cybersecurity incidents in real-time current reports on Form 8-K or 6-K and disclosure of cybersecurity risk management, strategy and...more
7/28/2023
/ Annual Reports ,
Compliance ,
Compliance Dates ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 10-K ,
Form 20-F ,
Form 8-K ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
On June 16, 2023, Nevada Governor Joe Lombardo signed SB 370 into law. This new law is a consumer health data bill that is similar in many ways to Washington’s My Health My Data Act (MHMDA). SB 370, like most provisions of...more
In recent months, organizations have been dealing with an emerging wave of lawsuits from an unexpected source: the VPPA. The Video Privacy Protection Act (“VPPA”), originally intended to prevent “wrongful disclosures” of...more
7/26/2023
/ Class Action ,
Cookies ,
Data-Sharing ,
Defense Strategies ,
Online Videos ,
Personally Identifiable Information ,
Privacy Policy ,
Third-Party Service Provider ,
Video Recordings ,
VPPA ,
Web Tracking ,
Websites
The Colorado Privacy Act (“CPA”), Colorado’s first comprehensive consumer privacy law, came into effect on July 1, 2023. Like many new privacy laws, though, there has been uncertainty surrounding when meaningful enforcement...more
As with a growing number of states, Connecticut passed a comprehensive consumer privacy law, the Connecticut Data Privacy Act (the “CTDPA”), on May 10, 2022. The CTDPA becomes effective on July 1, 2023 and, in spite of the...more
7/3/2023
/ Amended Legislation ,
Consent ,
Consumer Privacy Rights ,
COPPA ,
Data Controller ,
Data Deletion ,
Data Processors ,
Data Selling ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Minors ,
PHI ,
Sensitive Personal Information ,
State Privacy Laws
In 2023, state legislatures across the U.S. responded to the growing impact of artificial intelligence (AI) by introducing a substantial number of bills aimed at regulating its development and use by private industry. To...more
To date, US non-profit organizations have enjoyed an exemption from the state omnibus privacy laws. That’s about to change. Unlike the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA),...more