This episode is part of our “Bridging Campuses: Legal Insights on Education Industry Consolidation” series, where we discuss trends in higher education consolidation and closures, and outline common characteristics of at-risk...more
On January 6, 2025, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) published a Notice of Proposed Rulemaking (“NPRM”) to amend the Health Insurance Portability and Accountability Act...more
1/14/2025
/ Comment Period ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
NPRM ,
OCR ,
Patient Privacy Rights ,
Public Comment ,
Regulatory Agenda ,
Regulatory Reform ,
Risk Management
This episode is part of our Cyber Adviser series, where we discuss emerging issues in the world of privacy and data security.
Today, we’re joined by Paolo Sbuttoni, a partner at Foot Anstey with years of experience...more
This episode is part of our Cyber Adviser series, where we discuss emerging issues in the world of privacy and data security.
Today, our lawyers discuss new state consumer health data laws in Connecticut, Nevada, and...more
On February 1, 2024, the Connecticut Office of the Attorney General (“OAG”) submitted to the Connecticut General Assembly its report on the first six months of the Connecticut Data Privacy Act (“CTDPA”). While the report...more
This episode is part of our Cyber Adviser series, where we discuss emerging issues in the world of privacy and data security.
The privacy and cybersecurity landscape is evolving in the financial sector, from more specific...more
As we have previously posted, it has been an active year on the state privacy law front. Indeed, the number of states with privacy laws is about to nearly double in a matter of months, with Iowa, Indiana, Montana, and...more
The AI application ChatGPT quickly became a household name, but already is morphing into a more advanced version of generative AI. At the same time, Microsoft’s redesigned Bing search engine will soon run on a new,...more
On March 15, the Colorado Attorney General’s Office finalized the Colorado Privacy Act regulations. ...more
2022 proved to be an historic year for privacy and data security, and 2023 is likely to follow suit. With privacy compliance deadlines looming under three state laws, a surge in data privacy litigation, new federal...more
On Friday, January 27, California Attorney General Rob Bonta announced an investigative sweep of businesses that provide mobile apps, issuing warning letters to those that AG Banta alleges failed to comply with the California...more
With Colorado joining California as the only other state with rules implementing a comprehensive privacy law, businesses and practitioners have been anxiously watching to see whether a California-compliant privacy policy...more
2022 proved to be an historic year for privacy and data security. Connecticut and Utah joined the list of states that have now passed comprehensive data privacy laws, bringing the total to five (5) states. For the first...more
On December 22, 2022, France’s National Commission for Technology and Freedoms (“CNIL”) fined Microsoft’s Irish subsidiary 60 million euro for failure to comply with Article 82 of the French Data Protection Law (known as the...more
On December 21, the Colorado Attorney General released a revised draft of the Colorado Privacy Act Rules....more
On November 15, 2022, the FTC announced that it was extending by six months the deadline for companies to comply with some portions of the updated Safeguards Rule. The extension comes as a welcome relief to companies racing...more
On November 15, 2022, the FTC announced that it was extending by six months the deadline for companies to comply with some portions of the updated Safeguards Rule. The extension comes as a welcome relief to companies racing...more
On October 17, the California Privacy Protection Agency (“CPPA”) published the first revisions to the CPRA regulations. This draft includes an extensive list of proposed changes in advance of the CPPA Board public hearing,...more
Although the replacement for the Privacy Shield has garnered bigger headlines, the United States government also took another step towards a more coordinated international privacy framework by entering into the data access...more
On August 24, California Attorney General Rob Bonta announced a $1.2 million settlement with Sephora over allegations that the cosmetic retailer had violated the California Consumer Privacy Act (CCPA). This first public...more
With the CPRA set to become effective in a little more than three months, Ballard Spahr partners Phil Yannella and Greg Szewczyk discuss CPRA rule-making, the recent Sephora settlement, and outline key compliance steps that...more
On October 1, 2022, the Colorado Attorney General‘s Office announced that it had submitted the first draft of its Rules implementing the Colorado Privacy Act....more
Our discussion examines the FTC’s Advanced Notice of Proposed Rulemaking relating to what it describes as “commercial surveillance” and the CFPB’s circular confirming that covered persons and service providers may violate the...more
The August 31 closing of the California legislative session likely marked the end of hopes for an extension of the limited exemptions for employee and business-to-business (B2B) data that have existed for the California...more
In an active week for federal regulators, the Federal Trade Commission (FTC) joined the CFPB in announcing important initiatives that may change privacy and data security practices in major ways....more