Key Points -
President Biden’s eagerly-awaited executive order (EO) on artificial intelligence (AI) tasks the Department of Health & Human Services (HHS) with promoting responsible AI innovation, development and use,...more
11/13/2023
/ Abbreviated New Drug Application (ANDA) ,
Artificial Intelligence ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Food and Drug Administration (FDA) ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Joe Biden ,
Life Sciences ,
Machine Learning ,
ONC ,
Popular
On April 27, 2023, Washington Governor Jay Inslee signed the My Health My Data Act (the “Act”) into law, establishing new limits on the collection, use and sharing of “consumer health data” and creating numerous compliance...more
On February 1, 2023, the Federal Trade Commission (FTC) announced that it had taken enforcement action against prescription drug discount company GoodRx, which agreed to injunctive relief and to pay a $1.5 million civil...more
Key Points -
Three of the four bipartisan leaders of the House and Senate committees with jurisdiction over data privacy have struck a deal on a comprehensive federal bill, the American Data Privacy and Protection Act,...more
With the recent signing of the Utah Consumer Privacy Act (UCPA) by Gov. Spencer J. Cox on March 24, 2022, Utah has become the fourth state to enact a comprehensive law addressing consumer data privacy, joining California,...more
On March 9, 2021, the U.S. Department of Health and Human Services Office for Civil Rights announced that the public comment period for the HIPAA proposed privacy rule would be extended until May 6, 2021. The rulemaking was...more
On January 21, 2020, the far-reaching HIPAA Privacy Proposed Rule, initially released on December 10, 2020, was published in the Federal Register. Despite speculation that the publication timeline would be altered when the...more
3/3/2021
/ Business Associates ,
Covered Entities ,
Cybersecurity ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Proposed Rules
Today, the far-reaching HIPAA Privacy Proposed Rule, initially released on December 10, 2020, was posted for public inspection on the Federal Register website. The rule is scheduled to be published in the Federal Register on...more
• The Draft Regulations introduced by the California Attorney General’s Office on October 10, 2019 are subject to a public comment period and public hearings that will close on December 6, 2019. Now is the time to act to try...more
10/29/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
Right to Delete ,
Right To Know ,
State Attorneys General
On September 4, 2019, the Federal Trade Commission (FTC or the “Commission”) announced a settlement with YouTube and its parent Google that resolves allegations that the companies violated the Children’s Online Privacy...more
9/10/2019
/ COPPA ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Google ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Privacy Policy ,
Settlement ,
Settlement Offer ,
Statutory Penalties ,
Statutory Violations ,
Website Owner Liability ,
Websites ,
YouTube
• New York recently enacted the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which expands data breach notification requirements and imposes new data security obligations on businesses that own, license or,...more
8/5/2019
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Governor Cuomo ,
HIPAA Breach ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
SHIELD Act ,
State Data Breach Notification Statutes
The 2018 California Consumer Privacy Act (CCPA) requires the California Attorney General’s Office (AGO) to promulgate regulations related to the CCPA by July 1, 2020. The AGO is holding seven public forums and accepting...more
2/7/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Privacy Laws ,
Public Comment ,
Public Forum ,
Rulemaking Process ,
State Attorneys General
There are less than two weeks left to submit comments regarding potential updates to the privacy, security and breach notification regulations adopted under the Health Insurance Portability and Accountability Act of 1996 and...more
1/31/2019
/ Comment Period ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Notification Requirements ,
OCR ,
PHI ,
Public Comment ,
Request For Information
This client alert will briefly outline key upcoming deadlines under the New York State Department of Financial Services (DFS) Cybersecurity Regulation (the “Regulation”). These include annual filing deadlines coming up in...more
1/31/2019
/ Certificates of Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Due Diligence ,
Encryption ,
Exemptions ,
Filing Deadlines ,
NYDFS ,
Policies and Procedures ,
Risk Assessment ,
Third-Party Service Provider ,
Vendors
• Non-profit organizations are testing companies’ GDPR compliance through targeted requests for information and other means and are filing complaints against allegedly non-compliant companies.
• Main areas for non-profit...more
1/28/2019
/ Australia ,
CNIL ,
Cybersecurity ,
Data Collection ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Google ,
International Data Transfers ,
Nonprofits ,
Personal Data ,
Popular ,
Request For Information
The 2018 California Consumer Privacy Act (CCPA) requires the California Attorney General’s Office (AGO) to promulgate regulations related to the CCPA by July 1, 2020. The AGO is holding a series of six public forums and...more
1/16/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Privacy Laws ,
Public Comment ,
Public Forum ,
Rulemaking Process ,
State Attorneys General
• The California Legislature passed SB 1121 to revise certain sections of the CCPA – the nation’s strictest privacy protection statute which provides Californians with a right to learn what personal information certain...more
9/10/2018
/ California Consumer Privacy Act (CCPA) ,
Civil Monetary Penalty ,
CMIA ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Enforcement ,
Exemptions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Time Extensions
• California recently passed the landmark California Consumer Privacy Act that goes into effect in 2020, which grants California residents new privacy rights.
• The CCPA creates a private right of action for California...more
7/9/2018
/ Attorney General ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Rights ,
Data Security ,
Disclosure Requirements ,
Encryption ,
Enforcement Actions ,
Governor Brown ,
New Legislation ,
Notice Requirements ,
Opt-Outs ,
Penalties ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Right to Delete ,
Third-Party Service Provider ,
Transparency
• NAIC recently adopted an Insurance Data Security Model Law that follows the risk assessment-based approach of the New York DFS Cybersecurity Regulation. This signals the growing influence of the New York Regulation,...more
11/1/2017
/ Cyber Insurance ,
Cybersecurity ,
Data Security ,
Department of Financial Services ,
Health Insurance Portability and Accountability Act (HIPAA) ,
National Association of Insurance Commissioners ,
Non-Public Information ,
Notification Requirements ,
Personally Identifiable Information ,
Reinsurance ,
Risk Assessment ,
The Model Law ,
Third-Party Service Provider
Government contractors are subject to cybersecurity requirements, found in the Federal Acquisition Regulation (FAR) and each agency’s supplement to the FAR, and some important deadlines are fast approaching. Set forth below...more
New York Financial Regulator to Enforce First-of-Its-Kind Cybersecurity Regulations in Coming Weeks -
On December 28, 2016, the New York Department of Financial Services (NYDFS) issued revised cybersecurity regulations...more
The president’s FY 2017 budget, released today, includes cybersecurity as a national priority. The budget would invest $19 billion in overall federal resources for cybersecurity that are intended to support a broad-based...more
If you read one thing...
- The omnibus appropriations package includes legislation that provides liability protection to companies who voluntarily engage in cybersecurity information sharing.
- The...more
On November 13, 2015, Federal Trade Commission (FTC) Chief Administrative Law Judge Michael Chappell dismissed a suit brought by the FTC alleging that LabMD’s failure to implement reasonable and appropriate data security...more
The Senate has passed the Cybersecurity Information Sharing Act (S.754, CISA), sponsored by Sens. Richard Burr (R-NC) and Dianne Feinstein (D-CA), the chair and vice-chair of the Senate Intelligence Committee, by a margin of...more