Governor Kathy Hochul signed several bills last month designed to strengthen protections for the personal data of consumers. One of those bills (S2659B) makes important changes to the notification timing requirements under...more
As the healthcare sector continues to be a top target for cyber criminals, the Office for Civil Rights (OCR) issued proposed updates to the HIPAA Security Rule (scheduled to be published in the Federal Register January 6). It...more
1/2/2025
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Plan Sponsors ,
HITECH Act ,
Incident Response Plans ,
Malware ,
OCR ,
PHI ,
Policies and Procedures ,
Risk Assessment ,
Risk Management
As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our most popular topics and posts from 2024.
Expanding State Privacy Laws-
This year saw a...more
1/2/2025
/ Artificial Intelligence ,
Biometric Information ,
Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Labor (DOL) ,
Employee Privacy Rights ,
Fair Credit Reporting Act (FCRA) ,
Personal Data ,
Privacy Laws ,
Retirement Plan ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws ,
Web Tracking
Around the country, the weather is turning wintery, but in the privacy arena, there will be a blizzard as five state comprehensive privacy laws become effective. Here is an overview of businesses needing to prepare....more
A healthcare provider delivering pain management services in Florida and other states faces a $1.19 million civil monetary penalty from the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR)....more
12/5/2024
/ Civil Monetary Penalty ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Independent Contractors ,
OCR ,
Risk Management ,
Security Rule
No organization can eliminate data breach risks altogether, regardless of industry, size, or even if the organization has taken significant steps to safeguard their systems and train employees to avoid phishing attacks....more
12/2/2024
/ AirBnB ,
Cybersecurity ,
Data Breach ,
Phishing Scams ,
Popular ,
Property Management Companies ,
Risk Management ,
Third-Party Service Provider ,
Vacation Rentals ,
Vendors ,
Websites
Massachusetts’ highest court recently issued an opinion that delves into the complex intersection of privacy law and modern technology. The case centers around whether the collection and transmission of users’ web browsing...more
On November 8, 2024, the California Privacy Protection Agency (CPPA) voted to proceed with formal rulemaking regarding artificial intelligence (AI) and cybersecurity audits. This comes on the heels of the California Civil...more
Governor Newsom recently signed two significant bills focused on protecting digital likeness rights: Assembly Bill (AB)1836 and Assembly Bill (AB) 2602. These legislative measures aim to address the complex issues surrounding...more
Artificial Intelligence (AI) has created numerous opportunities for growth and economic development throughout California. However, the unregulated use of AI can lead to a Pandora’s Box of undesirable consequences. A...more
Announcing its fourth ransomware cybersecurity investigation and settlement, the Office for Civil Rights (OCR) also observed there has been a 264% increase in large ransomware breaches since 2018....more
9/30/2024
/ Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Multi-Factor Authentication ,
OCR ,
PHI ,
Policies and Procedures ,
Ransomware ,
Risk Assessment ,
Risk Management
If there is one thing artificial intelligence (AI) systems need is data and lots of it as training AI is essential for achieving success for a given use case. A recent investigation by Australia’s privacy regulator into the...more
9/26/2024
/ Artificial Intelligence ,
Australia ,
Consent ,
Cybersecurity ,
De-Identification ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Office of Australian Information Commissioner (OAIC) ,
PHI ,
Training
According to the California legislature, audio recordings, video recordings, and still images can be compelling evidence of the truth. However, the proliferation of Artificial Intelligence (AI), specifically, generative AI,...more
Data privacy and security risk and compliance issues relating to exchanges of personal information during merger, acquisition, and similar transactions can sometimes be overlooked. In 2023, we summarized an enforcement action...more
One of our recent posts discussed the uptick in AI risks reported in SEC filings, as analyzed by Arize AI. There, we highlighted the importance of strong governance for mitigating some of these risks, but we didn’t address...more
9/12/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Cybersecurity ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Fortune 500 ,
Governance Standards ,
Intellectual Property Protection ,
Machine Learning ,
Phishing Scams ,
Popular ,
Risk Assessment ,
Risk Management ,
Securities and Exchange Commission (SEC)
A little more than three years ago, the U.S. Department of Labor (DOL) posted cybersecurity guidance on its website for ERISA plan fiduciaries. That guidance extended only to ERISA-covered retirement plans, despite health and...more
A recent Forbes article summarizes a potentially problematic aspect of AI which highlights the importance of governance and the quality of data when training AI models. It is called “model collapse.” It turns out that over...more
While the craze over generative AI, ChatGPT, and the fear of employees in the professions landing on breadlines in the imminent future may have subsided a bit, many concerns remain about how best to use and manage AI. Of...more
Illinois continues to enact legislation regulating artificial intelligence (AI) and generative AI technologies.
•A little less than a year ago, Gov. JB Pritzker signed H.B. 2123 into law. That law, becoming effective...more
Following laws enacted in jurisdictions such as Colorado, New York City, Tennessee, and the state’s own Artificial Intelligence Video Interview Act, on August 9, 2024, Illinois’ Governor signed House Bill (HB) 3773, also...more
8/14/2024
/ Artificial Intelligence ,
Audits ,
Bias ,
Corporate Counsel ,
Governor Pritzker ,
Hiring & Firing ,
Human Rights Act ,
Illinois ,
Machine Learning ,
Recruitment Policies ,
Risk Management ,
Transparency ,
Wage and Hour
On June 25, 2024, Rhode Island became the 20th state to enact a comprehensive consumer data protection law, the Rhode Island Data Transparency and Privacy Protection Act (“RIDTPPA”). The state joins Kentucky, Maryland,...more
8/13/2024
/ Consent ,
Consumer Privacy Rights ,
Data Controller ,
Enforcement ,
Geolocation ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Rhode Island ,
State Attorneys General ,
State Privacy Laws
On May 24, 2024, Minnesota’s governor signed an omnibus bill, HF4757 which included the new Consumer Data Privacy Act. The state joins Kentucky, Minnesota, Nebraska, New Hampshire, New Jersey, and Rhode Island in passing...more
On August 2, 2024, Governor Pritzker signed Senate Bill (SB) 2979, which amends the Illinois Biometric Information Privacy Act, 740 ILCS 14/1, et seq. (BIPA). The bill, which passed both the Illinois House and Senate by an...more
Maryland’s governor recently signed the Maryland Online Data Privacy Act of 2024 (MODPA), making Maryland one of six states—along with Kentucky, Nebraska, New Hampshire, New Jersey, and Rhode Island—to pass a comprehensive...more
On April 17, 2024, Nebraska’s governor signed Legislative Bill 1074, which establishes a consumer data privacy law for the state. Nebraska’s law takes effect January 1, 2025. To Whom does the law apply? The law applies to...more