ARTIFICIAL INTELLIGENCE -
What is the Privacy Impact of the White House AI Order for Businesses? Posted November 28, 2023
Biden’s sweeping AI Executive Order sought to have artificial intelligence used in accordance...more
2/7/2024
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Healthcare ,
Legislative Agendas ,
New Legislation ,
New Regulations ,
Online Safety for Children ,
Privacy Acts ,
Privacy Laws ,
State and Local Government ,
State Privacy Laws
This year has been active on the state “comprehensive” privacy law front. Seven states passed new laws in 2023 (Delaware, Iowa, Indiana, Tennessee, Montana, Florida, and Oregon). These states joined California, Connecticut,...more
12/27/2023
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Legislative Agendas ,
New Legislation ,
Personal Data ,
Privacy Acts ,
Privacy Laws ,
Privacy Policy ,
Regulatory Requirements ,
State and Local Government ,
State Legislatures ,
State Privacy Laws
Governor Newson recently signed two amendments to the CCPA strengthening protections for certain data types. The changes go into effect January 1, 2024....more
After some delay, Delaware’s governor has at last signed into law the thirteenth state comprehensive privacy law. This is the seventh law passed in 2023, joining Iowa, Indiana, Tennessee, Montana, Florida, and Oregon. The law...more
The FTC recently proposed amendments to the Health Breach Notification Rule (HBNR). This is on trend with its aggressive interest over the last couple of years in health data not covered by HIPAA....more
6/27/2023
/ Breach Notification Rule ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Medical Records ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Amendments
On April 27, 2023, the state of Washington enacted a landmark privacy law aimed at protecting the privacy of health data not covered by HIPAA. This law, named the “My Health My Data Act,” covers a very wide range of entities,...more
Indiana has now become the seventh US state to enact a comprehensive privacy law after Senate Bill 5 (“SB5”) was signed by the governor on May 1, 2023. The new law will go into effect January 1, 2026, and is almost identical...more
In this second post in our ongoing series, we examine the scope of rights given to consumers under the recently enacted My Health My Data Act... The law provides consumers several rights, all of which are in other privacy...more
5/4/2023
/ Consumer Privacy Rights ,
Data Protection ,
Digital Health ,
Enforcement ,
Non-Discrimination Rules ,
Privacy Laws ,
Right to Delete ,
Right-To-Access ,
State and Local Government ,
State Privacy Laws ,
Washington
Two states recently passed laws with specific data security requirements for entities that are gaming operators or licensees. These new regulations in Nevada and Massachusetts add to the already complex set of data security...more
The Colorado Attorney General recently released the second set of draft regulations to the Colorado Privacy Act (CPA). In this draft, the AG is seeking specific input on five different topics. There are also a number of...more
12/28/2022
/ Colorado ,
Consent ,
Data Privacy ,
Data Protection ,
Data Security ,
Notice Requirements ,
Opt-Outs ,
Policy Terms ,
Privacy Laws ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General ,
State Privacy Laws
The FTC is closing out 2022 with additional guidance for mobile health app developers signaling its continued interest in this industry. Since 2021, we have seen several steps from the agency demonstrating a focus on...more
12/9/2022
/ Breach Notification Rule ,
Data Privacy ,
Data Protection ,
Digital Health ,
Electronic Medical Records ,
Federal Food Drug and Cosmetic Act (FFDCA) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
ONC ,
Privacy Laws
The FTC recently took action against the online alcohol marketplace company Drizly and its CEO for alleged security failures. The case arose from a 2018 data breach which was caused – according to the FTC – by poor security...more
The EDPB recently announced its second topic for coordinated enforcement. At a national level, data protection authorities in the EU will be looking into the position of the data protection officer. The results of these...more
With six months before the first of the new US state general privacy laws go into effect, there are several steps companies can take now to begin to prepare. Unfortunately there are some parts of compliance that will be...more
In this third post of our ongoing series, we examine key takeaways for companies in light of the recently released draft CPRA regulations. Today’s focus is on contractual requirements. (Visit here for information about...more
The California Privacy Protection Agency (CPPA) recently released the draft proposed CCPA Regulations and draft initial statement of reasons. Importantly, these are draft regulations that are likely to be subject to extensive...more
6/28/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Data Processing Rules ,
Data Protection ,
Draft Guidance ,
Notice of Compliance ,
Notice Requirements ,
Privacy Laws ,
State Privacy Laws ,
Statutory Requirements
The Colorado AG’s office recently released pre-rulemaking considerations for the Colorado Privacy Act (CPA). The office is seeking informal public feedback on a series of topics. While the AG listed eight specific topics for...more
It has been almost two years since the Privacy Shield was struck down as a valid data transfer mechanism in Schrems II. Many have been wondering “what’s next”? Will there be a replacement framework? When will that be...more
Arizona recently amended its breach notice law to change the regulator notification requirements. Starting this summer, depending on the scope of the incident, the Arizona Department of Homeland Security will need to be...more
Indiana has made a minor amendment to its data breach notification law. Starting July 1, companies who are obligated to notify under the law must do so (to affected individuals and the Indiana Attorney General) without...more
The FTC recently published two new resources for complying with the Health Breach Notification Rule. The Rule requires vendors of personal health records (PHR), PHR-related entities and service providers to these entities, to...more
3/15/2022
/ Breach Notification Rule ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Electronic Medical Records ,
Federal Trade Commission (FTC) ,
Healthcare ,
Medical Records ,
Policy Statement ,
Privacy Laws ,
Vendors
The European Commission recently adopted an adequacy decision regarding the Republic of Korea’s data protection laws. As a result of this decision, personal data can freely flow between the EEA and South Korea without the...more
1/7/2022
/ Binding Corporate Rules ,
Cross-Border ,
Data Protection ,
Data Transfers ,
EU ,
European Commission ,
European Economic Area (EEA) ,
Korea ,
Privacy Laws ,
South Korea ,
Standard Contractual Clauses ,
UK
California recently updated both its data security and breach notice laws to include genetic data. With the passage of AB 825, the data security law now includes in the definition of “personal information” genetic data. The...more
10/18/2021
/ Amended Legislation ,
Biometric Information ,
California ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Healthcare ,
Personal Information ,
Privacy Laws
Colorado recently joined Virginia and California in passing a more comprehensive privacy law. The Colorado Privacy Act (CPA) will go into effect July 1, 2023. This is six months after Virginia’s law (CDPA) and California’s...more
7/14/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Colorado ,
Consumer Privacy Rights ,
Data Protection ,
Data Security ,
Enforcement ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
General Data Protection Regulation (GDPR) ,
Liability ,
New Legislation ,
Privacy Laws ,
State and Local Government
Utah recently signed into law SB 227, creating the Genetic Information Privacy Act (GIPA). The law, which is anticipated to go into effect in May 2021, is aimed at protecting genetic data collected from direct-to-consumer...more
4/2/2021
/ Consent ,
Consumer Privacy Rights ,
Data Protection ,
Data Use Policies ,
Direct to Consumer Sales ,
Disclosure Requirements ,
DNA ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
Genetic Materials ,
Genetic Testing ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Life Sciences ,
New Legislation ,
Notice Requirements ,
Privacy Laws ,
State and Local Government