Arizona recently amended its breach notice law to change the regulator notification requirements. Starting this summer, depending on the scope of the incident, the Arizona Department of Homeland Security will need to be...more
Indiana has made a minor amendment to its data breach notification law. Starting July 1, companies who are obligated to notify under the law must do so (to affected individuals and the Indiana Attorney General) without...more
Utah recently joined California, Colorado, and Virginia in passing a comprehensive privacy law. It goes into effect December 31, 2023 and shares similarities with other states’ laws. Businesses may be glad to learn that Utah...more
The California AG recently issued an opinion interpreting the scope of information that should be provided to consumers in an access request. In responding to access requests, companies must provide a list of all personal...more
The FTC recently published two new resources for complying with the Health Breach Notification Rule. The Rule requires vendors of personal health records (PHR), PHR-related entities and service providers to these entities, to...more
3/15/2022
/ Breach Notification Rule ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Electronic Medical Records ,
Federal Trade Commission (FTC) ,
Healthcare ,
Medical Records ,
Policy Statement ,
Privacy Laws ,
Vendors
Following a similar case from Austria, the French data protection authority recently concluded that certain use of cookies placed by US data analytics tools violated GDPR. The case came before the CNIL as the result of a...more
The Colorado AG recently issued guidance on practices companies should consider to safeguard consumer data. This guidance was issued in response to companies asking what “reasonable” security means. While noting that the...more
The digital health sector has been rapidly growing, and the demand is not expected to diminish. Those in the industry will want to keep in mind some key legal concerns in the coming year, which we outline in this recent...more
The use of digital health to deliver healthcare has seen unprecedented growth over the past few years, with significant acceleration due to the COVID-19 Public Health Emergency (PHE). As patients seek ways to empower...more
Just as we thought 2022 was going to be significantly different than 2021, December 2021 and January 2022 events have thrown us for another (pandemic) loop. We anticipate that some of the privacy and cybersecurity...more
1/12/2022
/ Artificial Intelligence ,
Auto-Dialed Calls ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CAN-SPAM Act ,
CARU ,
CDPA ,
Consumer Privacy Rights ,
COPPA ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Employee Tracking ,
EU ,
FCC ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Identity Theft ,
Machine Learning ,
Mobile Privacy ,
Ransomware ,
SCOTUS ,
TCPA
n December 22, 2021, the Food and Drug Administration (FDA) issued a draft guidance for sponsors, investigators, and other interested parties on using digital health technologies (DHT) to acquire data remotely from...more
1/7/2022
/ Clinical Trials ,
Comment Period ,
Coronavirus/COVID-19 ,
Data Collection ,
Data Privacy ,
Digital Health ,
Food and Drug Administration (FDA) ,
Investigations ,
Medical Devices ,
New Guidance ,
Technology Sector
The European Commission recently adopted an adequacy decision regarding the Republic of Korea’s data protection laws. As a result of this decision, personal data can freely flow between the EEA and South Korea without the...more
1/7/2022
/ Binding Corporate Rules ,
Cross-Border ,
Data Protection ,
Data Transfers ,
EU ,
European Commission ,
European Economic Area (EEA) ,
Korea ,
Privacy Laws ,
South Korea ,
Standard Contractual Clauses ,
UK
As we look to 2022, a question on many companies’ minds is what actions we will see from the FTC. Two recent developments are important on that front.
First, the FTC recently signaled its intent to initiate rulemaking on...more
12/23/2021
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Algorithms ,
Breach Notification Rule ,
Cybersecurity ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Identity Theft ,
Online Safety for Children ,
Regulatory Oversight ,
Rulemaking Process ,
Safeguards Rule ,
State and Local Government
The California Privacy Protection Agency recently published public comments received in response to its preliminary rulemaking activities for the California Privacy Rights Act (CPRA). The comments were originally solicited in...more
Google Play’s “data safety form” is now live. Developers can now submit the form for early review and feedback. Starting in April 2022, Google will require this label and a privacy policy for all new and existing apps. This...more
New York recently enacted a law governing employee monitoring. The law applies to New York employers who monitor employees through electronic devices. This includes monitoring of telephone, emails, and internet access or...more
11/23/2021
/ Consent ,
Electronic Communications ,
Email ,
Employee Monitoring ,
Employee Privacy Rights ,
Employees ,
Employer Liability Issues ,
Internet ,
Legislative Agendas ,
New Legislation ,
New York ,
Notice Requirements ,
Privacy Laws ,
State and Local Government ,
State Labor Laws ,
Waiver of Rights
Florida recently passed a law governing DNA samples. The Act places several restrictions on the use, retention, and sharing of DNA samples. Those that violate the Act may face criminal liability....more
Apple has issued new guidelines for apps that let people create accounts. The guidelines will require these apps to give people a way to delete their accounts. This requirement is broader than CCPA and GDPR deletion rights,...more
California recently updated both its data security and breach notice laws to include genetic data. With the passage of AB 825, the data security law now includes in the definition of “personal information” genetic data. The...more
10/18/2021
/ Amended Legislation ,
Biometric Information ,
California ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Healthcare ,
Personal Information ,
Privacy Laws
California’s governor recently signed SB 41 into law. The bill enacts the Genetic Information Privacy Act (GIPA). The governor rejected a similar bill last year over concerns about COVID-19 public health efforts. To address...more
10/13/2021
/ California ,
Coronavirus/COVID-19 ,
Corporate Counsel ,
Data Privacy ,
Data Security ,
Digital Health ,
Digital Privacy Act ,
Governor Newsom ,
Healthcare ,
New Legislation ,
Privacy Laws ,
State Privacy Laws
California recently passed AB 694, which makes a few “technical” changes to the California Privacy Rights Act (CPRA). Importantly, this amendment clarifies the timing for the new California Privacy Protection Agency’s (CPPA)...more
California’s new privacy protection agency recently issued an invitation for public comments as part of its preliminary rulemaking activities for the California Privacy Rights Act (CPRA). Introduced and passed by ballot...more
The New York Department of Financial Service recently clarified security incident notification requirements and the use of multi-factor authentication. On its FAQ page, the NYDFS added two new questions and answers for...more
The use of apps, wearables, and other devices used to track health and wellness data have continued to rise. The FTC again signaled its focus on this growing industry in a statement on the scope of the Health Breach...more
9/21/2021
/ Breach Notification Rule ,
Data Privacy ,
Digital Health ,
Digital Privacy Act ,
Enforcement ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Mobile Health Apps ,
Personally Identifiable Information ,
PHI
The California AG recently reminded companies in the healthcare industry of potential data breach notification obligations beyond HIPAA. As ransomware attacks continue to rise, particularly in healthcare, companies should...more