Governor Gavin Newsom in California recently signed several bills into law that may have a significant impact on your company’s privacy compliance obligations. These new laws amend and build on existing California privacy...more
On June 30, 2023, the Washington Attorney General (AG) published a series of Frequently Asked Questions (FAQs) related to the My Health My Data Act (MHMDA). As we discussed previously, the MHMDA will impose new requirements...more
On June 16, the Federal Trade Commission (FTC) announced an enforcement action against 1Health.io Inc. (“1Health,” also known as Vitagene, Inc.), a genetic testing company that analyzes consumer-provided DNA samples and uses...more
6/30/2023
/ Consent Order ,
Data Protection ,
Data Security ,
DNA ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Genetic Materials ,
Genetic Testing ,
Privacy Policy ,
Section 5 ,
Sensitive Personal Information ,
Unfair or Deceptive Trade Practices
On May 28, 2023, the Texas legislature reached an agreement (by conference committee) on the Texas Data Privacy and Security Act (the Act), setting the stage for Texas to become the tenth state with a comprehensive privacy...more
On May 18, the Federal Trade Commission (FTC) issued a policy statement warning about the increased use of consumers’ biometric information and related marketing of technologies that use biometric information. The agency...more
5/23/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Data Collection ,
Data Privacy ,
Data Protection ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
FTC Act ,
Policy Statement ,
Protected Class ,
Section 5 ,
State Privacy Laws ,
Unfair or Deceptive Trade Practices
On Monday, April 17, the Washington House passed an amended version of the My Health My Data Act (HB 1155) (the “Act”), a bill that would impose sweeping new requirements on the collection, processing, and sale of consumer...more
On March 15, 2023, the Securities and Exchange Commission (SEC) announced proposed changes to Regulation S-P (“Reg S-P”) that would impose new cybersecurity incident response requirements on broker-dealers, investment...more
In a press release on January 27, 2023, California Attorney General (“California AG”) Rob Bonta announced an investigative sweep focused on mobile applications’ compliance under the California Consumer Privacy Act (CCPA),...more
2023 continues to be a busy year for state comprehensive privacy legislation. Since our last post, several new states have entered the fray with legislative proposals, while some of the bills we previously examined have moved...more
On August 11, 2022, the Federal Trade Commission (the FTC or the Commission) published an Advance Notice of Proposed Rulemaking (ANPR) to request public comment on the prevalence of “commercial surveillance and data security...more
This week, the American Data Privacy and Protection Act (ADPPA), H.R. 8152, was formally introduced in the House by Representatives Frank Pallone (D-NJ), Cathy McMorris Rodgers (R-WA), Janice Schakowsky (D-IL), and Gus...more
In the latest of a flurry of FTC actions, the agency recently announced that it had entered into a consent order with CafePress, an online customized merchandise platform, over allegations that it failed to secure consumers’...more
3/22/2022
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
NIST ,
Personal Information ,
Popular ,
Unfair or Deceptive Trade Practices
Utah is close to becoming the fourth state to have a comprehensive privacy law. The Utah Consumer Privacy Act (SB 227) unanimously passed the Utah Senate on February 25. And the Utah House followed suit quickly, unanimously...more
Businesses that transfer personal data to and from the United Kingdom will soon have clarity regarding transfers from the UK to recipients outside the EU/EEA.
On February 2, 2022, the United Kingdom Secretary of State...more
Virginia lawmakers are considering multiple amendments to Virginia’s Consumer Data Protection Act (CDPA). These amendments mostly address a variety of open issues under the law, including the right to cure, how businesses can...more
On October 27, 2021, the Federal Trade Commission (FTC) announced a newly updated rule under the Gramm-Leach-Bliley Act (GLBA) intended to require financial institutions to strengthen their data security safeguards to protect...more
11/1/2021
/ Cybersecurity ,
Data Protection ,
Federal Trade Commission (FTC) ,
Final Rules ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Personal Information ,
Risk Assessment ,
Safeguards Rule ,
Security Risk Assessments ,
Third-Party Service Provider
This second installment assesses options for moving forward to address emerging gaps and an evolving health care industry. Why? Because the substantial history behind the Health Insurance Portability and Accountability Act...more
2/10/2020
/ California Consumer Privacy Act (CCPA) ,
CMIA ,
Covered Entities ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Legislative Agendas ,
Privacy Laws ,
Proposed Legislation