The Federal Trade Commission (FTC) has updated its Health Breach Notification Rule that applies to non-HIPAA, consumer health data. Among the revisions, the FTC expanded or introduced key definitions and modified the...more
7/31/2024
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PHI ,
Popular
The average cost of a data breach has reached an all-time high of $4.45 million, according to IBM. Regulatory requirements, scrutiny, and enforcement have continued to expand. As we kick off 2024, here are the key action...more
Connecticut is the third state to adopt consumer health data privacy protections, following Washington’s My Health My Data Act (“MHMD”) and Nevada’s new consumer health data privacy law. It is the first state, however, to...more
The Nevada legislature recently passed Senate Bill 370 (“Nevada’s Consumer Health Data Privacy Law”) aiming to impose broad requirements on collecting, using, and selling consumer health information. Nevada joins Washington...more
The state of Washington recently enacted My Health My Data (“MHMD”), a game-changing new consumer privacy law focused on health data. MHMD establishes an expansive notice and consent regime for consumer health data with...more
Despite a recent Fifth Circuit decision that found the Consumer Financial Protection Bureau’s (“CFPB”) funding structure unconstitutional in a years-long series of attacks to undermine the constitutionality of the agency, the...more
In early October, the United States (“U.S.”) and European Union (“EU”) came one step closer to the much-awaited new EU-US Data Privacy Framework (the “Framework”), designed to facilitate transatlantic data flows between the...more
10/26/2022
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The last year has seen a multijurisdictional regulatory push for increased cybersecurity standards for medical devices. The new approaches, issued by regulatory authorities in the United States (U.S.), the United Kingdom (UK)...more
At a board meeting on June 8, 2022, the California Privacy Protection Agency (“CPPA”) voted unanimously to move forward with draft revised California Consumer Privacy Act (“CCPA”) regulations, beginning a formal rulemaking...more
The Cybersecurity and Infrastructure Security Agency (“CISA”) released a “Sharing Cyber Event Information” Fact Sheet on April 7 that may preview its implementation of the new federal government cyber incident reporting...more
The United States ("U.S.") and the European Commission ("EU Commission") recently announced an “agreement in principle” to develop a new Trans-Atlantic Data Privacy Framework (“Framework”). The Framework is intended to...more
To help your company get its United States (U.S.) state privacy compliance program on the right track in 2022, Orrick's Cyber' Privacy & Data Innovation Group has analyzed the differences between key topics for the California...more
3/15/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Personal Information ,
State Privacy Laws