The ability of OCR to enforce expansive portions of its controversial web tracking guidance has been severely limited. A federal district court ruled that the guidance exceeded the agency’s authority, and in particular...more
Get ready for U.S. limits on cross border transfers. Departing from decades of established policy encouraging uninhibited global data flows, the U.S. Protecting Americans’ Data from Foreign Adversaries (PADFA) Act of 2024...more
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) updated its guidance concerning compliance obligations for HIPAA covered entities and business associates using online tracking...more
The Biden Administration has issued an executive order to curtail access by China, Russia, and other countries of concern to Americans’ sensitive personal data. The Department of Justice and other agencies are tasked to take...more
The Federal Trade Commission (“FTC”) highlights lessons learned on privacy, data security, truth in advertising, and artificial intelligence (“AI”) in new guidance drawing from recent enforcement actions involving genetic...more
As the popularity of AI technologies has continued to grow in 2023, so has the number of laws and regulations seeking to address the potential risks and societal harms that may arise. The evolving legislation and calls to...more
The California Privacy Protection Agency’s proposal of new regulations for automated decisionmaking technology marks a significant step to govern how businesses may leverage those automated tools. The new framework focuses on...more
President Biden’s groundbreaking Executive Order on artificial intelligence carries significant implications for the health and life science industry. The Order tasks federal agencies, including those responsible for health...more
Responding to incidents impacting consumer health and wellness technologies, including apps, will be more complex under proposed breach notice rules by the U.S. Federal Trade Commission (“FTC”). Businesses have until August...more
The FTC continues to scrutinize the privacy practices of consumer health companies. After taking action against patient couponing and mental health companies, the FTC has now turned its attention to genetic testing....more
AI technology is surging ahead of regulation and this gap has left companies in quandary. Privacy professionals are asked how can we plan for the lawful use of AI when the legal landscape for its adoption is unsettled....more
This week the U.S. Department of Health and Human Services, the agency responsible for HIPAA enforcement, announced the formation of three new divisions within the Office for Civil Rights (“OCR”). The new divisions –...more
Health companies cannot use online tracking technologies like other consumer organizations. This refrain, repeated frequently by regulators, litigants and the media in recent months, may now have found its clearest voice in...more
Adding to a long list of privacy and cybersecurity obligations, gaming companies are now subject to specific regulations in Massachusetts, which break new ground for an industry awash in data. On January 6, 2023, the...more
Covered Entities and Business Associates must comply with HIPAA in their use of online tracking technologies, including cookies, pixels or similar code. The U.S. Department of Health and Human Services (HHS), Office for Civil...more
12/8/2022
/ Business Associates ,
Compliance ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Guidance ,
OCR ,
PHI ,
Tracking Systems
Through Aerospace & Defense Insights, we share with you the top legal and political issues affecting the aerospace and defense (A&D) industry. Our A&D industry team monitors the latest developments to help our clients stay in...more
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Request for Information (RFI) and announced “public listening sessions” soliciting input in advance of formal rulemaking under the Cyber Incident...more
9/13/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Ransomware ,
Rulemaking Process
Momentum is growing for a federal privacy law in the United States. A bipartisan group of House and Senate leaders have released a discussion draft of a baseline consumer data protection legislation. The American Data...more
The US Department of Health Human Services (HHS) is seeking public comments about the appropriate role of “recognized security practices” in enforcement of the HIPAA Security Rule. Congress, through an amendment to the HITECH...more
Given the deteriorating security situation in Eastern Europe and the potential for widespread cyber disruptions should hostilities break out, we urge clients to re-examine their cybersecurity posture. The U.S. Cybersecurity...more
States continue to enact laws targeting the protection of genetic data with two important developments in California and Florida. California’s Genetic Information Privacy Act (“GIPA”), which came into effect on January 1,...more
The decision to pay millions to a cyber criminal has never been easy, but it is now even more complex. The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) issued an updated advisory on September 21,...more
On July 19, California’s recently appointed Attorney General, Rob Bonta, launched an interactive tool to aid consumers with drafting notices of noncompliance for businesses who fail to publish the “Do Not Sell My Personal...more
Ransomware victims face a nearly impossible decision: pay criminals holding their business hostage or refuse and face possible crippling consequences. This decision requires careful analysis of a number of considerations, and...more
2/25/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Incident Response Plans ,
Information Technology ,
New Guidance ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Ransomware
Companies in the life sciences and health care industry, like most companies, navigated unparalleled challenges in 2020. But unlike other industries, they had to do so while simultaneously facing the biggest challenge of all...more