The Privacy Insider Podcast Ep. 7: David, Goliath, and Data Privacy Part II: Max Schrems
When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
Navigating Emerging Privacy Issues in Financial Services — The Consumer Finance Podcast
The Privacy Insider Podcast Episode 4: Don't Be Evil: In the Hot Seat of Data Privacy, Part 1
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Preventative Medicine: Health Care AI Privacy and Cybersecurity – Part 1 — The Good Bot Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
[Webinar] AI and Data Privacy: Minimizing Risk and Maximizing Opportunity
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
The Federal Trade Commission (FTC) has updated its Health Breach Notification Rule that applies to non-HIPAA, consumer health data. Among the revisions, the FTC expanded or introduced key definitions and modified the...more
On July 1, 2024, the amendments to the Health Breach Notification Rule (HBNR) went into effect. First promulgated in 2009, the HBNR applies to vendors of personal health records — entities that are not covered by the Health...more
On July 29, 2024, the FTC’s revised Health Breach Notification Rule (HBNR) takes effect. The Rule requires vendors of personal health records (PHRs) and related entities not covered by HIPAA to notify individuals, the FTC,...more
This year, the federal government has made significant changes to longstanding health care privacy rules, while state lawmakers continue to enact privacy restrictions on consumer health data. These reforms modify legal...more
For years, the Gramm-Leach-Bliley Act (GLBA) has required financial institutions to maintain reasonable safeguards for consumer data, but has only had limited breach-reporting requirements. To the extent financial...more
On May 30, 2024, the FTC published amendments to its Health Breach Notification Rule (“HBNR” or “Rule”) in the Federal Register, memorializing the Rule’s expanded scope that now explicitly includes direct-to-consumer health...more
On April 26, 2024, the Federal Trade Commission (FTC) announced that it had finalized changes to the Health Breach Notification Rule (HBNR). These changes, which go into effect on June 25, 2024, are intended to modernize...more
As our loyal Practical Privacy readers may remember, back in December of 2021, the Federal Trade Commission (the “FTC” or “Commission”) began a rulemaking process to update the Commission’s Health Breach Notification Rule...more
Organizations typically deal with ransomware attacks out of the public eye, but the massive scale of United Healthcare Group’s (UHG) February breach made that an impossibility. UHG CEO Andrew Witty was recently on the hot...more
On November 16, the Federal Trade Commission (FTC) announced an enforcement action against Global Tel*Link Corporation and two of its subsidiaries (collectively, “GTL”), which provide communications and payment services to...more
Publications and Advisories - November 13, 2023 – Kathleen Benway, Kate Hanniford, Amy Mushahwar, Kim Peretti, and Lance Taubin published “Privacy, Cyber & Data Strategy Advisory: FTC Approved New Data Breach Notification...more
For many, responding to an incident feels chaotic — questions swirling, uncertainties piling up, and no clear direction. Even when prepared with a well-rehearsed incident response plan, a data security incident places a...more
Perkins Coie's Privacy & Security practice maintains this comprehensive chart of state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding each...more
In June 2023, the Privacy Commissioner for Personal Data in Hong Kong (the “Commissioner”) released a new guidance note on data breach handling and notifications (the “Guidance Note”). The purpose of this note is to assist...more
In the post-Roe era, the federal government and state governments continue to focus on consumer digital health privacy. On May 17, 2023, the Federal Trade Commission (FTC) announced a settlement with Easy Healthcare...more
Prompted by a rapid increase in frequency, sophistication, and scale of data leaks and data breach legislation in recent years, the Federal Communications Commission (FCC) unanimously voted to kick off a proceeding aimed at...more
In this episode of Unauthorized Access, Kamran and Sadia welcome their firm colleague, Privacy + Cyber Partner and Team Leader Ron Raether, in a discussion on consumer breach notices — specifically from Ron's perspective as a...more
On May 20, 2022, with little fanfare and just five short paragraphs, the Federal Trade Commission announced that businesses must publicly report security incidents to prevent potential harms, even if no other applicable law...more
The Federal Trade Commission (FTC) recently has signaled its intent to inject new life into a longstanding but rarely triggered rule governing health breach notifications for non-HIPAA-covered health records. Specifically,...more
FTC Announces Regulatory Priorities for 2022 - On December 10, 2021, the Federal Trade Commission (“FTC”) published its Statement of Regulatory Priorities (“Announcement”) for 2022. The FTC’s priorities for the coming year...more
The Federal Trade Commission (“FTC”) recently issued guidance clarifying protections applicable to consumers’ sensitive personal data increasingly collected by so-called “health apps.” The FTC press release indicated it has...more
China is continuing to move forward with its first comprehensive privacy law. China recently issued a second version of the draft Personal Information Protection Law (Draft PIPL) which will be open for public comments until...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - NIST Director Discusses Future Development of Cybersecurity Framework - On March 4, the director of the National Institute of Standards and Technology...more
An enhanced resource for analysis of data breach notification laws for all 50 states is now just a click away. BakerHostetler combined two of its state breach notification law resources (a summary of the laws and a guide to...more
The changes keep coming! In 2018, state legislatures have been active in enacting and amending data breach notification laws. With Alabama’s recent enactment, all 50 states now have data breach notification laws....more