State AG Pulse | CT AG Reacts to Genetic Data Breach
Over the last decade, Illinois employers have been faced with a rash of class action lawsuits under the Biometric Information Privacy Act (BIPA), causing many employers to pay hefty sums and alter their biometric timekeeping...more
On February 13, 2024, Nebraska’s Governor signed Legislative Bill 308, which enacts additional consumer protections for consumers in the state. It is similar to another genetic information law passed by Montana last year. ...more
On January 5, 2024, the Federal Trade Commission (FTC) published an article discussing privacy issues related to the DNA information that many consumers provide to genetic testing companies. This post outlines key takeaways...more
In October of 2023, a hacker claimed online that they had 23andMe users’ profile information. We know this as a result of 23andMe’s required statement to the U.S. Securities and Exchange Commission (SEC) on December 1, 2023. ...more
The California Privacy Protection Agency (CPPA) released initial draft regulations for cybersecurity audits (which have since been amended) and risk assessments late this summer. The agency’s board of directors addressed the...more
A data breach that exposed sensitive data collected in genetic testing that could potentially be used to target vulnerable populations has attracted the attention of Connecticut AG William Tong. In Episode 9, Chris Allen and...more
On June 17, 2023, Texas enacted legislation (the “Legislation”) limiting use of genetic data by certain genetic data testing companies, joining a number of other states in tackling the ever-increasing privacy concerns...more
In the FTC’s first case focused on the privacy and security of genetic information, the FTC alleges that San Francisco-based Vitagene, Inc. – now known as 1Health.io – failed to live up to its promises and unfairly changed...more
Since the privacy and security regulations were issued under the federal Health Insurance Portability and Accountability Act (HIPAA), critics pointed to the limitations on the reach of those rules. A critical limitation...more
States continue to enact laws targeting the protection of genetic data with two important developments in California and Florida. California’s Genetic Information Privacy Act (“GIPA”), which came into effect on January 1,...more
Last month, California Governor Gavin Newsom signed Senate Bill 41, the Genetic Information Privacy Act (“GIPA”), a law that regulates “direct-to-consumer genetic testing companies” that handle the “genetic data” of...more
Florida and California join a growing minority of states enacting laws protecting a person’s genetic information (Nevada and Alaska also have laws). Florida’s new genetic privacy law, known as Protecting DNA Privacy Act, went...more
Californians voted to enact the California Privacy Rights Act (“CPRA”) almost one year ago. Last week, Governor Gavin Newsom signed three new privacy bills into law....more
Enacted in 2008, the Illinois Biometric Information Privacy Act, 740 ILCS 14 et seq. (the “BIPA”), went largely unnoticed until a few years ago when a handful of cases sparked a flood of class action litigation over the...more
Governor Gavin Newsom of California vetoed a bill that would have created new limitations on data sharing for direct-to-consumer genetic testing companies. The Genetic Information Privacy Act (GIPA) asked testing companies...more
Some app developers know more about our health than our doctors do. Take, for instance, FitBit, which is attached to our wrist and measuring in real time our temperature, our heart rate, our steps and whether we have had...more
Security researchers Intezer and IBM X-Force have identified a new ransomware that is seriously vicious. It’s PureLocker—named because it is programmed in PureBasic language, which is apparently unusual. ...more
Consistent with our experience, security firm McAfee has confirmed in a report that ransomware attacks have doubled in 2019. Medical providers have been hit hard this year, and one provider, Wood Ranch Medical, located in...more
As consumers, when we think of privacy, one of the first adjectives that springs to mind should be “inconsistent.” Consumers claim to want their personal information used only for the purposes they originally provided it, and...more
On January 12, 23andMe announced an agreement with Pfizer to provide the drug company with access to anonymous, aggregated information from consumers who bought 23andMe’s test over the past seven years to learn about their...more