Data Revolution: How U.S. Privacy Laws Change the Way Data Should be Managed by Retail and Tech Industries
Employers with group health plans need to confirm that their HIPAA Privacy Notices are updated no later than February 16, 2026, to reflect changes required by the 2024 Privacy Rule....more
Many people see the start of a new year as a time to refresh and renew themselves. For covered entities under HIPAA, which include group health plans, it’s also time to refresh and renew your HIPAA Notice of Privacy Practices...more
In 2024, the U.S. Department of Health and Human Services (HHS) issued final rules requiring sweeping updates to the privacy protections for substance use disorder (SUD) records created by an SUD program under 42 CFR Part 2...more
On September 30, the California Privacy Protection Agency (CPPA) announced a stipulated final order requiring a national retailer to pay a $1.35 million fine and implement remedial measures to resolve alleged violations of...more
The Texas Attorney General has emerged as a significant regulatory enforcement authority for data privacy in the US. Traditionally, data privacy enforcement in the US has emanated from the Federal Trade Commission and other...more
On January 16, 2025, the Federal Trade Commission (FTC) finalized amendments to the Children’s Online Privacy Protection Act (COPPA) Rule (Final Rule), which completes the process that started back in 2019 when the FTC sought...more
This article is the first in a series that will address privacy concerns for insurance carriers, agents and brokers. The insurance industry is uniquely situated at the confluence of multiple data privacy regimes....more
There have been some highly publicized privacy statement revisions. Here are some lessons we are discussing with clients: •Regulators are putting a high value on transparency and they are looking specifically at privacy...more
The Personal Information Protection Act ("PIPA") comes into full force on 1 January 2025. All organisations in Bermuda are expected to be in compliance with it by that date – time is running out! The Privacy Commissioner...more
Late last month, the Association of Corporate Counsel (ACC) hosted a panel on artificial intelligence and how it is rapidly transforming the life sciences sector, allowing companies to leverage large datasets to accelerate...more
This breakout series will discuss the latest U.S. privacy compliance programs, and how trends such as sale opt-out and cookie banners are part of the “data revolution”. The series will also cover the intersection of...more
The Delaware Personal Data Privacy Act (DPDPA or Act) became law on September 11, 2023, making Delaware the 13th state to enact a comprehensive consumer data privacy law, joining California, Virginia, Colorado, Connecticut,...more
As with many websites, hospitals often deploy third-party analytics tools to measure browser traffic in order to increase awareness of their websites, ensure website optimization and provide health care information to the...more
On March 29, 2023, California’s Office of Administrative Law (OAL) approved the California Privacy Protection Agency (CPPA) Board’s initial package of regulations under the California Privacy Rights Act (CPRA)....more
The start of 2023 has brought with it significant changes to data privacy – new state laws concerning data privacy came into effect January 1 (the California Privacy Rights Act and the Virginia Consumer Data Protection Act),...more
European data protection authorities kicked 2023 off with a bang when, on January 4, the Irish Data Protection Commission (DPC) announced that Meta Platforms Ireland would be fined a total of €390 million (roughly $414...more
As we ring in the new year, employers around the country will be bringing in new or updated employee privacy notices. And while these notices were initially targeted to California employees because of privacy requirements...more
The so-called “HR exemption” taking employee and applicant personal information out of the control of the California Consumer Privacy Act (CCPA) is about to come to an end. Employers who are “businesses” for purposes of the...more
The Colorado Attorney General’s Office issued its proposed Colorado Privacy Act (CPA) Rules (Draft Rules) on Friday, September 30. The CPA Rules differ in many ways from those in the proposed California Privacy Rights Act...more
Editor’s Note: On September 29, 2022, HaystackID shared an educational webcast on the topic of US privacy law. As privacy continues to move to the forefront of not only information consideration but of business concern for...more
Over the last two years, many states have taken cues from California and the EU by adopting sweeping privacy laws. These laws, passed in Virginia, Colorado, Connecticut and Utah, as well as updates to the already enacted...more
Keypoint: The comments focus on identifying areas in which the Attorney General’s Office may provide additional clarity to consumers and businesses and to ensure, where appropriate, the interoperability of the Colorado...more
The California Privacy Protection Agency (CPPA) quietly issued the first draft of the California Consumer Privacy Act (CPRA) regulations and an Initial Statement of Reasons by attaching them to the June 8 board meeting...more
In an opinion released on March 10, 2022, California Attorney General Rob Bonta addressed the applicability of the “right to know” under the California Consumer Privacy Act (CCPA) (pdf) to internal inferences that...more
When can a data breach get worse? When the process of notifying victims creates a second breach. Take the example of a cancer treatment center that recently paid $425,000 to settle allegations that included a faulty...more