Privacy laws bring substantial compliance challenges for every organization that collects, processes, stores, and transfers personal data anywhere in the world. For legal departments, compliance professionals and internal...more
On April 4, 2024, Kentucky became the fifteenth state to enact a comprehensive data privacy law, with Governor Andy Beshear signing the Kentucky Consumer Data Protection Act (KCDPA) into law. The Kentucky law will go into...more
We’re now approaching the five-year anniversary of the General Data Protection Regulation (GDPR) taking full effect. In the run-up to 2018 and the period afterwards, there were many predictions about the likely direction of...more
Keypoint: The CPA draft rules are a complex and lengthy set of regulations that, if adopted without substantial modification, will significantly expand the CPA’s requirements and require controllers to carefully consider...more
United Kingdom New Standard Contractual Clauses Submitted to Parliament - The United Kingdom has finalized its new International Data Transfer Agreement and Addendum to the new EU standard contractual clauses. Subject to...more
On 19 January 2022, the European Data Protection Board (EDPB) announced the outcomes of its plenary session that took place earlier this week. The EDPB adopted new guidelines that provide guidance on various aspects of data...more
CYBERSECURITY - Medical Center Rebuilding EMR Following Ransomware Attack - Queen Creek Medical Center (QCMC), also known as Desert Wells Family Medicine, located in Arizona, has notified up to 35,000 patients of a data...more
Privacy laws have entered the compliance world by storm and are quickly changing data privacy practices. The most recent state, Colorado, passed the Colorado Privacy Act (CPA) into law on July 7, 2021. This new act follows...more
Given what the healthcare industry faced in 2020, the seventh edition of our Data Security Incident Response (DSIR) Report, “Disruption and Transformation,” is aptly titled. As if fighting the COVID-19 pandemic weren’t enough...more
CYBERSECURITY - Free Ransomware Service Offered to U.S. Hospitals - The Center for Internet Security (CIS) announced last week that it has launched the Malicious Domain Blocking and Reporting (MDBR) service to assist...more
CYBERSECURITY - Health and Personal Information of N.C. Residents Posted Online by Ransomware Group - Becker’s Health IT reports that two batches of sensitive information of Chatham County, N.C. residents have been posted...more
CYBERSECURITY - HHS Issues Update to Ransomware Threat Alert to Health Care Sector - The Department of Health and Human Services’ (HHS) Division of Critical Infrastructure Protection (CIP) issued a health care and public...more
UNILOC 2017 LLC, UNILOC USA, INC., UNILOC LUXEMBOURG S.A. v. APPLE, INC., ELECTRONIC FRONTIER FOUNDATION - Before Prost, Mayer, and Taranto. Appeal from the United States District Court for the Northern District of...more
Ireland’s Data Protection Commission has issued a guidance note on the right of access under the General Data Protection Regulation....more
Federal US News - FTC Takes Action Against Companies Falsely Claiming Compliance With International Privacy Agreements - The FTC reached a settlement with a background screening company over allegations it falsely claimed...more
On June 28, 2018, California Gov. Jerry Brown signed into law the California Consumer Privacy Act (CCPA or “the Act”), which is the broadest and most comprehensive privacy law enacted in the United States to date.1 The CCPA...more
OSHA has long enforced sanitation and accessibility standards for restrooms for workers – an idea that generally makes sense viewed as a health concern. In the last few years, however, new policies at the state and federal...more
On July 19, 2016, the ONC submitted a report to Congress which suggests that health privacy regulations soon may be revised to catch up with the universe of mHealth technologies that now use and share personal health data....more