Last week, the Federal Trade Commission (“FTC”) released two guidance documents to aid in compliance with its Health Breach Notification Rule (“the Rule”), which requires “vendors of personal health records” or “PHR related...more
As companies prepare for new privacy laws to go into effect in California, Virginia, and Colorado, they should also keep an eye out on other states that are looking to pass their own “comprehensive” privacy legislation....more
Virginia lawmakers are considering multiple amendments to Virginia’s Consumer Data Protection Act (CDPA). These amendments mostly address a variety of open issues under the law, including the right to cure, how businesses can...more
On June 7, 2021, the Colorado House of Representatives passed the Colorado Privacy Act (CPA), a comprehensive privacy law similar to the California Privacy Rights Act (CPRA) and California Consumer Privacy Act (CCPA), as well...more
6/9/2021
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Covered Entities ,
Data Controller ,
Data Privacy ,
Exemptions ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Pending Legislation ,
Personal Data ,
Sensitive Personal Information ,
State Privacy Laws
On June 4th, 2021, the European Commission adopted and published a new set of so-called standard contractual clauses (“SCCs”) providing a legal basis for international transfers of personal data from the EU/EEA to third...more
6/7/2021
/ EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
On March 17, California officials announced the inaugural membership of the five-member board for the California Privacy Protection Agency (CPPA). The formation of the CPPA is a requirement of the recently passed California...more
The long wait to see if any state would join California in passing a comprehensive privacy law is finally coming to an end, as the Virginia Senate passed the Virginia Consumer Data Protection Act (CDPA) on February 3. An...more
On January 15, 2021, the Fifth Circuit vacated a $4.3 million penalty that the Office of Civil Rights (OCR) at the Department of Health and Human Services (HHS) had issued against the University of Texas M.D. Anderson Cancer...more
On December 19, the Senate passed H.R.7898, which the House of Representatives had previously passed on December 9. This law amends the Health Information Technology for Economic and Clinical Health (HITECH) Act to require...more
12/23/2020
/ 21st Century Cures Act ,
Business Associates ,
Covered Entities ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HITECH Act ,
NIST ,
Penalties ,
Rulemaking Process
On December 10, 2020, less than two months after proposing previous modifications, the California Attorney General’s Office proposed a fourth set of modifications to the California Consumer Privacy Act (CCPA) regulations...more
On November 3, the California Privacy Rights and Enforcement Act (“CPRA”) was voted into law with close to 56 percent of California voters supporting the measure. The CPRA is the latest comprehensive privacy law to pass in...more
Less than a month before Californians are to vote on the California Privacy Rights Act (CPRA), the California attorney general (California AG) proposed a third set of modifications to the California Consumer Privacy Act’s...more
In a flurry of legislative activity, the California legislature passed a number of last-minute privacy bills that now await the signature of Governor Gavin Newsom in order to go into effect. As was expected, the California...more
In the wake of COVID-19, businesses have a host of health regulations and recommendations to consider before they resume in-person activity. Some employers plan to screen for symptoms, including regular thermal testing (or...more
The European Court of Justice (the “Court”) issued the long-awaited “Schrems II” decision. (see Facebook Ireland Ltd. v. Maximillian Schrems).
In its decision, the Court (1) struck down the Privacy Shield program that...more
The California Privacy Rights and Enforcement Act (“CPRA”) - the latest ballot initiative spearheaded by Alastair MacTaggart and his group Californians for Consumer Privacy - has qualified for the November 3, 2020 ballot,...more
On June 1st, the California Attorney General (“California AG”) submitted final regulations under the California Consumer Privacy Act (“CCPA”) to California’s Office of Administrative Law (“OAL”) for approval, along with an...more
On March 12, 2020, the California Attorney General (“California AG”) released a second set of modified regulations (“Second Set of Modifications”) for the California Consumer Privacy Act (“CCPA”) that further revise the...more
On February 7, 2020, California Attorney General Xavier Becerra (the California AG) proposed revisions to the regulations implementing the California Consumer Privacy Act (CCPA) that his office had first proposed on October...more
2/11/2020
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Data Subject Access Requests ,
Duty to Delete ,
Minors ,
Notice Requirements ,
Personal Information ,
Proposed Amendments ,
Proposed Regulation ,
State Attorneys General ,
Verification Requirements
As state legislatures begin their 2020 sessions, proposals for stronger privacy laws are at the top of the agenda across the country. Carrying forward the story we told in reports in February, April, and July of last year,...more
2/4/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Fair Credit Reporting Act (FCRA) ,
General Data Protection Regulation (GDPR) ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Personal Information ,
Privacy Laws ,
Proposed Legislation ,
State Data Privacy Laws
The purpose of this article is to provide background information on the California Consumer Privacy Act and specifically the exemptions that generally will be applicable to the insurance industry. While developing a...more
1/28/2020
/ B2B Organizations ,
California Consumer Privacy Act (CCPA) ,
California Financial Information Privacy Act (CFIPA) ,
Compliance ,
Employee Privacy Rights ,
Exemptions ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Insurance Industry ,
Personal Information ,
Security and Privacy Controls ,
State Attorneys General
The automobile industry has been racing full speed ahead in recent years on its quest for increased connectivity and automation, but it may soon find itself swept up in the wave of privacy and data security laws and...more
1/3/2020
/ Automotive Industry ,
California Consumer Privacy Act (CCPA) ,
Connected Cars ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
Manufacturers ,
Personal Information ,
Popular ,
Risk Management
As many businesses occupy themselves with coming into compliance with the California Consumer Privacy Act (CCPA) before the law’s effective date of January 1, 2020, Congress is renewing discussion of a possible comprehensive...more
12/11/2019
/ California Consumer Privacy Act (CCPA) ,
Congressional Committees ,
Corporate Counsel ,
Data Privacy ,
Enforcement Authority ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Preemption ,
Privacy Laws ,
Private Right of Action ,
Section 5 ,
State Attorneys General ,
State Data Privacy Laws
On October 10, 2019, California Attorney General Xavier Becerra proposed regulations and issued an explanatory statement, “Initial Statement of Reasons,” aimed at clarifying the scope of the California Consumer Privacy Act...more