After Washington adopted the My Health My Data Act (MHMDA) almost two years ago, we and others predicted that the law would lead to a wave of private lawsuits against companies operating in or adjacent to the health space....more
On February 1, 2024, the Connecticut Office of the Attorney General (“OAG”) issued a Report to the General Assembly’s General Law Committee (“Report”), summarizing the OAG’s enforcement efforts during six months since the...more
2/15/2024
/ Connecticut ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
General Assembly ,
Information Technology ,
State Attorneys General ,
State Data Privacy Laws ,
Statutory Violations
February brought big changes to the Illinois Biometric Information Privacy Act (“BIPA”) litigation landscape. On the heels of a catastrophic 228 million dollar jury verdict against BNSF, the Illinois Supreme Court issued an...more
3/1/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
Damages ,
Data Collection ,
Data Privacy ,
Employee Privacy Rights ,
Employer Liability Issues ,
Employment Litigation ,
Facial Recognition Technology ,
Fingerprints ,
IL Supreme Court ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Requirements
On June 30, after a 5-month delay from the originally-scheduled effective date (to give app developers more time to comply), Apple’s new account deletion requirement went into effect. As a result, companies with mobile apps...more
OCR’s recent focus on cybersecurity in the health care sector sends a clear message to HIPAA covered entities and business associates: OCR expects you to implement security measures that address known threats to ePHI that are...more
Following a public consultation on an initial version released last January, the European Data Protection Board (“EDPB”) last month adopted a final version of its Guidelines on Examples regarding Personal Data Breach...more
1/20/2022
/ Breach Notification Rule ,
Corporate Counsel ,
Data Breach ,
Data Controller ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Regulatory Reform ,
Regulatory Requirements
As the September 27th deadline to implement the new Standard Contractual Clauses (“SCCs”) approaches, many privacy practitioners are working overtime to help their clients update their standard data processing addenda to...more
Last week, the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) published a joint opinion on the European Commission’s (“EC”) proposed new set of Standard Contractual Clauses for...more
1/28/2021
/ Cybersecurity ,
Data Protection ,
EDPS ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
Schrems I & Schrems II ,
Standard Contractual Clauses