Privacy, Data and CybersecurityBlog Posts
Recent HIPAA Settlement Offers Lessons on Data Disposal and the Meaning of PHIA $300,640 settlement announced yesterday by the Office for Civil Rights (OCR) provides important reminders about HIPAA Privacy Rule and data privacy practices generally: robust data disposal practices are critical and “protected health information” (PHI) is not limited to diagnosis or particularly sensitive information. The OCR’s settlement involved a New England dermatology practice that reported...August 24, 2022 |
Federal Trade Commission Considers Rulemaking Pertaining to Consumer Privacy & DataOn August 11, 2022, the Federal Trade Commission (FTC) announced proposed rulemaking pertaining to “commercial surveillance and lax data security.” However, the overall focus of the potential rulemaking is consumer privacy and data security. The FTC states in its notice that its “extensive enforcement and policy work over the last couple of decades on consumer...August 23, 2022 |
Don’t Forget About Other Data Laws When It Comes to Connecticut Privacy RequirementsWhile the federal government attempts to move forward with a more uniform national law, Connecticut joined California, Colorado, Utah, and Virginia in passing a comprehensive consumer privacy law. The legislation signed by Connecticut’s governor in May 2022, will take effect on July 1, 2023. However, provisions related to a task force to be convened by...August 8, 2022 |
Understanding CFPB’s Legal Advisory on “Permissible” PurposeThe Consumer Financial Protection Bureau (CFPB) recently issued a legal Advisory in early July 2022, intending to protect the privacy rights of individuals subject to background checks by third-party consumer reporting agencies (CRAs) under the federal Fair Credit Reporting Act (FCRA). The Advisory also seeks to remind users (e.g., employers) of their obligations under FCRA....July 27, 2022 |
Dobbs and Privacy: President Biden’s Executive Order and OCR HIPAA GuidanceIn response to the United States Supreme Court decision in Dobbs vs. Jackson Women’s Health Organization, President Joe Biden signed an Executive Order on Friday, July 8, 2022, designed to protect access to reproductive health care services. In addition to measures seeking to safeguard access to abortion and contraception, the Executive Order includes provisions aimed...July 11, 2022 |
CPPA Releases Notice of Proposed RulemakingAt the start of June, the California Privacy Protection Agency (CPPA), the agency tasked with implementing and enforcing the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act (CCPA), voted to begin the rulemaking process. On July 8, 2022, the CPPA officially began the formal rule-making process to adopt proposed regulations implementing...July 8, 2022 |
Jody Kahn Mason Authors “How Upcoming Biometric Ruling May Affect Ill. Employers”Last month, the Illinois Supreme Court heard oral argument in the closely watched case of Cothron v. White Castle System Inc., and is set to decide when claims under Sections 15(b) and 15(d) of the Illinois Biometric Information Privacy Act accrue. The court’s forthcoming decision in Cothron is likely to have a significant impact on...July 6, 2022 |
Congress Releases Draft Federal Privacy Law with Potential Traction To PassThe federal government has been trying to reach a consensus on data privacy and thus far has failed to pass legislation. On June 3, 2022, a bipartisan draft bill, titled the American Data Privacy and Protection Act was released by the Committee on Energy and Commerce. The bill intends to provide comprehensive data privacy legislation,...June 21, 2022 |
CPPA Votes to Proceed with CPRA RulemakingAt the California Privacy Protection Agency (CPPA) Board meeting on June 8, 2022, the board voted to begin the rulemaking process. The Board previously released a 66-page draft of regulations, that are intended to implement and interpret the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). While the draft redline...June 9, 2022 |
California Privacy Protection Agency Board Takes Steps Toward First Official RulemakingOn June 8, 2022, the California Privacy Protection Agency (CPPA) Board, will meet to discuss and take potential action regarding a draft of its proposed regulations. The June 8th public meeting includes an agenda item where the CPPA Board will consider “possible action regarding proposed regulations … including possible notice of proposed action.” In advance...June 1, 2022 |