In a development that seems to have flown mostly under the radar this week, Virginia’s governor signed on Monday SB754, a bill passed by the state’s General Assembly that amends the state’s Consumer Protection Act to strictly...more
Just two weeks into the year, 2025 is already shaping up to be a busy year for privacy lawyers, especially those tasked with helping covered entities and business associates comply with the HIPAA Security Rule. As we...more
1/14/2025
/ Business Associates ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
OCR ,
PHI ,
Risk Management ,
Settlement Agreements
Website privacy controls—in the form of banners and pop-ups asking visitors to agree to, or reject, a website’s use of cookies, pixels, and similar technologies used to track their behavior—are becoming ubiquitous. In the...more
8/6/2024
/ Consumer Privacy Rights ,
Cookies ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Information Technology ,
New York ,
Privacy Policy ,
Security and Privacy Controls ,
State Attorneys General ,
Websites
We’ve talked before about the FTC’s focus on consumer health privacy. In cases against BetterHelp and GoodRx, a blog post announcing rules it intends to enforce in the space, and a report summarizing its recent privacy and...more
4/18/2024
/ Corporate Counsel ,
Data Management ,
Data Privacy ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Information Technology ,
Patient Privacy Rights ,
PHI
The FTC announced an action last week against location data broker X-Mode Social and its corporate successor Outlogic (collectively, “X-Mode”) based on several alleged violations of Section 5 of the FTC Act. According to FTC...more
1/17/2024
/ Consent Order ,
Consumer Information ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Brokers ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Geolocation ,
Location Data ,
Location Privacy ,
Mobile Apps ,
National Security ,
Privacy Concerns ,
Section 5 ,
Statutory Violations
In another example of the agency’s practice of regulation by blog, the FTC published last week a Business Blog Post about protecting consumer health information. The post, which summarizes key points from several recent...more
8/1/2023
/ Advertising ,
Consumer Information ,
Data Collection ,
Data Protection ,
Data Security ,
Data-Sharing ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Marketing ,
PHI ,
Privacy Policy ,
Section 5 ,
Unfair or Deceptive Trade Practices
European data protection authorities kicked 2023 off with a bang when, on January 4, the Irish Data Protection Commission (DPC) announced that Meta Platforms Ireland would be fined a total of €390 million (roughly $414...more
1/19/2023
/ Behavioral Advertising ,
Civil Monetary Penalty ,
Data Collection ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
Facebook ,
General Data Protection Regulation (GDPR) ,
Instagram ,
Ireland ,
Personal Data ,
Privacy Notice Rule ,
Statutory Violations
As we discussed last year, the California Attorney General’s Office (“OAG”) has been wielding its enforcement authority under the California Consumer Privacy Act since the law became enforceable in July 2020. But for two...more
9/21/2022
/ Adtech ,
California Consumer Privacy Act (CCPA) ,
Civil Monetary Penalty ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Enforcement Actions ,
Opt-Outs ,
Permanent Injunctions ,
Personal Information ,
Privacy Policy ,
Retail Tracking ,
Retailers ,
Sephora ,
Statutory Violations
Last week the Federal Trade Commission announced a privacy and data security enforcement action against the online retail platform CafePress. The allegations in the FTC’s complaint read like a list of worst practices,...more
3/24/2022
/ CafePress ,
Consent Order ,
Corporate Counsel ,
Corporate Sales Transactions ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Liability ,
Popular ,
Regulatory Violations ,
Section 5 ,
Settlement Agreements ,
Unfair or Deceptive Trade Practices
Since 2018, a consistent stream of newly adopted privacy laws and other regulatory developments (such as GDPR, CCPA, Schrems II, and the new EU Standard Contractual Clauses) has required companies to make regular updates to...more
1/10/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CDPA ,
Consumer Privacy Rights ,
Contract Drafting ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Personal Information ,
Service Agreements ,
Standard Contractual Clauses ,
Third-Party Service Provider
Ending months of anxious speculation from privacy lawyers around the globe, the European Commission announced on Friday that it had adopted final versions of the new Standard Contractual Clauses (the “New SCCs”) for the...more
6/9/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Controller ,
Data Protection ,
EDPS ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Standard Contractual Clauses
Consumer-directed health apps are experiencing a boom thanks to COVID-19, as consumers seeking to avoid doctors’ office waiting rooms are increasingly relying on apps to measure and maintain their health. That trend is...more
9/30/2020
/ California Consumer Privacy Act (CCPA) ,
Confidential Information ,
Corporate Counsel ,
Data Management ,
Data Protection ,
Digital Health ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
Patient Access ,
PHI ,
Popular ,
Settlement Agreements ,
State Attorneys General