On February 17, 2023, the state attorneys general of Pennsylvania and Ohio reached a settlement with Ohio-based DNA Diagnostics Center (“DDC”) for a 2021 data breach that affected 2.1 million individuals nationwide and...more
2/23/2023
/ Clinical Laboratories ,
Cybersecurity ,
Data Breach ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Laboratories ,
Material Misstatements ,
PHI ,
Settlement ,
State Attorneys General ,
Statutory Violations
The past two weeks have seen continued developments in the state comprehensive privacy legislative landscape. Maryland, Minnesota, and Texas have entered the fray with new proposals, bringing the total number of states that...more
2/15/2023
/ Biometric Information ,
Consumer Privacy Rights ,
COPPA ,
Data Privacy ,
Fair Credit Reporting Act (FCRA) ,
FERPA ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Personal Information ,
Privacy Laws ,
Proposed Legislation ,
State Privacy Laws
On February 2, 2023, the Illinois Supreme Court held in a unanimous opinion that individuals have five years after an alleged violation to bring claims under the state’s Biometric Information Privacy Act (BIPA). This ruling...more
On February 2, 2023, the US Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) reached a settlement with Banner Health Affiliated Covered Entities (“Banner Health”) for a 2016 data breach that...more
On Friday, February 3, 2023, the California Privacy Protection Agency (CPPA) held a public board meeting at which it voted unanimously to (1) approve the final text of the California Privacy Rights Act (CPRA) regulations and...more
2/9/2023
/ Artificial Intelligence ,
Audits ,
Board Meetings ,
California Privacy Rights Act (CPRA) ,
Comment Period ,
Compliance ,
Cybersecurity ,
New Regulations ,
NPRM ,
Public Meetings ,
Regulatory Agencies ,
Regulatory Agenda ,
Risk Assessment
On February 1, the Colorado Attorney General’s (AG) Office and the Colorado Department of Law (the “Department”) held a rulemaking hearing on the Proposed Draft Rules for the Colorado Privacy Act (CPA), which goes into effect...more
On February 1, 2023, the Federal Trade Commission (FTC) reached a settlement with digital health platform GoodRx for sharing users’ personal health information with third parties without properly disclosing their data...more
On January 6, 2023, the Federal Communications Commission (FCC or the “Commission”) released a Notice of Proposed Rulemaking (“Notice”) with updates to its data breach rules and reporting requirements. Considering the growing...more
In a press release on January 27, 2023, California Attorney General (“California AG”) Rob Bonta announced an investigative sweep focused on mobile applications’ compliance under the California Consumer Privacy Act (CCPA),...more
2023 continues to be a busy year for state comprehensive privacy legislation. Since our last post, several new states have entered the fray with legislative proposals, while some of the bills we previously examined have moved...more
The new year has already seen a flurry of state privacy law activity, with legislators in at least nine states (Indiana, Iowa, Kentucky, Massachusetts, Mississippi, New York, Oklahoma, Oregon, and Tennessee) proposing new...more
On December 19, the Federal Trade Commission (FTC) reached two separate record-breaking settlements with Epic Games, Inc. (“Epic”) over allegations, among others, that the Fortnite video game maker knowingly violated the...more
On December 13, 2022, the European Commission initiated the process to adopt an adequacy decision for the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”). The draft adequacy decision follows President Biden’s October Executive...more
On November 15, the Federal Trade Commission (FTC) announced a six-month delay of the deadline by which companies must comply with recent amendments to its Standards for Safeguarding Customer Information (“the Safeguards...more
On November 9, the New York State Department of Financial Services (“DFS”) formally proposed amendments (the “Proposed Amendments”) to the Part 500 Cybersecurity Regulations (the “Cybersecurity Regulations”). The Proposed...more
On September 30, the Colorado Attorney General’s Office (“Colorado AG’s Office”) released proposed rules (the “Proposed Rules”) for the Colorado Privacy Act (CPA), which goes into effect on July 1, 2023. The Proposed Rules...more
On September 15, 2022, the Federal Trade Commission (FTC) released a report on dark patterns (the, “Report”) that identifies the types of misleading and manipulative interface practices that the agency believes can harm...more
On August 29, 2022, the California Age-Appropriate Design Code Act (the Act) was unanimously approved by the California State Senate. It now awaits Governor Gavin Newsom’s signature....more
9/15/2022
/ Children's Online Games ,
COPPA ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
Enforcement ,
Governor Newsom ,
Minors ,
Online Platforms ,
Penalties ,
Pending Legislation ,
Social Networks ,
Websites
On July 7, 2022, the Consumer Financial Protection Bureau (“CFPB”) issued an advisory opinion, “Permissible Purposes for Furnishing, Using, and Obtaining Consumer Reports” (the “Opinion”) to outline certain privacy...more
On August 24, 2022, California Attorney General Rob Bonta (“CA AG”) announced a $1.2 million settlement with Sephora, Inc. (“Sephora”), marking the first announced enforcement action under the California Consumer Privacy Act...more
On July 8, 2022, the Department of Justice (“DOJ”) announced in a press release that Aerojet Rocketdyne Inc, a provider of advanced propulsion and energetics systems for multiple government agencies, reached a settlement...more
7/28/2022
/ Compliance ,
Cyber Crimes ,
Cybersecurity ,
Department of Defense (DOD) ,
Department of Justice (DOJ) ,
DFARS ,
False Claims Act (FCA) ,
Federal Contractors ,
Military Contracts ,
NASA ,
Qui Tam ,
Settlement
On July 20, the House Committee on Energy & Commerce held an open markup session on the American Data Privacy and Protection Act (ADPPA), which concluded in an affirmative vote (53-2) for an amended version of the bill to...more
Following the Supreme Court’s ruling overturning Roe v. Wade in Dobbs v. Jackson Women’s Health Organization, the Biden Administration has outlined a framework for federal executive action designed to protect access to...more
7/21/2022
/ Biden Administration ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Executive Orders ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
New Guidance ,
PHI ,
Reproductive Healthcare Issues
On June 23, 2022, Congressman Patrick McHenry (NC-10), released a discussion draft (“Discussion Draft”) of new legislation set to amend the Gramm-Leach-Bliley Act (GLBA) with the intent to “modernize GLBA to better align...more
7/1/2022
/ Congressional Committees ,
Congressional Investigations & Hearings ,
Consumer Privacy Rights ,
Data Collection ,
Discussion Draft ,
Financial Institutions ,
GLBA Privacy ,
Gramm-Leach-Blilely Act ,
Preemption ,
Proposed Legislation ,
Regulatory Authority
Employee communications and use of company devices are often key issues in trade secret and related litigation. United States law, for the most part, has been very supportive of an employer’s ability to engage in aggressive...more