On April 27, Washington Gov. Jay Inslee signed into law House Bill 1155, colloquially known as the My Health, My Data Act (the Act). Passed in response to the U.S. Supreme Court’s Dobbs v. Jackson decision, the Act...more
12/1/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
Consent ,
Covered Entities ,
Data Collection ,
Governor Inslee ,
New Legislation ,
Notice Requirements ,
PHI ,
Private Right of Action ,
Reproductive Healthcare Issues ,
Risk Mitigation ,
State Privacy Laws
Washington’s groundbreaking “My Health My Data Act” (HB 1155) (the Act) was signed into law on April 27, 2023. This Act imposes new requirements on the processing and sale of consumer health data by organizations with a nexus...more
On July 10, 1962, NASA launched Telstar 1, the first active communications satellite linking Europe and the United States through live television transmission. Sixty-one years later, on July 10, 2023, the European Commission...more
7/13/2023
/ Adequacy Requirement ,
Corporate Counsel ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
Executive Orders ,
Framework Agreement ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Privacy Framework ,
Schrems I & Schrems II ,
Self-Certification ,
Standard Contractual Clauses ,
Switzerland ,
UK ,
US-EU Safe Harbor Framework
As part of the health budget bill signed by Governor Hochul in early May, New York has amended its General Business Law, introducing a prohibition on geofencing of health care facilities that goes into effect on July 2, 2023...more
On April 17, the Washington legislature passed the My Health My Data Act (MHMD Act), which includes some of the most restrictive provisions in any U.S. state privacy law....more
Entities that receive criminal process (such as subpoenas or search warrants) in Washington state should review Washington’s new Shield Law, which the legislature just passed as part of its post-Dobbs “choice-defending...more
4/18/2023
/ Constitutional Challenges ,
Criminal Procedure ,
Dobbs v. Jackson Women’s Health Organization ,
Extradition ,
Full Faith and Credit Clause ,
Health Care Providers ,
New Legislation ,
Reproductive Healthcare Issues ,
Shield Laws ,
Subpoenas ,
Warrants
Since the U.S. Supreme Court’s Dobbs v. Jackson Women’s Health Organization decision, healthcare privacy has become a more urgent issue as states such as Missouri seek to limit women from obtaining abortions in other states....more
4/5/2023
/ Abortion ,
Data Privacy ,
Dobbs v. Jackson Women’s Health Organization ,
Exemptions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Proposed Legislation ,
Tracking Systems ,
Wearable Technology
On October 5, 2022, a federal jury found Joseph Sullivan, Uber’s former chief security officer, guilty of obstruction of justice and misprision of a felony in connection with his role in responding to a 2016 data breach...more
10/12/2022
/ Compliance ,
Corporate Officers ,
Criminal Convictions ,
Criminal Prosecution ,
Cyber Crimes ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Department of Justice (DOJ) ,
Incident Response Plans ,
Obstruction of Justice ,
Popular ,
Uber
The Federal Trade Commission issued a detailed [staff report] on September 15 addressing Dark Patterns (or what some more descriptively call “manipulative design,” but Dark Patterns seems to be sticking). Regulators...more
Our 2022 Data Security Incident Response Report discussed the increased regulatory scrutiny of cybersecurity incidents and defenses following a year of high-profile and damaging cyberattacks, including the Russia-based...more
This Update highlights some of the international data protection issues that caught our attention and the attention of our clients over the winter, including updates on European data transfers and cookie compliance,...more
3/15/2022
/ Cookies ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
International Data Transfers ,
Russia
As the federal government continues its whole-of-government response to cyber incidents, federal banking regulators took action to impose a new notice requirement on federally regulated banks. In November, the Federal Deposit...more
On November 18, 2021, the European Data Protection Board (EDPB) adopted its new draft guidance on the interplay between Article 3 of the European Union’s General Data Protection Regulation (GDPR) and Chapter V of the same...more
This update highlights some of the international data protection issues that caught our attention, and the attention of our clients, over the summer. Asia-Pacific - China’s Data Security Law and Personal Information...more
On July 7, 2021, Gov. Jared Polis signed the Colorado Privacy Act (CoPA) into law, making Colorado the third state to enact a comprehensive privacy law, joining California and Virginia. The Act goes into effect on July 1,...more
After a series of high-profile supply chain and ransomware attacks, the federal government is ramping up its effort to improve the nation’s cybersecurity. In the past several months, multiple federal departments and agencies...more
On June 4, 2021, the European Union’s (EU) executive branch, the European Commission (EC), released their new Standard Contractual Clauses (SCCs) for compliant cross-border data transfers under the EU’s General Data...more
Organizations around the globe began 2021 grappling with two significant supply-chain attacks. First, the SVR, Russia’s foreign intelligence service, planted malicious code in Orion, SolarWinds’ flagship network management...more
On March 26, with less than a month left in the Washington Legislature’s 2021 session, the House Civil Rights and Judiciary Committee (CRJC) passed the Washington privacy act (2SSB 5062), with amendments, on a straight...more
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months....more
3/30/2021
/ Asia Pacific ,
CNIL ,
Cookies ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Data Transfers ,
Enforcement Actions ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Notice Requirements ,
Personal Data ,
Popular ,
Russia ,
South America ,
UK ,
Web Tracking
On December 13, 2020, SolarWinds disclosed that an unknown attacker compromised its network and inserted malicious code (referred to as the Sunburst vulnerability) into software updates for the Orion platform. In what will...more
Quick Links - CJEU Press Release - CJEU Decision - Press Releases from the Parties - Irish Data Protection Commission - Max Schrems - U.S. Department of Commerce - Electronic Privacy Information Center (EPIC) - BSA The...more
Last week, the International Association of Privacy Professionals hosted a keynote session with Stacey Schesser, supervising deputy attorney general (AG) of the California Department of Justice, to discuss the July 1 start of...more
Following its investigation of a personal data breach, the Belgian Data Protection Authority (DPA) issued a ruling on April 28, 2020, imposing a €50,000 fine on an organization for negligence in having appointed the company’s...more
Risk scenarios and recommendations -
History tells us that unscrupulous actors will exploit any crisis, and COVID-19 is no exception. ...more