As anyone who uses the internet can attest, cookies banners pop up on almost every type of website and offer a dizzying and often annoying array of approaches and options to consumers. It is difficult to parse through what...more
4/11/2025
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consent ,
Cookie Banners ,
Data Collection ,
Enforcement Actions ,
Honda ,
Opt-Outs ,
Privacy Laws ,
Websites
The vast majority of commentary and public advice concerning data breaches surround, deservedly, the breach itself. This focus is only natural; it is the breach itself that requires victims to bring enormous resources to bear...more
With the onslaught of new privacy, AI and cyber legislation coupled with promises for enforcement and class action litigation, running a well-functioning and flexible privacy and cyber program is increasingly a critical...more
1/29/2025
/ Consumer Privacy Rights ,
Cookies ,
Cyber Incident Reporting ,
Data Breach ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Privacy Laws ,
Risk Management ,
Security and Privacy Controls ,
Sensitive Personal Information ,
State Privacy Laws
On December 6, 2024, the Colorado Attorney General’s Office notified the public that it adopted the updated Colorado Privacy Act (CPA) Rules, as a follow-up to the amendments to the CPA made earlier in the year (collectively,...more
1/10/2025
/ Biometric Information ,
Compliance ,
Consent ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Employee Privacy Rights ,
Employee Rights ,
Privacy Laws ,
Regulatory Requirements ,
State Privacy Laws
On September 29, 2024, California Governor Gavin Newsom signed AB 1824 into law, amending the California Consumer Privacy Act (CCPA) to require entities involved in corporate transactions, such as mergers and acquisitions,...more
12/9/2024
/ Acquisitions ,
Amended Legislation ,
California Consumer Privacy Act (CCPA) ,
Consent ,
Consumer Privacy Rights ,
Data Brokers ,
Data Collection ,
Data Sellers ,
Data-Sharing ,
Governor Newsom ,
Mergers ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws
On October 22, 2024, the U.S. Securities and Exchange Commission (SEC) charged four publicly traded technology companies with making materially misleading disclosures regarding cybersecurity risks and incidents (SEC press...more
11/7/2024
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Form 10-K ,
Form 8-K ,
Material Misstatements ,
Penalties ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC)
This article is the first in a series that will address privacy concerns for insurance carriers, agents and brokers. The insurance industry is uniquely situated at the confluence of multiple data privacy regimes....more
10/30/2024
/ Bank Holding Company Act ,
Captive Insurance Company ,
Data Privacy ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Insurance Agents ,
Insurance Brokers ,
Insurance Industry ,
NAIC ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Privacy Notice Rule ,
Sensitive Personal Information
Communication during a data breach is challenging in the best of circumstances, and control of information, especially early in a breach response, is critical. Below are some DOs and DON’Ts for communicating during a data...more
9/12/2024
/ Attorney-Client Privilege ,
Best Practices ,
Cyber Attacks ,
Data Breach ,
Discovery ,
Electronic Communications ,
Email ,
Incident Response Plans ,
Public Communications ,
Reputation Management ,
Work-Product Doctrine
With the recent wave of ransomware and other security incidents, it is now more important than ever for impacted organizations to have a thorough understanding of each element of a proper data breach response. That includes...more
It has now become commonplace for Plaintiffs’ attorneys to bring claims alleging that routine marketing techniques, including the deployment of behavioral advertising cookies and pixels, constitute wiretaps in violation of...more
8/19/2024
/ Behavioral Advertising ,
Business Associates ,
Corporate Counsel ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Marketing ,
PHI ,
Third-Party ,
Tracking Systems ,
Wiretap Act ,
Wiretapping
Recently filed class action complaints allege that companies that utilize embedded trackers within emails, or “spy pixels” as the plaintiffs are calling them, violate Arizona law because they collect a “communication service...more
On July 18, 2024, District Court Judge Engelmayer of the Southern District of New York issued his 107-page opinion and order dismissing most – but not all – of the landmark allegations of the SEC against SolarWinds Corp. and...more
7/29/2024
/ Board of Directors ,
Chief Information Security Officer (CISO) ,
Corporate Governance ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Enforcement Actions ,
Fraud ,
Incident Response Plans ,
Misleading Statements ,
Popular ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Securities Fraud ,
SolarWinds
A recent trend in litigation has emerged that is causing companies to re-think conventional wisdom. Until now, it has been a widely adopted best practice for retailers and other consumer-facing companies to include mandatory...more
On March 18, 2024, the Office of Civil Rights (“OCR”) within the Department of Health and Human Services (“HHS”) updated prior guidance concerning the use of online tracking technologies, including cookies, by Covered...more
5/31/2024
/ Business Associates ,
Cookies ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Guidance Update ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
OCR ,
PHI ,
Popular ,
Tracking Systems ,
Web Tracking
Last year was a pivotal one for data privacy, as privacy received substantial attention from many regulators, including the Federal Trade Commission (“FTC”). Looking back at the FTC’s 2023 enforcement actions, statements and...more
New York may lead the charge on implementation of data excise taxes (i.e., “data mining taxes”) which will impose taxes on businesses that collect personal data. These data excise taxes primarily target large tech companies...more
What are the unique features concerning the processing of biometric data under the MHMDA?
The MHMDA defines “biometric data” very broadly. Specifically, biometric data is “data that is generated from the measurement or...more
On April 27, 2023, the Washington State governor signed into law the My Health My Data Act or the MHMDA. In spite of the onerous and at times confusing requirements of the MHMDA, the Washington Attorney General (AG) has only...more
On April 27, 2023, the Washington State governor signed into law the My Health My Data Act or the MHMDA. In spite of the onerous and at times confusing requirements of the MHMDA, the Washington Attorney General (AG) has only...more
1/30/2024
/ Compliance ,
Consent ,
Data Collection ,
Data Privacy ,
Data Subject Access Requests ,
Effective Date ,
Notice Requirements ,
Penalties ,
Personal Information ,
PHI ,
Privacy Laws ,
State Privacy Laws
In late 2021, the Quebec legislature passed “The Privacy Legislation Modernization Act” or Law No. 25 (“Law 25”), which was designed to modernize and make significant changes to Quebec’s existing privacy framework....more
1/23/2024
/ Amended Legislation ,
Canada ,
Compliance ,
Consent ,
Data Protection Impact Assessments (DPIAs) ,
Data Subjects Rights ,
General Data Protection Regulation (GDPR) ,
Personal Information ,
PIPEDA ,
Privacy Laws ,
Reporting Requirements ,
Transparency
With the onslaught of new privacy legislation and cyber threats coupled with upticks in enforcement, running a well-functioning and flexible privacy program is now, more than ever, a critical component of an organization’s...more
1/5/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
EU ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Personally Identifiable Information ,
Privacy Laws ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Sensitive Personal Information ,
State Privacy Laws ,
Targeted Digital Advertising
On October 10, 2023, California Governor Gavin Newsom signed SB 362 into law. The “Delete Act” is intended to bridge a gap in consumer privacy rights – whereas the California Privacy Rights Act (the CPRA) grants consumers the...more
On September 21, 2023, the Colorado Division of Insurance adopted a Final Regulation implementing S.B. 21-169, the 2021 law governing Colorado-licensed insurers’ use of external consumer data and information sources (ECDIS),...more
11/30/2023
/ Algorithms ,
Anti-Discrimination Policies ,
Artificial Intelligence ,
Consumer Privacy Rights ,
Data Collection ,
Final Rules ,
Insurance Industry ,
Life Insurance ,
NAIC ,
Predictive Analytics ,
Risk Management ,
Underwriting
The use of online tracking technologies for online behavioral advertising, analytics and related activities has come under increasing scrutiny by regulators in the U.S., Europe and elsewhere. The obligations under various...more
11/7/2023
/ Advertising ,
Behavioral Advertising ,
Cookie Banners ,
Cookies ,
Do Not Sell ,
EU ,
Opt-In ,
Opt-Outs ,
Privacy Laws ,
State Privacy Laws ,
Targeted Digital Advertising ,
Web Tracking
On October 30, 2023, the U.S. Department of Health and Human Services (HHS) released a proposed rule (Proposed Rule) to establish disincentives for healthcare providers that engage in information blocking under the 21st...more