In a recent blog post, the FTC again cautioned entities that hashing data does not make that data anonymous. Hashing is a process that takes a particular input, such as a phone number or email address, and uses a mathematical...more
The FTC recently announced that it had finalized the changes to the Health Breach Notification Rule (HBNR). This is roughly one year later from when the proposed changes were first released and three years later from the...more
As we reflect on 2023 and make predictions for 2024, it is remarkable the number of significant events occurring this past year that will be impactful for the activities of the life sciences industry going forward. Although...more
1/26/2024
/ Acquisitions ,
Amgen v Sanofi ,
Antitrust Division ,
Artificial Intelligence ,
Biden Administration ,
Biosimilars ,
Chevron Deference ,
Clawbacks ,
Clinical Trials ,
Compensation ,
Compliance ,
Corporate Integrity Agreement ,
Criminal Prosecution ,
Data Preservation ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Drug Pricing ,
Enforcement ,
EU ,
Executive Orders ,
False Claims Act (FCA) ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
Generic Drugs ,
Investigations ,
Life Sciences ,
Mergers ,
Mobile Devices ,
OPDP ,
Pharmaceutical Industry ,
Pilot Programs ,
Privacy Laws ,
Proposed Rules ,
Risk Management ,
Section 340B ,
Self-Disclosure Requirements ,
Voluntary Disclosure
While the US does not have some specific AI-focused law a host of regulators have been providing their thoughts about AI. Noticeable traction on the topic began in 2020. With the explosion of ChatGPT in 2023, commentary (and...more
The FTC and OCR at HHS are continuing to scrutinize the use of tracking technologies that may reveal information about a person’s health or health status. Both agencies recently sent a letter to a reported 130 hospitals and...more
7/25/2023
/ Data Collection ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Digital Health ,
Electronic Medical Records ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Popular ,
Privacy Laws ,
Section 5 ,
Telehealth ,
Tracking Systems
The FTC recently proposed amendments to the Health Breach Notification Rule (HBNR). This is on trend with its aggressive interest over the last couple of years in health data not covered by HIPAA....more
6/27/2023
/ Breach Notification Rule ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Medical Records ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Amendments
The FTC is closing out 2022 with additional guidance for mobile health app developers signaling its continued interest in this industry. Since 2021, we have seen several steps from the agency demonstrating a focus on...more
12/9/2022
/ Breach Notification Rule ,
Data Privacy ,
Data Protection ,
Digital Health ,
Electronic Medical Records ,
Federal Food Drug and Cosmetic Act (FFDCA) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
ONC ,
Privacy Laws
The FTC recently took action against the online alcohol marketplace company Drizly and its CEO for alleged security failures. The case arose from a 2018 data breach which was caused – according to the FTC – by poor security...more
In this second post in our ongoing series, we examine key takeaways for companies in light of the recently released draft CPRA regulations. Today’s focus is on issues surrounding consumer choice:...more
The FTC recently reminded companies that principles of fairness and the likelihood of harm may in some cases prompt breach notification. This requirement might exist even if state breach notice laws have not been triggered...more
The FTC recently published two new resources for complying with the Health Breach Notification Rule. The Rule requires vendors of personal health records (PHR), PHR-related entities and service providers to these entities, to...more
3/15/2022
/ Breach Notification Rule ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Electronic Medical Records ,
Federal Trade Commission (FTC) ,
Healthcare ,
Medical Records ,
Policy Statement ,
Privacy Laws ,
Vendors
Just as we thought 2022 was going to be significantly different than 2021, December 2021 and January 2022 events have thrown us for another (pandemic) loop. We anticipate that some of the privacy and cybersecurity...more
1/12/2022
/ Artificial Intelligence ,
Auto-Dialed Calls ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CAN-SPAM Act ,
CARU ,
CDPA ,
Consumer Privacy Rights ,
COPPA ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Employee Tracking ,
EU ,
FCC ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Identity Theft ,
Machine Learning ,
Mobile Privacy ,
Ransomware ,
SCOTUS ,
TCPA
As we look to 2022, a question on many companies’ minds is what actions we will see from the FTC. Two recent developments are important on that front.
First, the FTC recently signaled its intent to initiate rulemaking on...more
12/23/2021
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Algorithms ,
Breach Notification Rule ,
Cybersecurity ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Identity Theft ,
Online Safety for Children ,
Regulatory Oversight ,
Rulemaking Process ,
Safeguards Rule ,
State and Local Government
The use of apps, wearables, and other devices used to track health and wellness data have continued to rise. The FTC again signaled its focus on this growing industry in a statement on the scope of the Health Breach...more
9/21/2021
/ Breach Notification Rule ,
Data Privacy ,
Digital Health ,
Digital Privacy Act ,
Enforcement ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Mobile Health Apps ,
Personally Identifiable Information ,
PHI
As discussed in our sister blog, CARU’s revised Ad Guidelines go into effect on January 1, 2022. While the core principles of the guidelines have not changed, they now include new content to account for today’s advertising...more
8/27/2021
/ Advertising ,
CARU ,
COPPA ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Online Gaming ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Privacy Policy ,
Social Media ,
Terms of Service
Colorado recently joined Virginia and California in passing a more comprehensive privacy law. The Colorado Privacy Act (CPA) will go into effect July 1, 2023. This is six months after Virginia’s law (CDPA) and California’s...more
7/14/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Colorado ,
Consumer Privacy Rights ,
Data Protection ,
Data Security ,
Enforcement ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
General Data Protection Regulation (GDPR) ,
Liability ,
New Legislation ,
Privacy Laws ,
State and Local Government
Artificial intelligence continues to remain a focus in 2021, as we predicted at the start of the year. From the FTC, to the EU, to others, regulators of all kinds are paying attention to companies’ use of these tools. In the...more
4/6/2021
/ Artificial Intelligence ,
Business Strategies ,
Cybersecurity ,
Data Privacy ,
Data Security ,
FDIC ,
Federal Trade Commission (FTC) ,
Government Agencies ,
Popular ,
Public Comment ,
Regulatory Requirements
Utah recently signed into law SB 227, creating the Genetic Information Privacy Act (GIPA). The law, which is anticipated to go into effect in May 2021, is aimed at protecting genetic data collected from direct-to-consumer...more
4/2/2021
/ Consent ,
Consumer Privacy Rights ,
Data Protection ,
Data Use Policies ,
Direct to Consumer Sales ,
Disclosure Requirements ,
DNA ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
Genetic Materials ,
Genetic Testing ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Life Sciences ,
New Legislation ,
Notice Requirements ,
Privacy Laws ,
State and Local Government
Many digital health app developers offering health and wellness solutions directly to consumers may find themselves in a space unregulated by the Health Insurance Portability and Accountability Act (“HIPAA”). While...more
The FTC recently settled with Flo Health, Inc., a popular fertility-tracking app, based on promises made about how health data would be shared. In its complaint, the FTC alleged that while Flo promised to keep users’ health...more
U.S. companies are in a bind in the wake of the recent EU decision rejecting the validity of the Privacy Shield. While it is clear that the EU will not accept Privacy Shield participation as a basis for transferring data from...more
The FTC recently settled with smart lock maker Tapplock, Inc., a Canadian company, over allegations that it deceived consumers with false claims about its product’s security practices. These allegations arose based on...more
The FTC recently released its annual privacy and security report, providing a snapshot of the issues focused on in the previous year. These reports are often looked at as a signal for insights into the agency’s upcoming...more
3/5/2020
/ Annual Reports ,
Comment Period ,
COPPA ,
Data Privacy ,
Data Security ,
Enforcement Actions ,
Enforcement Statistics ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
NIST ,
Rulemaking Process
The FTC recently summarized three major changes it made to its orders in data security cases. In a blog signaling these changes, the FTC Indicated that some of the things it has been requiring of companies in 2019 are here to...more
1/15/2020
/ C-Suite Executives ,
Certificates of Compliance ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Training ,
Encryption ,
Federal Trade Commission (FTC) ,
Information Security ,
Internal Data Controls ,
Security Risk Assessments ,
Third-Party Liability
Many organizations are currently focused on updating their privacy policy to include content required by CCPA. While making those edits, now is a good time to take a step back and think more broadly about privacy program and...more