On September 4, the California Privacy Protection Agency issued an enforcement advisory regarding “choice architectures that have the substantial effect of subverting or impairing a consumer’s autonomy, decision-making, or...more
On April 26, the Federal Trade Commission announced its final rule updating the health breach notification rule. According to the FTC, the update seeks to “clarify” the scope of the rule by adding new definitions and revising...more
Employers are gathering more and more data on job applicants and employees. From using artificial intelligence (”AI”) and credit scores for pre-employment screenings, biometrics for clocking-in and out, and digital...more
As the health care industry continues reeling from the recent Change Healthcare ransomware attack that crippled large portions of the U.S. health care system, health care providers are naturally reminded of the importance of...more
3/12/2024
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Personally Identifiable Information ,
Popular
Step right up as we discuss some of 2023’s most notable cybersecurity and privacy regulatory and litigation developments and tips for keeping your program flying high. Regulatory Activity New regulatory requirements now in...more
1/18/2024
/ Class Action ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Employee Benefits ,
Insurance Brokers ,
Investment Adviser ,
NAIC ,
Popular ,
Retirement Plan ,
Securities and Exchange Commission (SEC)
Generative AI has captured the public’s attention and promises to transform the way we live and work. The technology, however, implicates a number of important cybersecurity and privacy considerations for organizations. This...more
In April and May, the NAIC Privacy Protections Working Group held the first three of its biweekly calls to discuss its recipe for a new privacy model, “Insurance Consumer Privacy Protection Model Law #674.” During the...more
On June 6, 2023, Gov. Ron DeSantis signed S.B. 262 into law, adding Florida to the list of states passing new privacy laws this year. While much of S.B. 262 will only impact companies with annual revenues of more than $1...more
Website tracking technologies have become ubiquitous as a means for companies to monitor traffic to their websites and enhance the user experience. Class actions alleging insufficient notice and consent related to those same...more
On February 9, 2022, U.S. Sens. Tammy Baldwin (D-Wis.) and Bill Cassidy (R-La.) introduced the “Health Data Use and Privacy Commission Act.” The bipartisan act, intended to modernize the Health Insurance Portability and...more
On July 7, Colorado joined California and Virginia as the third state to pass comprehensive consumer privacy legislation. All three states have new privacy laws with effective dates in 2023 (though California’s Privacy Rights...more
It’s a hot spring for state privacy legislation. Privacy bills are pending in roughly 20 states, and while Gramm-Leach-Bliley Act (GLBA) exemptions may act as a cool breeze in some, issues remain...more
Florida recently joined a small but growing number of states considering sweeping reforms to their data privacy and protection laws. House bill 969, titled “Consumer Data Privacy,” in many ways mirrors the California Consumer...more
The California Consumer Privacy Act (CCPA) took effect on January 1, 2020, and brought with it a panoply of new legal obligations for many companies doing business with California residents. ...more
6/19/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Office of Administrative Law ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government
COVID-19 has challenged health care providers to change the way they offer services — from shifting to an increasingly remote workforce to diving into telehealth. These adjustments have privacy implications. The following are...more
6/18/2020
/ California Consumer Privacy Act (CCPA) ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PHI ,
Remote Working ,
Risk Assessment ,
Telecommuting ,
Telehealth
There has been no lack of new guidance regarding health care cybersecurity in recent weeks. But the American Medical Association’s (AMA) newly released “Privacy Principles” is unique in its aim at entities involved in health...more
After a brief hiatus due to COVID-19, the NAIC’s Privacy Working Group returned to work on May 5 discussing comments received on the working group’s markup of the NAIC Insurance Information and Privacy Protection Model Act...more
Last week, the American Medical Association (AMA) and the American Hospital Association (AHA), recognizing the increased cybersecurity threats facing health care providers, issued joint guidance for physicians working from...more
4/23/2020
/ Coronavirus/COVID-19 ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Health Care Providers ,
Information Governance ,
PHI ,
Phishing Scams ,
Popular ,
Risk Management ,
Vulnerability Assessments
The level of attention that the SEC’s Office of Compliance Inspections and Examinations has been giving to cybersecurity issues can hardly be overstated. ...more
For many people and organizations, COVID-19 caused a rapid transition to remote learning and working; for hackers and other bad actors, it has created new opportunities. Whether by virtue of a remote and distracted workforce,...more
It starts inconspicuously enough with an email. You’re busy, so without thinking, you quickly open it and view the attachment. You may have just compromised the security of your entire company and the privacy of every...more
2/5/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Training ,
Hackers ,
Personally Identifiable Information ,
Ransomware ,
Risk Management
Florida lawmakers have proposed data privacy legislation that, if adopted, would impose significant new obligations on companies offering a website or online service to Florida residents, including allowing consumers to “opt...more
1/15/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Governance ,
Legislative Agendas ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Privacy Policy ,
Proposed Legislation ,
Proposed Regulation ,
Regulatory Agenda ,
Risk Management ,
Rulemaking Process ,
State and Local Government ,
Websites