As of January 1, 2020, manufacturers of internet-connected devices sold or offered for sale in California must follow new state legislation governing cybersecurity measures, including a requirement to equip devices with...more
Blockchain continues its buzz in healthcare for its potential to revolutionize patient records, medical data, medical billing, and wearable device use. Healthcare stakeholders may consider using this technology to advance...more
In order to cause the withdrawal of a privacy measure slated to appear on the November ballot, the California Senate and Assembly approved the California Consumer Privacy Act (CCPA) on June 27, and it was signed into law by...more
Colorado Governor John Hickenlooper recently signed into law House Bill 1128, which will take effect on September 1, 2018. The new law requires businesses owning, maintaining, or licensing personal information of Colorado...more
The California Consumer Privacy Act, which could be on the ballot in November, aims to introduce a groundbreaking approach to consumer privacy that not only is likely to resonate with the state’s voters, but is also expected...more
The launching of the website, recently announced by the Delaware attorney general, is part of an effort to assist companies in meeting the notification requirements of the state’s recently amended data breach law....more
The ruling stems from a case that signals a growing trend toward group action litigation involving data protection, and poses new risks for companies who should respond with increased vigilance in employee recruitment,...more
A new FTC policy eliminates the requirement to obtain parental consent to collect a recording of a child’s voice in certain circumstances....more
A recent update of the FTC’s COPPA compliance plan for businesses focuses on internet-connected toys and devices aimed at children; FBI issues a Public Service Announcement with a similar focus....more
The $2.5 million settlement reflects the agency’s focus on mobile health privacy.
On April 24, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a settlement with CardioNet, a...more
The GDPR will apply to the UK when it is effective on May 25, 2018, but the government will need to adopt domestic data privacy legislation upon the UK’s pending exit from the EU....more
3/22/2017
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular ,
UK ,
UK Brexit ,
UK Data Protection Act
The new law gives UK intelligence and law enforcement bodies sweeping surveillance powers.
The IPA was introduced in response to recommendations that David Anderson QC made, in his capacity as the Independent Reviewer of...more
Over two years after the enactment of Canada’s anti-spam legislation, the Canadian Radio-Television and Telecommunications Commission (CRTC) has issued its first decision on the law, with a particular focus on the consent...more
What covered entities and business associates can do to prepare for the next round of audits.
On July 11, the HIPAA Phase 2 audits commenced when 167 covered entities received notice of a desk audit from the Department...more
7/19/2016
/ Breach Notification Rule ,
Business Associates ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Audits ,
HITECH Act ,
OCR ,
PHI ,
Security Risk Assessments
The EU-US Privacy Shield—successor to the invalidated Safe Harbor program for transatlantic transfers of EU personal data—was finally approved on July 12, 2016....more
Following the United Kingdom’s nonbinding vote to leave the European Union (“Brexit”), what do businesses need to consider for data privacy compliance?...more
Five suggested steps healthcare organizations and their contractors should take to prepare.
On March 21, the Office of Civil Rights (OCR) of the Department of Health and Human Services launched Phase 2 of the HIPAA Audit...more
Passage of the Act facilitates two data-sharing agreements between the European Union and United States that will improve transatlantic business, privacy, and security.
On February 24, the Judicial Redress Act of 2015...more
The new EU-US Privacy Shield seeks to address the European Court of Justice’s criticisms in Schrems after the decision invalidated the Safe Harbor program for EU-US data transfers.
On February 29, the EU Commission...more
3/2/2016
/ Article 29 Working Party (WP29) ,
Binding Corporate Rules ,
Data Protection Authority ,
Dispute Resolution ,
EU ,
EU-US Privacy Shield ,
European Commission ,
International Data Transfers ,
Schrems I & Schrems II ,
US Department of State ,
US-EU Safe Harbor Framework
OCR’s guidance presents hypothetical scenarios and key questions to help app developers determine when they are subject to HIPAA regulations.
On February 11, the Department of Health and Human Services’ Office for Civil...more
The pending legislation would authorize the US Department of Justice to designate foreign countries to allow the citizens of such countries to bring civil actions against certain US agencies to access, amend, or redress...more
A new personal data transfer agreement was announced on February 3, 2016 between EU and US authorities: the EU-US Privacy Shield will replace the invalidated Safe Harbor programme.
Since the landmark decision of the...more
2/4/2016
/ Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
The General Data Protection Regulation places new obligations on businesses to protect personal data with high financial penalties for noncompliance.
The European Commission has confirmed that the new General Data...more
New provisions about encryption, license plate recognition, and breach notification letters.
California has long been a trendsetter with regard to security breach notification standards. In 2002, for example, California...more
New care delivery models and healthcare reimbursement trends are heating up the market for hospital employment of physicians yet again, but does a productivity-based compensation model still work in this environment?...more