BakerHostetler

Subscribe to all posts by BakerHostetler

An Introduction to Washington’s My Health My Data Act

On April 17, the Washington legislature passed the My Health My Data Act (MHMD Act), which includes some of the most restrictive provisions in any U.S. state privacy law. The MHMD Act is the result of Washington state’s multi-year effort to pass comprehensive privacy legislation fueled by new fears about access to reproductive health care … Continue Reading

US Facial Recognition Firm Ordered to Stop Processing UK and Australian Data and Pay Fine Over Privacy Law Violations

ICO and OAIC Find ‘Serious Breaches’ of Privacy Law On Nov. 29, 2021, the U.K. Information Commissioner’s Office (ICO) announced a provisional intent to fine Clearview AI over £17 million, alleging several privacy violations related to the company’s use of “scraped” data and biometrics of individuals. More significantly, the provisional order would require the company … Continue Reading

Colorado’s Privacy Act: A Curve Ball on Consent and Targeted Ads

On July 7, 2021, Gov. Jared Polis signed the Colorado Privacy Act (CoPA) into law, making Colorado the third state to enact a comprehensive privacy law, joining California and Virginia. The Act goes into effect on July 1, 2023, and shares many of the rights and obligations provided in other comprehensive privacy laws such as … Continue Reading

Highly Anticipated SCOTUS Ruling Upends TCPA Landscape

In a landmark decision issued April 1, 2021, the Supreme Court settled a hotly-contested debate over the definition of “automatic telephone dialing system” (or “autodialer”) under the 1991 Telephone Consumer Privacy Act (“TCPA”). The Court’s decision is likely to upend the TCPA compliance and litigation landscape, as the law’s private right of action coupled with … Continue Reading

Privacy-Forward California AG Xavier Becerra Confirmed as Next HHS Secretary

On March 19, 2021, Xavier Becerra was confirmed as the secretary of the U.S. Department of Health and Human Services (HHS). HHS is the federal regulatory body that oversees the Office for Civil Rights (OCR), which is the primary federal enforcer of the Health Insurance Portability and Accountability Act (HIPAA). The secretary oversees 11 operating … Continue Reading

Virginia Becomes the Second State with a Comprehensive Privacy Law

Governor Ralph Northam has signed the Consumer Data Protection Act (CDPA), making Virginia the second state with a comprehensive privacy law. The CDPA is inspired by both the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation and takes effect Jan. 1, 2023 (the same date as most of the provisions of … Continue Reading

Virginia Poised to Enact the Consumer Data Protection Act, the Nation’s Second Comprehensive Consumer Privacy Law

Having passed both houses of the Virginia General Assembly, the proposed Consumer Data Protection Act (CDPA) may become the second comprehensive consumer privacy bill to be enacted in the United States. However, to reach the governor’s desk, it would need three more readings in the Senate and two more readings in the House, prior to … Continue Reading

Apple to Require New Privacy Disclosures for Apps as of December 8, 2020

During its annual Worldwide Developers Conference this summer, Apple announced a handful of new consumer-oriented privacy features coming to its software and devices. One feature will require app publishers to disclose information regarding their apps’ data collection and use practices in what some are referring to as a privacy “nutrition label.” Another significant privacy feature … Continue Reading

California OAG Proposes New CCPA Regs Two Weeks Before Voters Decide on the Fate of CCPA 2.0

On Monday, Oct. 12, the California Office of the Attorney General (the Attorney General or OAG) released a third set of proposed modifications to the California Consumer Privacy Act (CCPA) regulations (the Regulations). The full text can be found on the Attorney General’s website here. The proposed modifications to the Regulations are limited to four … Continue Reading

Register for the Digital Transformation and Data Economy Four-Part Webinar Series starting on May 6

Join BakerHostetler’s NEW Digital Transformation and Data Economy Team (DTDE) for a four-part webinar series where attorneys will cover legal implications surrounding COVID-19 for business leaders and provide practical answers and actionable advice. The DTDE team is designed to help you determine where your opportunities and vulnerabilities lie and design a plan to manage, protect and … Continue Reading

Joint Agencies Issue Guidance on Prevalence of Cyberattacks Exploiting COVID-19 and Teleworking

On Friday, April 10, 2020, the Department of Homeland Security, the Cybersecurity and Infrastructure Agency and the United Kingdom’s National Cyber Security Centre (NCSC) (jointly, the Agencies) issued a joint statement regarding the growing prevalence of COVID-19-related cyberattacks. The alert focuses on advanced persistent threat (APT) groups and other cybercriminals that are targeting organizations with … Continue Reading

Upcoming Webinars

April 23, 2020: Marketing, Promoting and Pricing Your Products During the Pandemic For some companies, the COVID-19 pandemic has meant trying to cope with flying-off-the-shelf demand; for others, it has meant retail shutdowns, force majeure and trying to find creative new ways to keep sales afloat. For all of us, it has been a time … Continue Reading

The Washington Privacy Act Is Back

After the Washington Privacy Act (“WPA”) failed to pass in 2019, state legislators promised to renew their efforts in the 2020 legislative session. Lawmakers kept this promise last month, introducing three bills targeted at an array of consumer privacy issues. The first bill, SB 6281, or the Washington Privacy Act, introduced in the Senate on … Continue Reading

Federal Court Invalidates 2013 HIPAA Omnibus Rule Regulations and HHS Guidance on Fees for Copies of Medical Records

In what is being seen as a strong rebuke to years of regulatory overreach, the United States District Court for the District of Columbia entered an order on January 23, 2020 that invalidates provisions of the 2013 Omnibus Rule to the Health Insurance Portability and Accountability Act (“HIPAA”) and 2016 guidance issued by United States … Continue Reading

Departments of Education and HHS Release Joint Guidance on the Relationship Between FERPA and HIPAA

At the end of 2019, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and U.S. Department of Education Student Privacy Policy Office (ED) issued an update to their joint guidance on the relationship between the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability … Continue Reading

Hoping for a New Year’s Resolution: Clarity on the Sale of Personal Information of California Minors

Those who keep an eye on privacy laws may be familiar with how monumental the Children’s Online Privacy Protection Act (COPPA) was when it first became effective in 1998. COPPA requires online services that directly target children under the age of 13, or reasonably know that children visit the online service, to obtain verifiable parental … Continue Reading

Less Than a Month to Go Until Nevada Privacy Law Effective Date

As discussed in our previous blog post on the topic, Nevada’s amendments to its privacy law are set to go into effect Oct. 1, 2019. Less comprehensive in scope than the much-heralded CCPA, the Nevada privacy law amendment has received significantly less attention than its California counterpart. Even so, the new Nevada privacy law presents … Continue Reading

FTC Announces Enforcement Action, Warning Letters for Companies Falsely Claiming Privacy Shield Participation

The Federal Trade Commission (FTC) recently announced a compliance sweep of companies claiming to be in compliance with the U.S.-EU Privacy Shield and U.S.-Swiss Privacy Shield Frameworks. The U.S.-EU Privacy Shield and the U.S.-Swiss Privacy Shield programs enable companies to self-certify that they have adopted a number of data protection practices to bring their businesses … Continue Reading

Washington Privacy Act Dies in the House While California Continues to Consider Refinements to the CCPA

After passing the Senate nearly unanimously, the Washington Privacy Act (SB 5376) has stalled in the House of Representatives. The bill failed to achieve passage out of committee by the April 17 deadline for consideration of bills originating in the opposite house, and was returned to the Senate on April 28. As a result, SB … Continue Reading

Deeper Dive: The Scourge of O365 Incidents

A Growing Menace 2018 saw a continuation of companies moving toward cloud-based email systems. Phishing incidents targeting those systems followed suit. Fully one-third of incidents addressed by our incident response team in 2018 involved unauthorized access to an online email account. Phishing attacks continued to dominate the types of cyberattacks organizations experienced in 2018, owed, … Continue Reading

Washington Privacy Act Clears Senate

On March 6, SB 5376, the Washington Privacy Act, passed the Washington Senate in an overwhelming 46-1 vote (with two members excused). Prior to its passage, the Senate adopted important revisions and clarifications that would provide important relief for businesses from some of the more onerous provisions of the legislation. As we reported in our … Continue Reading

FTC Launches a New Task Force Dedicated to Monitoring the Tech Industry for Anti-Competitive Practices

The Federal Trade Commission announced the creation of a new task force that is dedicated to monitoring competition in the U.S. technology industry. This Technology Task Force will coordinate and consult with 17 staff attorneys throughout the FTC who have experience in complex product and service markets, including the markets for online advertising, social networking, … Continue Reading
LexBlog