On April 17, the Washington legislature passed the My Health My Data Act (MHMD Act), which includes some of the most restrictive provisions in any U.S. state privacy law. The MHMD Act is the result of Washington state’s multi-year effort to pass comprehensive privacy legislation fueled by new fears about access to reproductive health care … Continue Reading
ICO and OAIC Find ‘Serious Breaches’ of Privacy Law On Nov. 29, 2021, the U.K. Information Commissioner’s Office (ICO) announced a provisional intent to fine Clearview AI over £17 million, alleging several privacy violations related to the company’s use of “scraped” data and biometrics of individuals. More significantly, the provisional order would require the company … Continue Reading
On July 7, 2021, Gov. Jared Polis signed the Colorado Privacy Act (CoPA) into law, making Colorado the third state to enact a comprehensive privacy law, joining California and Virginia. The Act goes into effect on July 1, 2023, and shares many of the rights and obligations provided in other comprehensive privacy laws such as … Continue Reading
In a landmark decision issued April 1, 2021, the Supreme Court settled a hotly-contested debate over the definition of “automatic telephone dialing system” (or “autodialer”) under the 1991 Telephone Consumer Privacy Act (“TCPA”). The Court’s decision is likely to upend the TCPA compliance and litigation landscape, as the law’s private right of action coupled with … Continue Reading
On March 19, 2021, Xavier Becerra was confirmed as the secretary of the U.S. Department of Health and Human Services (HHS). HHS is the federal regulatory body that oversees the Office for Civil Rights (OCR), which is the primary federal enforcer of the Health Insurance Portability and Accountability Act (HIPAA). The secretary oversees 11 operating … Continue Reading
Governor Ralph Northam has signed the Consumer Data Protection Act (CDPA), making Virginia the second state with a comprehensive privacy law. The CDPA is inspired by both the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation and takes effect Jan. 1, 2023 (the same date as most of the provisions of … Continue Reading
By Alan L. Friel, Kyle Dull, Kyle R. Fath and BakerHostetler on Posted in CDPA
Having passed both houses of the Virginia General Assembly, the proposed Consumer Data Protection Act (CDPA) may become the second comprehensive consumer privacy bill to be enacted in the United States. However, to reach the governor’s desk, it would need three more readings in the Senate and two more readings in the House, prior to … Continue Reading
During its annual Worldwide Developers Conference this summer, Apple announced a handful of new consumer-oriented privacy features coming to its software and devices. One feature will require app publishers to disclose information regarding their apps’ data collection and use practices in what some are referring to as a privacy “nutrition label.” Another significant privacy feature … Continue Reading
On Monday, Oct. 12, the California Office of the Attorney General (the Attorney General or OAG) released a third set of proposed modifications to the California Consumer Privacy Act (CCPA) regulations (the Regulations). The full text can be found on the Attorney General’s website here. The proposed modifications to the Regulations are limited to four … Continue Reading
Join BakerHostetler’s NEW Digital Transformation and Data Economy Team (DTDE) for a four-part webinar series where attorneys will cover legal implications surrounding COVID-19 for business leaders and provide practical answers and actionable advice. The DTDE team is designed to help you determine where your opportunities and vulnerabilities lie and design a plan to manage, protect and … Continue Reading
On Friday, April 10, 2020, the Department of Homeland Security, the Cybersecurity and Infrastructure Agency and the United Kingdom’s National Cyber Security Centre (NCSC) (jointly, the Agencies) issued a joint statement regarding the growing prevalence of COVID-19-related cyberattacks. The alert focuses on advanced persistent threat (APT) groups and other cybercriminals that are targeting organizations with … Continue Reading
April 23, 2020: Marketing, Promoting and Pricing Your Products During the Pandemic For some companies, the COVID-19 pandemic has meant trying to cope with flying-off-the-shelf demand; for others, it has meant retail shutdowns, force majeure and trying to find creative new ways to keep sales afloat. For all of us, it has been a time … Continue Reading
After the Washington Privacy Act (“WPA”) failed to pass in 2019, state legislators promised to renew their efforts in the 2020 legislative session. Lawmakers kept this promise last month, introducing three bills targeted at an array of consumer privacy issues. The first bill, SB 6281, or the Washington Privacy Act, introduced in the Senate on … Continue Reading
In what is being seen as a strong rebuke to years of regulatory overreach, the United States District Court for the District of Columbia entered an order on January 23, 2020 that invalidates provisions of the 2013 Omnibus Rule to the Health Insurance Portability and Accountability Act (“HIPAA”) and 2016 guidance issued by United States … Continue Reading
At the end of 2019, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and U.S. Department of Education Student Privacy Policy Office (ED) issued an update to their joint guidance on the relationship between the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability … Continue Reading
Those who keep an eye on privacy laws may be familiar with how monumental the Children’s Online Privacy Protection Act (COPPA) was when it first became effective in 1998. COPPA requires online services that directly target children under the age of 13, or reasonably know that children visit the online service, to obtain verifiable parental … Continue Reading
It’s finally here! Halloween, the day every kid dreams of for months. It’s a scary time in the world of children’s privacy law – what with the California Consumer Privacy Act (CCPA) lurking around the corner and the specter of FTC enforcement still lingering in the air. But this year, you’ve planned. You know exactly … Continue Reading
As discussed in our previous blog post on the topic, Nevada’s amendments to its privacy law are set to go into effect Oct. 1, 2019. Less comprehensive in scope than the much-heralded CCPA, the Nevada privacy law amendment has received significantly less attention than its California counterpart. Even so, the new Nevada privacy law presents … Continue Reading
The Federal Trade Commission (FTC) recently announced a compliance sweep of companies claiming to be in compliance with the U.S.-EU Privacy Shield and U.S.-Swiss Privacy Shield Frameworks. The U.S.-EU Privacy Shield and the U.S.-Swiss Privacy Shield programs enable companies to self-certify that they have adopted a number of data protection practices to bring their businesses … Continue Reading
Last week, Nevada Governor Steve Sisolak signed new privacy legislation into law in Nevada. Senate Bill 220 (SB-220) updates Nevada Revised State 603A to provide consumers a new right to opt out of the sale of their data. Effective Oct. 1, 2019, the new law will come into effect prior to the more comprehensive California … Continue Reading
After passing the Senate nearly unanimously, the Washington Privacy Act (SB 5376) has stalled in the House of Representatives. The bill failed to achieve passage out of committee by the April 17 deadline for consideration of bills originating in the opposite house, and was returned to the Senate on April 28. As a result, SB … Continue Reading
A Growing Menace 2018 saw a continuation of companies moving toward cloud-based email systems. Phishing incidents targeting those systems followed suit. Fully one-third of incidents addressed by our incident response team in 2018 involved unauthorized access to an online email account. Phishing attacks continued to dominate the types of cyberattacks organizations experienced in 2018, owed, … Continue Reading
On March 6, SB 5376, the Washington Privacy Act, passed the Washington Senate in an overwhelming 46-1 vote (with two members excused). Prior to its passage, the Senate adopted important revisions and clarifications that would provide important relief for businesses from some of the more onerous provisions of the legislation. As we reported in our … Continue Reading
The Federal Trade Commission announced the creation of a new task force that is dedicated to monitoring competition in the U.S. technology industry. This Technology Task Force will coordinate and consult with 17 staff attorneys throughout the FTC who have experience in complex product and service markets, including the markets for online advertising, social networking, … Continue Reading