Tag Archives: data privacy

Recent FTC Post Commits to Protecting Sensitive Health Data After White House Issues Related Executive Order

Photo of Aleksandra VoldPhoto of Daniel KaufmanBy Aleksandra Vold and Daniel Kaufman on Posted in FTC
On July 8, 2022, following the Supreme Court’s decision in Dobbs, the president signed an executive order that called on a number of federal agencies to take steps to protect reproductive rights. He specifically asked the Federal Trade Commission (FTC) to “consider taking steps to protect consumers’ privacy when seeking information about and provision of … Continue Reading

CPPA Publishes Notice of Proposed Rulemaking

Photo of Jeewon SerratoPhoto of Shruti Bhutani AroraPhoto of Christine MastromonacoBy Jeewon Serrato, Shruti Bhutani Arora and Christine Mastromonaco on Posted in CPRA
On July 8, the California Privacy Protection Agency Board (CPPA, Agency or Board) announced the Notice of Proposed Rulemaking (NPRM), which begins the 45-day comment period for the draft regulations. As we previously reported, the California Privacy Rights Act (CPRA) draft regulations were released on May 27, and we had a heads-up about this rulemaking … Continue Reading

Office for Civil Rights Provides Guidance: HIPAA Privacy Rule on Disclosures of Information Relating to Reproductive Healthcare

Photo of Aleksandra VoldBy Aleksandra Vold on Posted in Data Privacy, Healthcare, HIPAA/HITECH
On June 29, in response to the U.S. Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization, the U.S. Department of Health & Human Services Office for Civil Rights (HHS OCR) issued guidance on when entities covered by the Health Insurance Portability and Accountability Act (HIPAA) are permitted to share protected health information (PHI) … Continue Reading

Dobbs Triggers Significant Healthcare and Privacy Law Concerns and Confusion

Photo of Aleksandra VoldPhoto of Amy FoutsBy Aleksandra Vold and Amy Fouts on Posted in Data Privacy, Healthcare, HIPAA/HITECH
To help guide entities through the significant confusion and changes that will be evolving for the next several years, BakerHostetler has assembled the Dobbs Decision Task Force (DDTF), led by attorneys in five major areas (healthcare/health tech, privacy, labor and employment, employee benefits, and white collar). Like many others, healthcare entities are facing immediate uncertainty … Continue Reading

DSIR Deeper Dive: Class Certification Jurisprudence

Photo of Melissa BilanciniBy Melissa Bilancini on Posted in Data Breaches
Over the years, there have been very few class certification rulings in actions arising from data breach incidents. Of those that have been published, most have favored the defense. However, as we discussed in our 2022 Data Security Incident Response Report, the recent ruling in In re Brinker Data Incident Litigation (“Brinker”)granting class certification has … Continue Reading

If it’s broke, just fix it…: Curing Alleged CCPA Violations

Photo of Colby EverettPhoto of Robyn M. FeldsteinPhoto of Casie CollignonBy Colby Everett, Robyn M. Feldstein and Casie Collignon on Posted in CCPA
Courts across the United States continue to grapple with California’s landmark consumer privacy law, the California Consumer Privacy Act (CCPA). While the contours of this law are being litigated on multiple fronts, one important, but not most discussed provision, is Section 1798.150(a)(1), the right to cure. The CCPA, like other, similar California privacy laws, includes … Continue Reading

CPPA Begins CPRA Rulemaking

Photo of Jennifer MitchellPhoto of Jeewon SerratoPhoto of Justin T. YedorPhoto of Jenny HaBy Jennifer Mitchell, Jeewon Serrato, Justin T. Yedor and Jenny Ha on Posted in CCPA, CPRA
On May 26, 2022, the California Privacy Protection Agency (CPPA or the Agency) held a public board meeting to provide updates on the Agency’s rulemaking process. The next day, the CPPA released draft regulations for the California Privacy Rights Act (CPRA). This post includes initial impressions of the proposed regulations and how they square with … Continue Reading

North Carolina is the First State to Prohibit Public Entities from Paying Ransoms: What Does This Mean for North Carolina Public Schools and Universities?

Photo of Elise ElamPhoto of Benjamin WangerBy Elise Elam and Benjamin Wanger on Posted in Data Counsel
On April 5th, North Carolina became the first state to prohibit state agencies and local governments from paying ransoms after becoming victims of a ransomware attack. Indeed, in addition to prohibiting said entities from paying ransoms, North Carolina’s new law actually goes so far as to prohibit a public entity from even communicating with threat … Continue Reading

2022 DSIR Deeper Dive: Increased Regulatory Scrutiny of Cybersecurity Incidents

Photo of Teresa Goody GuillénPhoto of Andreas KaltsounisBy Teresa Goody Guillén and Andreas Kaltsounis on Posted in Data Security Incident Response
Our 2022 Data Security Incident Response Report discussed the increased regulatory scrutiny of cybersecurity incidents and defenses following a year of high-profile and damaging cyberattacks, including the Russia-based SolarWinds espionage campaign and the Colonial Pipeline ransomware attack. This article summarizes several U.S. government actions aiming to improve the nation’s cybersecurity and the government’s ability to … Continue Reading

It’s Elementary: Measures that Educational Institutions Should Take to Prepare for Ransomware Attacks: Part 3

Photo of Benjamin WangerPhoto of Allison ClarkBy Benjamin Wanger and Allison Clark on Posted in Ransomware
PART 1 PART 2 PART 3 In the event of a ransomware attack, there are a host of legal frameworks that could potentially be implicated.  Whether those laws apply often depends on the nature of the data that the threat actor accessed and/or acquired.  In this installment, we address the laws that could be implicated … Continue Reading

A Digital Advertising Primer on Preparing for the Post-Cookie World: Part Four

Photo of Fernando A. Bohorquez, Jr.Photo of Gerald J. FergusonPhoto of Yadilsa DiazPhoto of Priyanka SurapaneniBy Fernando A. Bohorquez, Jr., Gerald J. Ferguson, Yadilsa Diaz and Priyanka Surapaneni on Posted in Cookies
Part I: What Are Third-Party Cookies and Why They Are Important Part II: Privacy Laws and Third-Party Cookies Part III: The Big Tech Phase-Out of the Third-Party Cookie and the Emerging Industry Landscape – Browsers and Mobile Part IV: The Big Tech Phase-Out of the Third-Party Cookie and the Emerging Industry Landscape – First-Party Data … Continue Reading

Part 2 of BakerHostetler’s Countdown to CPRA – Top 5 FAQs to Evaluate Compliance Strategy for Employees

Photo of Jennifer MitchellBy Jennifer Mitchell on Posted in CPRA
In Part 1 of BakerHostetler’s Countdown to CPRA blog series, we provided initial guidance to businesses on key California Privacy Rights Act (CPRA) compliance readiness considerations. On January 1, 2023, California could become the first U.S. state to enact a comprehensive data privacy law covering employment-related data (“B2E”), whereas the California Consumer Privacy Act (CCPA) … Continue Reading

CPRA Rulemaking Explained and CPRA Amendments Push Forward, Including Employee and Business-to-Business Exemptions

Photo of Jeewon SerratoPhoto of Marshall J. MatteraBy Jeewon Serrato and Marshall J. Mattera on Posted in CPRA
On Feb. 18, Chairperson Jennifer Urban of the California Privacy Protection Agency (CPPA) addressed the California state bar and clarified the announcements that were made during the CPPA board meeting on Feb. 17. Read on for an explanation of the California Privacy Rights Act (CPRA) rulemaking process and brief summaries of the privacy bills in … Continue Reading

CPRA Regulations Postponed

Photo of Jeewon SerratoPhoto of Justin T. YedorPhoto of Marshall J. MatteraBy Jeewon Serrato, Justin T. Yedor and Marshall J. Mattera on Posted in CPRA
On Feb. 17, 2022, the California Privacy Protection Agency (CPPA or the Agency) held a public board meeting to address several topics, including the rulemaking under the California Privacy Rights Act (CPRA). Although the CPRA includes a July 1 deadline for the Agency to promulgate final regulations, it is clear the CPPA will not meet … Continue Reading

A Digital Advertising Primer on Preparing for the Post-Cookie World: Part Three

Photo of Fernando A. Bohorquez, Jr.Photo of Gerald J. FergusonPhoto of Yadilsa DiazPhoto of Priyanka SurapaneniBy Fernando A. Bohorquez, Jr., Gerald J. Ferguson, Yadilsa Diaz and Priyanka Surapaneni on Posted in Cookies
Part I: What Are Third-Party Cookies and Why They Are Important Part II: Privacy Laws and Third-Party Cookies Part III: The Big Tech Phase-Out of the Third-Party Cookie and the Emerging Industry Landscape – Browsers and Mobile — PART III — The Big Tech Phase-Out Welcome to the third installment in our eight-part series preparing … Continue Reading

A Digital Advertising Primer on Preparing for the Post-Cookie World: Part Two

Photo of Gerald J. FergusonPhoto of Fernando A. Bohorquez, Jr.Photo of Yadilsa DiazBy Gerald J. Ferguson, Fernando A. Bohorquez, Jr. and Yadilsa Diaz on Posted in Cookies, Data Privacy, GDPR, Privacy
Part I: What Are Third-Party Cookies and Why they are Important — PART II — Privacy Laws And Third-Party Cookies Welcome to our second installment in our eight-part series preparing you for the post-cookie world. In our first post, we provided a deep dive into cookies for a baseline understanding of the technology and why … Continue Reading

US Facial Recognition Firm Ordered to Stop Processing UK and Australian Data and Pay Fine Over Privacy Law Violations

Photo of Jeewon SerratoPhoto of Shea M. LeitchBy Jeewon Serrato and Shea M. Leitch on Posted in AI, Biometrics, Data Privacy, GDPR, Privacy, Privacy Litigation
ICO and OAIC Find ‘Serious Breaches’ of Privacy Law On Nov. 29, 2021, the U.K. Information Commissioner’s Office (ICO) announced a provisional intent to fine Clearview AI over £17 million, alleging several privacy violations related to the company’s use of “scraped” data and biometrics of individuals. More significantly, the provisional order would require the company … Continue Reading

A Digital Advertising Primer on Preparing for the Post-Cookie World: Part One

Photo of Gerald J. FergusonPhoto of Fernando A. Bohorquez, Jr.Photo of Yadilsa DiazBy Gerald J. Ferguson, Fernando A. Bohorquez, Jr. and Yadilsa Diaz on Posted in Data Privacy, Emerging Technology
Editor’s Note: This blog post was originally published in September 2021, courtesy of the Association of National Advertisers. It is repurposed with permission. — PART I — Overview of the Five-Part Series In a time of constant change in digital advertising, there is one consistent question that persists in advertisers’ minds: What do we do after third-party … Continue Reading

California Privacy Protection Agency Board Chair Discusses CPRA Rulemaking Process and Agency Authority

Photo of Justin T. YedorPhoto of Jeewon SerratoBy Justin T. Yedor and Jeewon Serrato on Posted in CCPA, Consumer Data, CPRA, Data Privacy, Data Protection, Uncategorized
Justin T. Yedor and Jeewon Serrato On October 5, 2021, Jennifer Urban, who serves as Chair of the Board the California Privacy Protection Agency (the CPPA) spoke with members of the California Lawyer’s Association about the Board’s work to get the new Agency off the ground, the challenges it faces in doing so and the … Continue Reading

The Impact of Data Security Incident Trends on Commercial Transactions: Part II – Development Agreements

Photo of Craig CarpenterBy Craig Carpenter on Posted in Cybersecurity, Data Breach Notification Laws, Data Breaches, Information Security, Uncategorized
The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report – a report based on the firm’s experience with data security incident response and litigation over the past year – features a number of important insights previously covered in this blog, including trends in global breach notification, healthcare industry risks and ransomware. The report is … Continue Reading

CPRA Rulemaking Begins with an Invitation by the New California Privacy Protection Agency

Photo of Justin T. YedorPhoto of Stanton BurkePhoto of Jeewon SerratoBy Justin T. Yedor, Stanton Burke and Jeewon Serrato on Posted in CCPA, CPRA, Information Security, Online Privacy, Uncategorized
By Justin Yedor, Stanton Burke, and Jeewon K. Serrato For businesses awaiting guidance on how to comply with the California Privacy Rights Act (the “CPRA”), the new California Privacy Protection Agency (“CPPA”) began the rulemaking process on September 22, 2021 with an Invitation for Preliminary Comments on Proposed Rulemaking (the “Invitation for Comment”).  In the … Continue Reading
LexBlog