Tag Archives: data privacy

CPRA Rulemaking Explained and CPRA Amendments Push Forward, Including Employee and Business-to-Business Exemptions

Photo of Jeewon SerratoPhoto of Marshall J. MatteraBy Jeewon Serrato and Marshall J. Mattera on Posted in CPRA
On Feb. 18, Chairperson Jennifer Urban of the California Privacy Protection Agency (CPPA) addressed the California state bar and clarified the announcements that were made during the CPPA board meeting on Feb. 17. Read on for an explanation of the California Privacy Rights Act (CPRA) rulemaking process and brief summaries of the privacy bills in … Continue Reading

CPRA Regulations Postponed

Photo of Jeewon SerratoPhoto of Justin T. YedorPhoto of Marshall J. MatteraBy Jeewon Serrato, Justin T. Yedor and Marshall J. Mattera on Posted in CPRA
On Feb. 17, 2022, the California Privacy Protection Agency (CPPA or the Agency) held a public board meeting to address several topics, including the rulemaking under the California Privacy Rights Act (CPRA). Although the CPRA includes a July 1 deadline for the Agency to promulgate final regulations, it is clear the CPPA will not meet … Continue Reading

A Digital Advertising Primer on Preparing for the Post-Cookie World: Part Three

Photo of Fernando A. Bohorquez, Jr.Photo of Gerald J. FergusonPhoto of Yadilsa DiazPhoto of Priyanka SurapaneniBy Fernando A. Bohorquez, Jr., Gerald J. Ferguson, Yadilsa Diaz and Priyanka Surapaneni on Posted in Cookies
Part I: What Are Third-Party Cookies and Why They Are Important Part II: Privacy Laws and Third-Party Cookies Part III: The Big Tech Phase-Out of the Third-Party Cookie and the Emerging Industry Landscape – Browsers and Mobile — PART III — The Big Tech Phase-Out Welcome to the third installment in our eight-part series preparing … Continue Reading

A Digital Advertising Primer on Preparing for the Post-Cookie World: Part Two

Photo of Gerald J. FergusonPhoto of Fernando A. Bohorquez, Jr.Photo of Yadilsa DiazBy Gerald J. Ferguson, Fernando A. Bohorquez, Jr. and Yadilsa Diaz on Posted in Cookies, Data Privacy, GDPR, Privacy
Part I: What Are Third-Party Cookies and Why they are Important — PART II — Privacy Laws And Third-Party Cookies Welcome to our second installment in our eight-part series preparing you for the post-cookie world. In our first post, we provided a deep dive into cookies for a baseline understanding of the technology and why … Continue Reading

US Facial Recognition Firm Ordered to Stop Processing UK and Australian Data and Pay Fine Over Privacy Law Violations

Photo of Jeewon SerratoPhoto of Shea M. LeitchBy Jeewon Serrato and Shea M. Leitch on Posted in AI, Biometrics, Data Privacy, GDPR, Privacy, Privacy Litigation
ICO and OAIC Find ‘Serious Breaches’ of Privacy Law On Nov. 29, 2021, the U.K. Information Commissioner’s Office (ICO) announced a provisional intent to fine Clearview AI over £17 million, alleging several privacy violations related to the company’s use of “scraped” data and biometrics of individuals. More significantly, the provisional order would require the company … Continue Reading

A Digital Advertising Primer on Preparing for the Post-Cookie World: Part One

Photo of Gerald J. FergusonPhoto of Fernando A. Bohorquez, Jr.Photo of Yadilsa DiazBy Gerald J. Ferguson, Fernando A. Bohorquez, Jr. and Yadilsa Diaz on Posted in Data Privacy, Emerging Technology
Editor’s Note: This blog post was originally published in September 2021, courtesy of the Association of National Advertisers. It is repurposed with permission. — PART I — Overview of the Five-Part Series In a time of constant change in digital advertising, there is one consistent question that persists in advertisers’ minds: What do we do after third-party … Continue Reading

California Privacy Protection Agency Board Chair Discusses CPRA Rulemaking Process and Agency Authority

Photo of Justin T. YedorPhoto of Jeewon SerratoBy Justin T. Yedor and Jeewon Serrato on Posted in CCPA, Consumer Data, CPRA, Data Privacy, Data Protection, Uncategorized
Justin T. Yedor and Jeewon Serrato On October 5, 2021, Jennifer Urban, who serves as Chair of the Board the California Privacy Protection Agency (the CPPA) spoke with members of the California Lawyer’s Association about the Board’s work to get the new Agency off the ground, the challenges it faces in doing so and the … Continue Reading

The Impact of Data Security Incident Trends on Commercial Transactions: Part II – Development Agreements

Photo of Craig CarpenterBy Craig Carpenter on Posted in Cybersecurity, Data Breach Notification Laws, Data Breaches, Information Security, Uncategorized
The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report – a report based on the firm’s experience with data security incident response and litigation over the past year – features a number of important insights previously covered in this blog, including trends in global breach notification, healthcare industry risks and ransomware. The report is … Continue Reading

CPRA Rulemaking Begins with an Invitation by the New California Privacy Protection Agency

Photo of Justin T. YedorPhoto of Stanton BurkePhoto of Jeewon SerratoBy Justin T. Yedor, Stanton Burke and Jeewon Serrato on Posted in CCPA, CPRA, Information Security, Online Privacy, Uncategorized
By Justin Yedor, Stanton Burke, and Jeewon K. Serrato For businesses awaiting guidance on how to comply with the California Privacy Rights Act (the “CPRA”), the new California Privacy Protection Agency (“CPPA”) began the rulemaking process on September 22, 2021 with an Invitation for Preliminary Comments on Proposed Rulemaking (the “Invitation for Comment”).  In the … Continue Reading

Ohio Proposes Comprehensive Privacy Legislation

Photo of Damon C. BarhorstPhoto of William BerglundBy Damon C. Barhorst and William Berglund on Posted in Consumer Data, Data Protection, Enforcement, Privacy, State Legislation
Ohio recently became the latest state to consider enacting comprehensive privacy legislation. On July 13, 2021, the Ohio Personal Privacy Act (House Bill 376) was introduced into the Ohio House of Representatives with the backing of Ohio Governor Mike DeWine and Lt. Governor Jon Husted. If passed, OPPA would establish consumer data rights for natural … Continue Reading

The Impact of Data Security Incident Trends on Commercial Transactions: Part I – M&A

Photo of Craig CarpenterBy Craig Carpenter on Posted in Data Security Incident Response
The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report – a report based on the firm’s experience with data security incident response and litigation over the past year – features a number of important insights previously covered on this blog including trends in global breach notification, healthcare industry risks and ransomware. The Report is … Continue Reading

Virginia Likely to Become Second State with Comprehensive Privacy Legislation

By Kyle Dull and Kyle R. Fath on Posted in CDPA
With a special session scheduled to begin Feb. 10, Virginia is poised to become the second state to pass comprehensive consumer privacy legislation. The Consumer Data Protection Act (CDPA) passed the Virginia Senate on Friday, Feb. 5, and has been referred back to the Virginia House to be reconciled. Seeing that the House previously passed … Continue Reading

What Can We Learn From the Healthcare Data Breach ‘Wall of Shame’?

Photo of Eric A. PackelBy Eric A. Packel on Posted in HHS, HIPAA/HITECH
In addition to dealing with the public outcry and regulatory scrutiny resulting from a healthcare data breach, covered entities under the Health Insurance Portability and Accountability Act (or their business associates) are required to report breaches to the Department of Health & Human Services’ (HHS) Office for Civil Rights. But the pain doesn’t end there. … Continue Reading

Navigating the State Data Breach Laws? An Enhanced Resource is Available

Photo of Julie HeinBy Julie Hein on Posted in Breach Notification, Data Breach Notification Laws
In large security incidents, the differences among state breach notification laws usually do not come into play. In smaller matters, where individuals in only a few states are potentially affected, the differences sometimes result in having an obligation to notify individuals in some states but not others. And states have been active in amending their … Continue Reading

The Weekly Privacy Rewind

By Aaron Lancaster on Posted in Weekly Privacy Rewind
Class Actions Google Seeks Dismissal of BIPA Class Action • Google has sought dismissal of a putative class action lawsuit alleging violations of Illinois’ Biometric Information Privacy Act (BIPA). • According to the original complaint, Google allegedly violated BIPA by scanning photos of nonusers uploaded to Google Photos and then “extracting geometric data” of the … Continue Reading

Looking Back: The Federal Trade Commission Issues Annual Data Privacy Report for 2017

By John Busch on Posted in Cybersecurity, Enforcement, News
On Jan. 18, 2018, the Federal Trade Commission (FTC) published its Annual Privacy and Data Security Update. The update is helpful to businesses in that it recaps the efforts and areas of involvement the FTC has targeted in the past year as well as guides data protection strategies for 2018. The report provides a detailed … Continue Reading

SAMHSA Updates Privacy Regulations to Reflect Advancements in Healthcare

Photo of Lynn SessionsPhoto of Kathryn CareyBy Lynn Sessions and Kathryn Carey on Posted in HIPAA/HITECH, Privacy Litigation
On Jan. 3, 2018, the Substance Abuse and Mental Health Services Administration (SAMHSA) issued its final rule regarding the Confidentiality of Substance Use Disorder Patient Records Part 2. These changes become effective Feb. 2, 2018. As background, the Confidentiality of Substance Use Discover Patient Records Part 2 protects patient records maintained in connection with any … Continue Reading

When is a Chair not a Chair? Big Data Algorithms, Disparate Impact, and Considerations of Modular Programming

Photo of James A. ShererBy James A. Sherer on Posted in Information Governance, International Privacy Law, Social Media
The DESI VII Workshop titled “Using Advanced Data Analysis in eDiscovery & Related Disciplines to Identify and Protect Sensitive Information in Large Collections” was held on the Strand Campus of King’s College in London on June 12, 2017. DESI VII was particularly focused on privacy, and presented numerous papers that examined emerging protocols and novel … Continue Reading

FTC And ASUS Reach Settlement Over Risk To Consumer Privacy In ASUS-Branded Routers

By Kathryn Mellinger and Suchismita Pahi on Posted in Online Privacy
To date, the U.S. Federal Trade Commission has brought over 60 enforcement actions regarding company data security practices, and 2016 is already no different. On February 23, 2016, the FTC and Taiwanese computer hardware manufacturer ASUSTeK Computer, Inc., settled the FTC’s charges that ASUS-branded wireless routers, which were manufactured for home use and allowed consumers … Continue Reading

Australia Introduces Draft Privacy Act Amendment Addressing Notification

By Kathryn Mellinger on Posted in Data Breaches, Online Privacy
In 2015, several countries introduced new data privacy regulations and approved new data protection regulators. As the year draws to a close, Australia joins the list of countries advancing new data privacy legislation with the Australian government’s recent release of a draft bill amending its Privacy Act to implement a new security incident notification framework. … Continue Reading

Trans-Pacific Partnership Would Promote Cross-Border Data Transfers and Restrict Data Localization

By David M. Brown on Posted in International Privacy Law
As U.S. and European regulators and businesses work toward solutions in the wake of last month’s decision by the Court of Justice of the European Union that invalidated the EU-U.S. Safe Harbor framework for cross-border data transfers – previously discussed here and here – the Trans-Pacific Partnership (TPP) trade agreement seeks to facilitate cross-border data … Continue Reading

2015 BakerHostetler Security Incident Response Report Provides Insight Beyond Technical Incidents

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Cybersecurity, Data Breaches, HIPAA/HITECH, Incident Response, Information Security, Infrastructure, Retail Industry
There is no longer a debate – security incidents are inevitable. Organizations are working to be better prepared to respond when the first sign of an incident is detected (often at 4:30 p.m. on a Friday). So what kind of incidents should they prepare for and how should they prepare? Annual reports from forensic investigation … Continue Reading

An Ounce of Prevention Is Better (and Cheaper) Than a Pound of Cure: It’s time for a data protection checkup.

By Alan L. Friel on Posted in Cybersecurity, Incident Response, Information Governance, Online Privacy
We recently released the first BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our law firm advised on in 2014. The report shows that human error was the number one cause of data security incidents we worked on last year, with employee negligence responsible … Continue Reading
LexBlog