Elliot Golding

Blogs: Global IP & Technology Law Blog, SECURITY & PRIVACY // BYTES, The Anticorruption Blog, Triage Health Law

Latest Articles

Proposed CCPA Regulations: Initial Overview and Highlights

By Ann J. LaFrance, Elliot Golding, Lydia de la Torre, Glenn A. Brown, Lauren Kitces, India Scarver & Shalin Sood

October 15, 2019

On October 10, 2019, the California Attorney General (California AG) issued the long-awaited California Consumer Privacy Act (CCPA) Regulations (Proposed Regulations), along with an Initial Statement of Reasons (ISOR) explaining the Proposed Regulations. These Proposed Regulations not only fill in statutory gaps, but also create several substantive new requirements. Companies may submit comments through December 6, 2019, and several public hearings will be held in the first week of December. Our Data Privacy & Cybersecurity…

SECURITY & PRIVACY // BYTES

CCPA 2019 Amendments: Do They Provide the Clarity Businesses Need?

By India Scarver, Lydia de la Torre & Elliot Golding

September 18, 2019

This is Squire Patton Boggs’ Data Privacy and Cybersecurity Group’s second post regarding the recent amendments to the California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020. Our earlier post covering the CCPA amendment requiring data brokers to register with the California Attorney General, is available here. Please also read our prior posts regarding CCPA applicability and gap assessments, and remember to register for our upcoming webinar covering the final requirements …

SECURITY & PRIVACY // BYTES

CCPA and California’s New Registration Requirement

By Shalin Sood, Lydia de la Torre & Elliot Golding

September 16, 2019

The California legislature made several amendments to the California Consumer Privacy Act (“CCPA”) last Friday, September 13, 2019. This post focuses on the enactment of Assembly Bill No. 1202, which requires certain businesses that sell consumers’ personal information, as defined under the CCPA, to register as data brokers with the California Attorney General. For more information about the CCPA, see our prior alerts on applicability and conducting gap assessments, and remember to Register for…

SECURITY & PRIVACY // BYTES

Nevada’s New Privacy Law Will Go Into Effect Next Month: Are You Ready?

By Ericka Johnson, Lydia de la Torre, Elliot Golding & India Scarver

September 13, 2019

The Nevada Privacy of Information Collected on the Internet from Consumers Act (NPICICA) applies to operators of commercial websites and online services. NPICICA was amended in June 2019 through SB-220 to include a requirement to allow consumers to opt-out of certain data disclosures (“Sales”). This new law was inspired by the advent of the most stringent state US privacy law – the California Consumer Privacy Act (“CCPA”). Remarkably, it will leapfrog CCPA as it goes…

SECURITY & PRIVACY // BYTES

CCPA and Gap Assessments

By Lydia de la Torre, Elliot Golding & Shalin Sood

September 5, 2019

With the CCPA’s January 1, 2020 compliance date rapidly approaching, organizations subject to the California Consumer Privacy Act (“CCPA”) should conduct a gap assessment to determine what they need to accomplish in the next three months. Our second client alert in our California Consumer Privacy Act Series – Part 2: Gap Assessments provides further insight on conducting assessments for the CCPA. Companies looking to understand whether the CCPA applies to them should review our first…

Triage Health Law

Healthcare Cybersecurity Best Practices Out Now

By Elliot Golding

January 30, 2019

A new outlook on the most prominent cybersecurity threats in the healthcare industry today and a series of corresponding, risk-prioritized cybersecurity best practices to combat these threats are now available from the Department of Health and Human Services (HHS). More than 150 private sector healthcare and cybersecurity experts contributed to this guidance as part of the task force HHS established in response to The Cybersecurity Act of 2015. Their goal, cost-effectively strengthening cybersecurity in the…

Triage Health Law

Digital Health Update: Recent FDA Cyber Initiatives

By Elliot Golding & Jennifer Tharp

November 15, 2018

The Food and Drug Administration (“FDA”) has greatly increased its activity around cybersecurity initiatives and medical devices. As we approach the end of the year, this is a great opportunity to review recent developments. FDA Medical Device Cybersecurity Guidance On October 18, 2018, the FDA published draft guidance, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.” This draft replaces prior guidance from 2014, and the outlines recommendations for device design, data…

Triage Health Law

Unauthorized TV Cameras in Hospitals Yield Costly HIPAA Penalties of $999,000

By Elliot Golding & Jennifer Tharp

October 3, 2018

For the second time in as many years, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) entered into settlement agreements with and levied hefty fines on three hospitals that allegedly impermissibly disclosed patients’ protected health information to ABC News in the course of filming a television network documentary series. OCR announced on September 20 that Boston Medical Center, Brigham and Women’s Hospital and Massachusetts General Hospital each reached agreements with HHS…

Triage Health Law

Recent Guidance by ONC and SAMHSA Sheds Light on Compliance Requirements for 42 CFR Part 2

By Elliot Golding & Jennifer Tharp

July 12, 2018

In the face of the ongoing opioid crisis in the United States, the Office of the National Coordinator for Health Information Technology (“ONC”) and the Substance Abuse and Mental Health Services Administration (“SAMHSA”) recently released two fact sheets to clarify how the requirements of 42 CFR Part 2 apply in different provider contexts, including via electronic health information exchange (“HIE”). The Part 2 regulations were initially promulgated in 1975 to ensure the confidential treatment of…

The Anticorruption Blog

A Lesson: Follow Through With Encryption Plan

By Thomas Zeno & Elliot Golding

June 27, 2018

Even the best laid plan for data security requires follow through. A cancer center was penalized $4.3 million by the government for failing to complete its encryption plan for devices. The decision is instructive even for companies not specifically required to protect data under government regulation. Tom Zeno and Elliot Golding of Squire Patton Boggs discuss the case and its lesson. Go here for the article. …

Elliot Golding

Proposed CCPA Regulations: Initial Overview and Highlights

CCPA 2019 Amendments: Do They Provide the Clarity Businesses Need?

CCPA and California’s New Registration Requirement

Nevada’s New Privacy Law Will Go Into Effect Next Month: Are You Ready?

CCPA and Gap Assessments

Healthcare Cybersecurity Best Practices Out Now

Digital Health Update: Recent FDA Cyber Initiatives

Unauthorized TV Cameras in Hospitals Yield Costly HIPAA Penalties of $999,000

Recent Guidance by ONC and SAMHSA Sheds Light on Compliance Requirements for 42 CFR Part 2

A Lesson: Follow Through With Encryption Plan

Stay Connected

Company

Support

New to the Network