Privacy & Security Law Blog

Insight & Commentary on Information Management and Protection

Criminal masterminds are constantly re-envisioning their weapon of choice. International cyberattacks perpetuated through the use of leaked nation-state cyber tools, shaped many security discussions in 2018, but a new year consistently brings forth new challenges and lessons to learn. With the recent implementation of the European Union’s General Data Protection Regulation (GDPR) and the looming private right of action for security breaches in the California Consumer Protection Act (CCPA), many businesses are scrambling to stay…
What a difference a year makes. In early 2018, the biggest concern for the consumer-facing online ecosystem was probably the then-impending launch of the GDPR. Today, GDPR compliance seems like the least of our worries. California’s “Consumer Privacy Act” takes effect in 10 months, and other states are considering similar laws. Illinois’ Supreme Court just ruled that plaintiffs can recover damages without showing actual harm under the state’s biometric identification law. And, after two decades…
Attending HIMSS 2019 in Orlando next week? Don’t Miss Adam Greene’s session: Turning Good Information Security Into Good HIPAA Compliance It may seem odd, but you can have a robust, mature information security program but terrible compliance. In fact, recent HIPAA audits revealed exactly that for organizations that had focused heavily on information security. This session will bridge the gap between good information security and good HIPAA compliance, addressing what the regulators are looking…
Privacy has been a hot topic for state legislatures in the first month of the year. Legislators in nine states have introduced draft bills that would impose broad obligations on businesses to provide consumers with transparency and control of personal data. If passed, these laws will impact nearly any type of entity that operates in the state, even if the business has no physical presence in the state. Though the California Consumer Privacy Act (CCPA)—which…
Following in the footsteps of California, members of the Washington state legislature introduced the Washington Privacy Act (“WPA”) last month, which would regulate businesses that collect, use, and share the personal data of Washington residents. The WPA is modeled largely on the European Union’s General Data Protection Regulation (“GDPR”) rather than the California Consumer Privacy Act (“CCPA”) and thus would further complicate the landscape for companies doing business in the United States. The WPA is…
The American Health Lawyers Association Physicians and Hospitals Law Institute will be held in San Antonio from Feb 4-6, 2019. In-depth breakout sessions at the Physicians and Hospitals Law Institute will focus on legal challenges faced by physicians and their counsel, the legal challenges faced by hospitals and health systems and their counsel, and the legal issues of interest to both segments of the health care delivery system. Adam H. Greene of Davis Wright Tremaine…
Tuesday, January 29, 2019 1-2 p.m. Adoption of applications powered by artificial intelligence (AI) is skyrocketing. Customer service, operations, and internal company initiatives leveraging AI are prevalent in our lives today. Voice-enabled smart assistants, bot-enabled customer service, autonomous vehicles and machines, and much more. Join this panel of in-house and outside counsel working on these issues to learn more about some of these AI applications, how the law is struggling to keep up, and the…
With just under a year left to ensure compliance with the California Consumer Privacy Act (CCPA), organizations may be tempted to think there is ample time to assess their exposure to the new law and the potential impact on their business applications. The CCPA, however, represents a dramatic shift in how an organization must operationalize consumers’ privacy rights—which will require a significant effort and implementation of potentially costly technology solutions. Organizations may also be tempted…
The California Consumer Privacy Act (CCPA), enacted earlier this year, will drive class action lawsuits for information breaches as well as impose sweeping new compliance obligations on financial services companies doing business in California. The CCPA has been called the U.S. GDPR; but while some of its requirements are similar, the CCPA applies to a much broader data set than GDPR or any U.S. privacy law to date. For most consumer-focused industries, the CCPA will…
Washington threatened to further complicate the U.S. legal landscape on Friday, January 18, as a group of state senators introduced the “Washington Privacy Act,” SB 5376, a bill which would establish GDPR-like requirements on businesses that collect personal information related to Washington residents. In addition to requirements for notice, and consumer rights such as access, deletion, and rectification, the WPA would impose restrictions on the use of automatic profiling and facial recognition. The Washington…