Privacy & Security Law Blog

Insight & Commentary on Information Management and Protection

Despite support from the technology industry and almost unanimous support in the state Senate, the Washington Privacy Act (SB 5367) appears to dead after it failed to pass the Washington House before the April 17 deadline for the current legislative session. The bill—assumed by many to be a sure thing in light of the complete Democratic control of the Washington state government—hit a roadblock after significant amendments aimed at increasing consumer privacy, including…
Senators Warner, D-Va., and Fischer, R-Neb., introduced the “Deceptive Experiences to Online Users Reduction,” or DETOUR Act, on April 9, 2019. The bill covers “large online operators” (those with more than 100 million authenticated users), and addresses three main issues: Behavioral or psychological experiments on users; User interfaces (UIs) that are designed to (or in actual operation) obscure, subvert, or impair user autonomy regarding consent to privacy policies or to the provision and use of…
For the last 18 years, most financial services businesses could sum up their privacy practices with just four letters: G-L-B-A, also known as Title V of the Gramm-Leach-Bliley Act, Public Law 106-102, and its implementing regulations (“GLBA”). With the compliance date for California’s sweeping new privacy law quickly approaching, however, the financial privacy landscape is becoming much more complex. Here are some fast facts to keep financial services businesses on track with privacy compliance:…
Join the Health Care Compliance Association, April 7-10, in Boston for the single most comprehensive healthcare compliance conference. The program is designed for compliance professionals from a variety of healthcare backgrounds, including compliance officers, billing and coding professionals, auditors, nurses, risk managers, ethics officers, privacy officers, health information professionals. Healthcare Reform, Hospital Physician Alignment, Compliance Effectiveness, and HIPAA Privacy/Data Breach are all adding complexity to the challenges facing compliance professionals. Don’t miss out on Adam Greene
The United States Supreme Court on March 20, 2019 remanded an $8.5 million settlement in a class action against Google to the Ninth Circuit so that the lower court could evaluate standing under the Supreme Court’s 2016 Spokeo v. Robins decision. In the case, Frank v. Gaos, plaintiffs challenged Google’s transmission of “referrer headers” as a violation of the Stored Communications Act. Specifically, the complaint alleged that “when an Internet user conducted a Google search…
Chris Ott will be presenting “Checking out of Hotel California: The California Consumer Privacy Act, and Looming Federal Legislation” at the Consumer Bankers Association (CBA) LIVE 2019, April 1-3, 2019 at the Gaylord National in Washington, D.C. This conference marks the 10th year of retail banking’s premier event, and celebrates 100 years of the Consumer Bankers Association. Get more information and register for this event.…
Webinar ǀ Thursday, March 28, 2019 at 2:00 EST Developments in Artificial intelligence (AI) and machine learning (ML) have brought about unprecedented insight and value to the modern enterprise. At the same time, the right to be forgotten is ensconced in the current and upcoming privacy regulations such as the GDPR and CCPA. In this webinar, experts will discuss the connection between the deletion requirement and data privacy limits on data retention. What does…
This article originally appeared in the UCLA Law Review. Introduction On August 22, 2018, the California Attorney General Xavier Becerra wrote a letter to both the California State Senate and Assembly.1 The letter stated that A.B. 375, the California Consumer Privacy Act of 2018 (hereinafter Act) imposed “unworkable obligations and serious operational challenges upon” the AG’s office, as the Act appointed the AG as the chief enforcer of California’s new data privacy law.…
Up against a deadline for the introduction of legislation in the 2019 California state legislative session, numerous pieces of legislation were proposed last week to amend the California Consumer Privacy Act (CCPA), including a draft bill supported by the state attorney general that would allow consumers to bring private lawsuits for any violations of their privacy rights. SB 561 would authorize a consumer lawsuit “any time rights under [the CCPA] are violated,” with statutory damages…
March 1, 2019 is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health information that were discovered in calendar-year 2018. A small breach involves fewer than 500 individuals. HIPAA Notification Requirements. HIPAA requires covered entities to provide breach notification to affected individuals without unreasonable delay—and not later than 60 days after discovery. Covered entities also must report…