The passage of the California Consumer Privacy Act (CCPA) was a seismic event in U.S. data privacy law. CCPA has an expansive, rights-based approach to privacy, with national and international ramifications. Foley Hoag attorneys Colin Zick, Chris Hart, Yoni Bard and Scott Bloomberg present a second podcast discussing the latest developments with the CCPA. Click here to listen to part one.…

Security, Privacy and the Law

CCPA Amendments – and a Ballot Initiative on the Horizon

By Scott Bloomberg

November 5, 2019

October brought three new developments to California’s comprehensive data privacy law, the California Consumer Privacy Act (“CCPA” or “Act”). First, the state enacted a series of amendments to the CCPA that both clarify ambiguities and create new exceptions. Second, we learned that the organization whose 2018 ballot initiative pushed California to enact the CCPA is planning to introduce another data privacy ballot initiative in 2020. Finally, California’s Attorney General published draft regulations for notice and…

Security, Privacy and the Law

Presentation: MaHIMA Dot Wagg Memorial Legislative Seminar

By Foley Hoag

November 4, 2019

Partner Colin Zick recently spoke at the MaHIMA Dot Wagg Memorial Legislative Seminar on HIPAA updates. Click here to download the slides. Topics included: HIPAA FAQs on right of access, CMS interoperability and the patient access proposed rule, HIPAA enforcement trends, the proposed AKS safe harbors, and more.…

Security, Privacy and the Law

Lessons Learned From The Greek Supervisory Authority’s PwC Decision on Employee Data Under GDPR

By Catherine Muyl

October 31, 2019

On 26 July 2019, the Greek Supervisory Authority (SA) found Pricewaterhouse Coopers (“PwC”) not compliant with General Data Protection Regulation (GDPR) in relation to the processing of its Greek employees’ personal data. The SA issued a €150,000 fine and an injunction requiring PwC to take measures to comply within three months (which is has apparently done). A summary of the decision in English is available on the Greek SA’s website. Why is…

Security, Privacy and the Law

Watch: Cybersecurity Regulation and Enforcement

By Foley Hoag

October 11, 2019

As data breaches are seemingly reported on a daily basis, cybersecurity has emerged as a top enforcement priority for federal and state regulators and a key concern for companies of all sizes in a diverse range of industries. For example, compliance with federal cybersecurity regulations is required by nearly every government contract and the New York Division of Financial Services adopted a vast set of regulations that is applicable to all entities operating under NYDFS…

Security, Privacy and the Law

Chinese Regulation of Children’s Personal Data Goes into Effect

By Jeremy Meisinger

October 2, 2019

On October 1, 2019, China’s new regulation to protect personal data related to children – called the “Measures on Online Protection of Children’s Personal Data” – went into effect. As we wrote in June, when a draft of the regulation was released by the Cyberspace Administration of China, the regulation contains elements similar to those found in both the United States’ Children’s Online Privacy Protection Act (“COPPA”) and the European Union’s General…

Security, Privacy and the Law

A HealthIT Cybersecurity Toolkit

By Colin Zick

September 22, 2019

A recent report from the Mass Digital Health Council includes a cybersecurity toolkit created by MDHC’s Cybersecurity Group of Experts (CGE). The toolkit will enable faster clinical adoption of new digital health products, software and solutions by enhancing access to security needs and requirements and will address: Cybersecurity needs for digital health companies Medical device and software solutions Best practices Available state and national resources and tools This toolkit should enable healthcare organizations to share…

Security, Privacy and the Law

Presentation: MassTLC Policy and CyberMA Seminar

By Foley Hoag

September 16, 2019

Attorneys Colin Zick and Chris Hart recently led a Q&A discussion for MassTLC members on new trends in data privacy. Click here to download the slides. Topics included: recent GDPR enforcement actions, the California Consumer Privacy Act, recent changes to the Massachusetts data breach statute and more.…

Security, Privacy and the Law

Data Scraping, at Home and Abroad

By Christopher Escobedo Hart

September 11, 2019

Data scraping is a technique where information on one platform is exported onto another. The practice is widespread and is used for all sort of reasons, like market analysis or advertising. The kind of information located and extracted is as varied as the kind of information that exists on the internet–which is to say, anything and everything–but where it becomes particularly interesting is when personal information is being scraped. A recent U.S. case, and a…

Security, Privacy and the Law

Hospital Fined $85,000 by OCR for Failure to Provide Timely Access to Patient Records

By Colin Zick

September 9, 2019

Today, in the first settlement of its kind, the Office for Civil Rights at the U.S. Department of Health and Human Services (“OCR”) announced that Bayfront Health St. Petersburg (“Bayfront”) has paid $85,000 to OCR and has adopted a corrective action plan to settle a potential violation of the right of access provision of the Health Insurance Portability and Accountability Act (HIPAA). This is also the first enforcement action under OCR’s Right of Access Initiative…

Security, Privacy and the Law

Blog Authors

Countdown to CCPA: Foley Hoag Podcast Series Number 2

CCPA Amendments – and a Ballot Initiative on the Horizon

Presentation: MaHIMA Dot Wagg Memorial Legislative Seminar

Lessons Learned From The Greek Supervisory Authority’s PwC Decision on Employee Data Under GDPR

Watch: Cybersecurity Regulation and Enforcement

Chinese Regulation of Children’s Personal Data Goes into Effect

A HealthIT Cybersecurity Toolkit

Presentation: MassTLC Policy and CyberMA Seminar

Data Scraping, at Home and Abroad

Hospital Fined $85,000 by OCR for Failure to Provide Timely Access to Patient Records

Stay Connected

Company

Support

New to the Network