Skip to main content

Privacy & Cybersecurity

Viewpoints

Filter by:

Privacy & Thumbnail Viewpoints Thumbnail
If you have been relying on last year’s court order staying the ability of the California Privacy Protection Agency (CPPA) to enforce regulations promulgated under the California Privacy Rights Act (CPRA) to also stay your own CPRA compliance program --- time to ramp back up. Read more
Read more
Privacy & Thumbnail Viewpoints Thumbnail

New Year, New Privacy Law in New Jersey

January 30, 2024 | Blog | By M. Bertie Magit

Consumer privacy protection must have been tops on the New Jersey legislature’s list of New Year’s resolutions. The year was just two weeks old and New Jersey became the first State in 2024 to enact a comprehensive privacy law and is now one of over a dozen states to have its own comprehensive privacy law (together, the Privacy States”). New Jersey Governor Phil Murphy wrote in a recent press release that he is proud New Jersey is better protecting its residents with Senate Bill 332/A1971 (the “Law”). This comprehensive law aims to protect consumer privacy by creating strict requirements for how applicable companies may use and collect personal data from New Jersey consumers and provides such consumers with rights of access, modification and deletion of their personal data.
Read more
Viewpoint Thumbnail

FTC Warns AI Companies to Honor Privacy and Confidentiality Commitments — AI: The Washington Report

January 19, 2024 | Blog | By Michael Katz, Bruce Sokler, Alexander Hecht, Christian Tamotsu Fjeld, Raj Gambhir

Read more
Privacy & Thumbnail Viewpoints Thumbnail

2023 Round-Up on State Consumer Data Privacy Laws

December 28, 2023 | Blog | By Ilse P. Johnson, Michael Katz, Jon Taylor

Read more
Privacy & Thumbnail Viewpoints Thumbnail
This post will analyze the discussion and draft regulations for risk assessments and automated decisionmaking technology. The board spent over three hours on this agenda item, focusing closely on defined terms and the timing of certain requirements. As these regulations will impose new burdens and restrictions on many businesses, the board is walking a tightrope, balancing between protecting the consumer and burdening businesses.
Read more
Health Care Viewpoints Thumbnail
The U.S. Department of Health and Human Services (HHS) released a concept paper on December 6, 2023 outlining its action plan to enhance cyber resiliency in the health care sector by proposing certain voluntary cybersecurity actions and standards that may ultimately become requirements. For health care organizations such as hospitals, “cyber resiliency” generally means how organizations anticipate, operate during, respond to, and recover from cyber attacks such as ransomware attacks, cloud exploitations, phishing or spear-phishing attacks, software and zero-day vulnerabilities, or distributed denial of service attacks.
Read more
Privacy & Thumbnail Viewpoints Thumbnail
The Federal Communications Commission (“FCC”) announced Thursday that in furtherance of the work of the agency’s Privacy and Data Protection Task Force, the FCC’s Enforcement Bureau signed Memoranda of Understanding (“MOU”) with the Attorneys General of Connecticut, Illinois, New York, and Pennsylvania to share expertise and resources and to coordinate efforts conducting privacy, data protection and cyber-security-related investigations. Read more about this noteworthy legislative step.
Read more
Health Care Viewpoints Thumbnail
The Office for Civil Rights (OCR) recently offered covered entities and business associates (Regulated Entities) not-so-subtle reminders in its October 2023 Cybersecurity Newsletter that effective sanction policies can encourage HIPAA compliance.​​​​​​​ Regulated Entities are required by HIPAA to implement sanction policies in which they impose “appropriate sanctions” against their respective workforce members who fail to comply with the Privacy Rule or Security Rule, the Regulated Entity’s privacy policies and procedures, and/or the Regulated Entity’s security policies and procedures, as applicable. These sanction policies are important administrative safeguards meant to ensure there are objective, documented consequences for HIPAA non-compliance among workforce members. The recent proliferation of social engineering attacks and increasingly sophisticated nature of external cybersecurity threats in health care underscore the importance of Regulated Entities consistently reviewing and applying sanction policies.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

California Continues to Expand Privacy Protections

October 13, 2023 | Blog | By Michael Katz, Cynthia Larose, M. Bertie Magit

Read more
Privacy & Thumbnail Viewpoints Thumbnail

SEC Adopts Final Cybersecurity Rules for Public Companies

August 1, 2023 | Blog | By Cynthia Larose, John Condon, Michael Katz, Stefan Jović

The SEC adopted its final rules and amendments concerning cybersecurity risk management, strategy, governance, and incident disclosure (the “Final Rule”) on July 26, 2023.  In this article we highlight some of the principal changes to the cybersecurity rules first proposed by the SEC more than 16 months prior.
Read more
Privacy & Thumbnail Viewpoints Thumbnail
Covered entities, business associates, and any entities that collect health information about consumers online should carefully review the latest joint letter from the Office for Civil Rights (OCR) and the   Federal Trade Commission (FTC). On July 20, 2023, the agencies sent a joint letter to approximately 130 hospital systems and telehealth providers warning them about “serious privacy and security risks related to the use of online tracking technologies” such ad Google Analytics and Meta/Facebook Pixel. That letter was subsequently shared publicly and should be reviewed by any entity subject to regulation by either agency.   
Read more
Privacy & Thumbnail Viewpoints Thumbnail

The FTC Sets Its Sights on Biometric Information

July 6, 2023 | Blog | By Christopher Buontempo, Cynthia Larose

Read more
Privacy & Thumbnail Viewpoints Thumbnail

Florida Governor Signs Data Privacy Law Focused on Children, Search Engines and Billion Dollar Businesses

June 9, 2023 | Blog | By Elana Lerner Brockmann, Michael Katz, Cynthia Larose

Read more
Privacy & Thumbnail Viewpoints Thumbnail
In Montana, Governor Greg Gianforte signed the Montana’s Consumer Data Privacy Act (S.B. 384) (“MCDPA”) on May 19, 2023 – one of the strongest privacy bills signed in a red state.  Montana now becomes the ninth state to enact a comprehensive consumer data privacy law. 
Read more
Privacy & Thumbnail Viewpoints Thumbnail

My Health, My Data! Washington State Enacts Broad Health Data Privacy Protection Law

May 26, 2023 | Blog | By Lara Compton, Kathryn Edgerton, Adam B. Korn

Washington greatly expanded the protection for consumers’ identifiable health information by enacting the “My Health My Data Act” (MHMDA), in an effort to close the gap between HIPAA protections and the laws protecting the privacy and security of other consumer health care data. While MHMDA resembles the acts in both California and Illinois, it broadly applies to health information outside of traditional health care settings. In this article we answer frequently asked questions about MHMDA’s applicability and requirements.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

Mintz May Madness: Tennessee’s Information Protection Act Gets Us Thinking About NIST(y) Safe Harbors

May 12, 2023 | Blog | By Cynthia Larose, Michael Katz, Ilse P. Johnson

Tennessee is expected to become the eighth or ninth state to enact a comprehensive data privacy law. Tennessee Information Protection Act (“TIPA”) is a unique safe harbor compared to other recently enacted laws: it offers an affirmative defense to businesses who create, maintain and comply with a written privacy program that “reasonably conforms” to the National Institute of Standards and Technology (“NIST”) privacy framework or “other documented policies, standards, and procedures designed to safeguard consumer privacy.”
Read more
Privacy & Thumbnail Viewpoints Thumbnail

Mintz May Madness: Comprehensive Data Privacy Laws Sweeping the Nation

May 3, 2023 | Blog | By Michael Katz, Cynthia Larose, Ilse P. Johnson

Last month, three state legislatures passed comprehensive data privacy laws. This week, Indiana’s governor signed the Indiana Consumer Data Privacy Act (“ICDPA’) into law. Montana and Tennessee likely to follow right behind. These newcomers will join the six other states with data privacy statutes already enacted.
Read more

Explore Other Viewpoints: