Skip to main content

Privacy & Cybersecurity

Viewpoints

Filter by:

Privacy & Thumbnail Viewpoints Thumbnail

In response to an alarming increase in the size and frequency of large-scale data breaches involving protected health information, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) dropped a bit of a year-end bombshell:  proposed HIPAA Security Rule amendments. Learn more.

Read more
Privacy & Thumbnail Viewpoints Thumbnail

Check out our comprehensive 2024 State Data Privacy Law Round-Up for the latest US State laws in data privacy. While consumer data privacy laws are still relatively new, we are beginning to see evidence of enforcement in some states and far greater attention and resource expenditure internally from businesses working hard to determine which laws apply to their organizations and what steps are necessary to ensure compliance. 

Read more
Privacy & Thumbnail Viewpoints Thumbnail

On April 4, 2024, Kentucky Governor Andy Beshear (D) signed the Kentucky Consumer Data Protection Act (“KCDPA”) into law, with a slow roll to the date it takes effect on January 1, 2026. The KCDPA goes a bit easier on businesses and (1) does not impose a requirement to provide a universal opt-out mechanism, and (2) has a permanent cure provision that will afford violators ongoing opportunities to rectify alleged violations of the law. Learn more about the Kentucky Consumer Data Protection Act.

Read more
Health Care Viewpoints Thumbnail

Last fall at the Safeguarding Health Information: Building Assurance Through HIPAA Security 2024 conference, U.S. Department of Health & Human Services Office for Civil Rights (OCR) promised that before year’s end, it would publish amendments to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. On December 27, 2024, OCR made good on that promise and released an unpublished version of the Security Rule amendments proposal.

Read more
Privacy & Thumbnail Viewpoints Thumbnail

Minnesota Governor Tim Walz (D) signed into law the Minnesota Consumer Data Privacy Act, which will take effect on July 31, 2025. Learn more about the Minnesota Consumer Data Privacy Act.

Read more
Viewpoint Thumbnail

Every year, Mintz provides analysis of the regulatory developments affecting public companies as they approach fiscal year-end filings with the Securities and Exchange Commission and annual shareholder meetings. This memorandum highlights key considerations to guide you through the 2025 year-end reporting process.

Read more
Privacy & Thumbnail Viewpoints Thumbnail

Everything you need to know about the Delaware Personal Data Privacy Act as it becomes effective on January 1, 2025. Here's what impacted companies need to gear up and prepare for.

Read more
Privacy & Thumbnail Viewpoints Thumbnail

The Nebraska Data Privacy Act (or NEDPA) becomes effective on January 1, 2025.  This relatively short period between signature and effective date left little time for impacted companies to prepare; however, Nebraska’s approach to applicability criteria has cast a specifically tailored net focused on businesses selling personal data of Nebraska residents.

Read more
Privacy & Thumbnail Viewpoints Thumbnail

Iowa's consumer privacy law is taking effect soon. Learn more about the Iowa Consumer Data Protection Act or “IACDPA” which becomes effective on January 1, 2025.

Read more
Privacy & Thumbnail Viewpoints Thumbnail

Learn about the Oregon Consumer Privacy Law which took effect in July of 2024.

Read more
Privacy & Thumbnail Viewpoints Thumbnail

Dark Patterns come into focus as the California Privacy Protection Agency (CPPA) issues September 4 Enforcement Advisory.

Read more
Viewpoint Thumbnail

In June, the U.S. Court of Appeals for the Ninth Circuit affirmed a social media company’s summary judgment win on BIPA claims, in a sophisticated ruling providing a plausible path forward for technology companies and others offering facial matching services.

Read more
Privacy & Thumbnail Viewpoints Thumbnail

The RIDTPPA provides privacy rights to Rhode Islanders and imposes obligations on covered entities largely in line with several other U.S. state privacy laws.

Read more
Securities & Capital Markets Viewpoints Thumbnail

The SEC issued five new Compliance & Disclosure Interpretations (C&DIs) relating to the materiality assessment and disclosure requirements of material cybersecurity incidents under Item 1.05 of Form 8-K.

Read more
Securities & Capital Markets Viewpoints Thumbnail

Read about a recent statement from Erik Gerding, Director of the SEC’s Division of Corporation Finance, which provided clarification regarding the disclosure of cybersecurity incidents by reporting companies.

Read more
Privacy & Thumbnail Viewpoints Thumbnail

As U.S. states continue to pass data privacy legislation, Maryland has gone above and beyond in signing both the Maryland Online Data Privacy Act of 2024 (MODPA) and the Maryland Age Appropriate Design Code (HB 603/SB 5712023) into law on May 9, 2024. The Kids Code will go into effect in October and the MODPA will go into effect one year thereafter.

Read more
Privacy & Thumbnail Viewpoints Thumbnail

The push by U.S. states to pass data privacy laws continues with Maryland being the 18th state to join their ranks. However, Maryland has taken a more stringent and comprehensive approach than many of its peers

Read more
Health Care Viewpoints Thumbnail

Earlier this week, the Biden-Harris Administration, through the Office for Civil Rights (OCR) announced a Final Rule aimed at protecting protected health information (PHI) related to lawfully provided reproductive health care services.  As we discussed last year, the HIPAA Privacy Rule to Support Reproductive Health Care Privacy was proposed in response to concerns about the confidentiality of PHI related to reproductive health care following the decision in Dobbs v. Jackson Women’s Health Organization.  In the executive summary of the Final Rule, OCR emphasized that the changing post-Dobbs legal landscape “increases the likelihood that an individual’s PHI may be disclosed in ways that cause harm to the interests that HIPAA seeks to protect, including the trust of individuals in health care providers and the health care system.”  The Final Rule defines “reproductive health care” as “health care…that affects the health of an individual in all matters relating to the reproductive system and to its functions and processes.” 

Read more
Privacy & Thumbnail Viewpoints Thumbnail

Will the U.S. finally join most developed nations and pass a comprehensive federal privacy law?  Some believe this may be the year that the U.S. does just that.

Read more
Privacy & Thumbnail Viewpoints Thumbnail

This post provides the details and information you and your business need to know about the New Jersey Privacy Act (NJPA), signed into law by Governor Phil Murphy. 

Read more

Explore Other Viewpoints: