Skip to main content

Privacy & Cybersecurity

Viewpoints

Filter by:

Privacy & Thumbnail Viewpoints Thumbnail

The RIDTPPA provides privacy rights to Rhode Islanders and imposes obligations on covered entities largely in line with several other U.S. state privacy laws.

Read more
Privacy & Thumbnail Viewpoints Thumbnail

The push by U.S. states to pass data privacy laws continues with Maryland being the 18th state to join their ranks. However, Maryland has taken a more stringent and comprehensive approach than many of its peers

Read more
Privacy & Thumbnail Viewpoints Thumbnail

As U.S. states continue to pass data privacy legislation, Maryland has gone above and beyond in signing both the Maryland Online Data Privacy Act of 2024 (MODPA) and the Maryland Age Appropriate Design Code (HB 603/SB 5712023) into law on May 9, 2024. The Kids Code will go into effect in October and the MODPA will go into effect one year thereafter.

Read more
Health Care Viewpoints Thumbnail

Earlier this week, the Biden-Harris Administration, through the Office for Civil Rights (OCR) announced a Final Rule aimed at protecting protected health information (PHI) related to lawfully provided reproductive health care services.  As we discussed last year, the HIPAA Privacy Rule to Support Reproductive Health Care Privacy was proposed in response to concerns about the confidentiality of PHI related to reproductive health care following the decision in Dobbs v. Jackson Women’s Health Organization.  In the executive summary of the Final Rule, OCR emphasized that the changing post-Dobbs legal landscape “increases the likelihood that an individual’s PHI may be disclosed in ways that cause harm to the interests that HIPAA seeks to protect, including the trust of individuals in health care providers and the health care system.”  The Final Rule defines “reproductive health care” as “health care…that affects the health of an individual in all matters relating to the reproductive system and to its functions and processes.” 

Read more
Privacy & Thumbnail Viewpoints Thumbnail

Will the U.S. finally join most developed nations and pass a comprehensive federal privacy law?  Some believe this may be the year that the U.S. does just that.

Read more
Privacy & Thumbnail Viewpoints Thumbnail

This post provides the details and information you and your business need to know about the New Jersey Privacy Act (NJPA), signed into law by Governor Phil Murphy. 

Read more
Health Care Viewpoints Thumbnail

As promised in the U.S. Department of Health and Human Services (HHS) concept paper in December 2023, the agency published voluntary health care and public health cybersecurity performance goals (HPH CPGs) in January 2024 and then proposed in the HHS FY 2025 Budget to establish certain HPH CPG compliance incentives and penalties for hospitals.

Read more
Privacy & Thumbnail Viewpoints Thumbnail

After years of internal discussion, the Board of the California Privacy Protection Agency (CPPA), at their March 8th meeting, voted to progress toward formalizing the proposed regulations on risk assessments and automated decisionmaking technology (ADMT). 

Read more
Privacy & Thumbnail Viewpoints Thumbnail

If you have been relying on last year’s court order staying the ability of the California Privacy Protection Agency (CPPA) to enforce regulations promulgated under the California Privacy Rights Act (CPRA) to also stay your own CPRA compliance program --- time to ramp back up.

Read more
Privacy & Thumbnail Viewpoints Thumbnail

Consumer privacy protection must have been tops on the New Jersey legislature’s list of New Year’s resolutions. The year was just two weeks old and New Jersey became the first State in 2024 to enact a comprehensive privacy law and is now one of over a dozen states to have its own comprehensive privacy law (together, the Privacy States”). New Jersey Governor Phil Murphy wrote in a recent press release that he is proud New Jersey is better protecting its residents with Senate Bill 332/A1971 (the “Law”). This comprehensive law aims to protect consumer privacy by creating strict requirements for how applicable companies may use and collect personal data from New Jersey consumers and provides such consumers with rights of access, modification and deletion of their personal data.

Read more
Viewpoint Thumbnail

Read about the FTC’s business guidance blog post discussing its resolve to enforce the privacy commitments of certain AI firms known as “model-as-a-service” companies in the latest edition of AI: The Washington Report, a joint undertaking of Mintz and ML Strategies covering potential federal legislative, executive, and regulatory activities related to AI.

Read more
Privacy & Thumbnail Viewpoints Thumbnail

This post will analyze the discussion and draft regulations for risk assessments and automated decisionmaking technology. The board spent over three hours on this agenda item, focusing closely on defined terms and the timing of certain requirements. As these regulations will impose new burdens and restrictions on many businesses, the board is walking a tightrope, balancing between protecting the consumer and burdening businesses.

Read more
Health Care Viewpoints Thumbnail

The U.S. Department of Health and Human Services (HHS) released a concept paper on December 6, 2023 outlining its action plan to enhance cyber resiliency in the health care sector by proposing certain voluntary cybersecurity actions and standards that may ultimately become requirements. For health care organizations such as hospitals, “cyber resiliency” generally means how organizations anticipate, operate during, respond to, and recover from cyber attacks such as ransomware attacks, cloud exploitations, phishing or spear-phishing attacks, software and zero-day vulnerabilities, or distributed denial of service attacks.

Read more
Privacy & Thumbnail Viewpoints Thumbnail

The Federal Communications Commission (“FCC”) announced Thursday that in furtherance of the work of the agency’s Privacy and Data Protection Task Force, the FCC’s Enforcement Bureau signed Memoranda of Understanding (“MOU”) with the Attorneys General of Connecticut, Illinois, New York, and Pennsylvania to share expertise and resources and to coordinate efforts conducting privacy, data protection and cyber-security-related investigations. Read more about this noteworthy legislative step.

Read more
Health Care Viewpoints Thumbnail

The Office for Civil Rights (OCR) recently offered covered entities and business associates (Regulated Entities) not-so-subtle reminders in its October 2023 Cybersecurity Newsletter that effective sanction policies can encourage HIPAA compliance. Regulated Entities are required by HIPAA to implement sanction policies in which they impose “appropriate sanctions” against their respective workforce members who fail to comply with the Privacy Rule or Security Rule, the Regulated Entity’s privacy policies and procedures, and/or the Regulated Entity’s security policies and procedures, as applicable. These sanction policies are important administrative safeguards meant to ensure there are objective, documented consequences for HIPAA non-compliance among workforce members. The recent proliferation of social engineering attacks and increasingly sophisticated nature of external cybersecurity threats in health care underscore the importance of Regulated Entities consistently reviewing and applying sanction policies.

Read more
Privacy & Thumbnail Viewpoints Thumbnail

The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (the “CCPA”), has been further expanded under Governor Gavin Newsom. The signing of Assembly Bills 947 and 1194 expands the protection of sensitive personal information. Read more to find out the impacts of these bills and the Delete Act.

Read more
Privacy & Thumbnail Viewpoints Thumbnail

The SEC adopted its final rules and amendments concerning cybersecurity risk management, strategy, governance, and incident disclosure (the “Final Rule”) on July 26, 2023.  In this article we highlight some of the principal changes to the cybersecurity rules first proposed by the SEC more than 16 months prior.

Read more

Explore Other Viewpoints: