Move over, CCPA?  New York Considers Sweeping Data Privacy Law

New York’s state legislature is considering a new data privacy law that would set the standard for data privacy in the U.S.  The New York Privacy Act (the “NYPA” or the “Act”), which is currently being considered by the state Senate’s Consumer Protection Committee, would provide New York consumers with a robust set of data privacy rights, would place fiduciary duties on businesses that control and process data,… More

China’s Internet Regulator Drafts COPPA-Like Rules for Children’s Data Privacy

In early June, the Cyberspace Administration of China released for public comment new draft regulations applicable to the collection of personal information relating to children under 14 by online service providers.

The draft regulations share many of the same structures as those utilized by the Children’s Online Privacy Protection Act (“COPPA”) in the United States:

  • online service operators will have to obtain parental consent based on a comprehensive disclosure about the collection,…
  • More

Partner Colin Zick Discusses Sports Betting and Biometric Data with the Boston Globe

As Massachusetts lawmakers consider whether to legalize sports betting, professional athletes fear that their biometric data – which can be collected and analyzed as part of their training – could become a commodity in this form of gambling. Professional sports leagues say that they have no plans to make this data available for gamblers, but the use of biometric data from wearable health devices is not covered by health privacy laws.… More

Presentation: The New Massachusetts Data Breach Law – An Update

A new Massachusetts law toughens reporting requirements for companies and organizations hit by data security breaches and mandates requires free credit monitoring to affected consumers. Partner Colin Zick and counsel Chris Hart recently presented a webinar for Associated Industries of Massachusetts (AIM) that provides a big picture of the data privacy legal landscape, discusses real-world impacts of the new provisions and offers guidance on other upcoming changes such as the GDPR and the California Consumer Privacy Act (CCPA).… More

Is the CCPA Too Burdensome … for Consumers?

The California Consumer Privacy Act (“CCPA”) has been lauded as a “huge step forward” that could set a standard for other states and the federal government that enact increasingly robust data privacy legislation.  Indeed, some federal lawmakers view the law so favorably that they do not want future federal legislation to replace it. In the words of Rep. Jackie Speier (D-Calif.) to Politico: “California’s bill is the best.… More

Happy Birthday, GDPR!

Dear GDPR,

Before you were born, you already attracted a lot of attention, after all, not everyone is born over two years after they are conceived and has 28 parents!  And your parents had to ‎resist an enormous pressure from people who predicted that once you were born, you would be a nightmare. Well, now that you have been in this world for one year,… More

Consumers and Senators Urge FTC to Investigate New Child-Focused, Voice-Activated Device

On May 9, 2019, a coalition of consumer groups submitted a complaint to the Federal Trade Commission (“FTC”) regarding Amazon’s Echo Dot Kids Edition, arguing that the device runs afoul of the Children’s Online Privacy Protection Act (“COPPA”).  The Echo Dot Kids Edition is a child-focused version of Amazon’s popular voice-activated smart speaker device that utilizes Amazon’s Alexa digital assistant.… More

Partner Colin Zick Quoted in McKnight’s Long-Term Care News Article on Ransomware

Ransomware attacks are the biggest data breach threat facing nursing facilities and other healthcare institutions, a new Bloomberg investigation finds.

“Part of the reason individuals are so vulnerable is that they receive so many emails that each one isn’t carefully reviewed,” partner Colin Zick said.

Click here to read the full article on McKnight’s. More

HHS to Reduce Top HIPAA Fines Based on “Level of Culpability”

In a Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties issued on April 23, 2019, the Department of Health and Human Services (HHS) exercised “its discretion in how it applies HHS regulations concerning the assessment of Civil Money Penalties (CMPs) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as such provision was amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act” to reduce the maximum annual fines it will impose for HIPAA violations.… More

Minimizing Risk and Liability from Man in the Middle Attacks (or, How to Keep Your Company’s Wire Transfers from Going Awry)

Imagine this scenario:  you’ve had a productive and mutually advantageous ongoing contractual relationship of several years with another party.  You have built up quite a bit of trust over the years, and communicate regularly over email.  Your email communications include you receiving invoices and then confirming payment; your email messages might include a note about an upcoming shipment or provision of services, or even a note wishing the family well.… More