When it comes to website privacy compliance, cookies have consistently presented the most fraught issues for U.S. businesses. This is especially true for those businesses that find themselves in a sometimes new or often uncertain relationship with the EU or UK GDPR. Do I need a cookie banner? Where does it go? How big does it have to be? Will a privacy policy alone do? Can’t users just be directed to the appropriate place to disable their browser’s cookie collection? … More
Thirty-Three State Attorneys General Show Support for FTC’s Proposed Crackdown on “Commercial Surveillance”
On August 22, 2022, the Federal Trade Commission (“FTC”) indicated through the Advanced Notice of Proposed Rulemaking its intent to limit commercial surveillance – the common corporate practice of collecting, analyzing, and monetizing consumers’ data. As slews of data breaches resulted in millions of dollars in settlement and countless consumers whose data had been jeopardized, 33 states, including Massachusetts, New York, and Texas, showed support for the FTC’s proposed rule through a comment letter dated November 17,… More
‘Tis the (Insurance Renewal) Season! What Enhanced Consumer Data Protection Laws Mean for Your Business
Key Takeaways:
- Insurance renewal season is upon us. Now is the time to make sure your insurance coverages are aligned with your business needs over the coming year.
- Consumer privacy laws are changing and developing rapidly.
- Enhanced protections for consumers’ data, particularly biometric and sensitive personal information, have implications for a variety of businesses and industries.
- Colorado is and will likely continue developing laws that protect consumers’ personal information and may open businesses up to increased exposure to liability.…
Massachusetts Governor Issues Executive Order to Strengthen State’s Cyber Defenses
Governor Charlie Baker recently took steps to strengthen cybersecurity in Massachusetts by signing an executive order on December 14, 2022 creating an advisory panel to improve the state’s cyber defense. The new state task force will assess existing resources, develop contingency plans, and identify strategies for preventing future cyberattacks. The goal of the task force is to ensure that the Bay State is at the forefront of the ever-evolving cybersecurity landscape.… More
HHS Office for Civil Rights Issues Bulletin on Requirements under HIPAA for Online Tracking Technologies to Protect the Privacy and Security of Health Information
On December 1, 2022, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services issued a bulletin to highlight the obligations of Health Insurance Portability and Accountability Act of 1996 (HIPAA) on covered entities and business associates under the HIPAA Privacy, Security, and Breach Notification Rules (“HIPAA Rules”) when using online tracking technologies. These online tracking technologies, like Google Analytics or Meta Pixel,… More
Is the Video Privacy Protection Act a New Litigation Weapon for Consumers?
On September 19, 2022, a Massachusetts federal District Court denied Boston Globe Media Partners LLC’s motion to dismiss a consumer class action suit against it. This case is one of 47 proposed class actions filed since February 2022 against various companies, each based on a company’s use of Meta’s Pixel tracking tool.
Boston Globe Media Partners is a “multimedia organization that provides news, entertainment, and commentary across multiple brands and platforms”;… More
Looking to a New EU-US Data Privacy Framework
As we wrote in July 2020, the European Court of Justice issued a landmark decision that invalidated the Privacy Shield as untenable under the European General Data Protection Regulation (GDPR). The decision sparked negotiations between the United States and the European Union on a workable data privacy framework. And after a two-year long hiatus, the U.S. and the EU agreed on a replacement for the Privacy Shield.… More
HHS Office for Civil Rights Posts HIPAA Security Rule Security Incident Procedures
Every October, in recognition of National Cybersecurity Awareness Month, the federal government and its partners work to educate stakeholders on cybersecurity awareness and how best to protect the privacy and security of confidential data. Within the health care industry, the HIPAA Security Rule applies to covered entities and their business associates (“regulated entities”) and electronic protected health information (ePHI). Because ePHI identifies individuals and includes information relating to an individual’s health,… More
California Trails Closely Behind UK to Protect Children’s Privacy
Recently signed into law by California Governor Gavin Newsom on September 15, 2022, the California Age-Appropriate Design Code Act (“AADC”) changes the playing field for certain businesses that provide online services, products, or features accessible to children under the age of 18. Although California models its new law after the Children’s Code passed by the UK, the AADC is first state law of its kind in the US.… More
Password Security & Best Practices – A Refresher
As more and more of us return to the office, it’s a good time to revisit the passwords you use. It is therefore timely that the U.S. Department of Health and Human Services, Health Sector Cybersecurity Coordination Center (“HC3”) recently published a set of password security suggestions and best practices. Here are some of HC3’s key takeaways:
- Use multi-factor authentication when possible.…