HHS Office for Civil Rights Announces the Expiration of COVID-19 Public Health Emergency HIPAA Enforcement Discretion 

Like many regulatory standards, enforcement of HIPAA was relaxed as part of the COVID-19 pandemic response.  With the end of the public health emergency declaration on May 11, 2023, the broad relaxed HIPAA enforcement also will be coming to an end.

“OCR exercised HIPAA enforcement discretion throughout the COVID-19 public health emergency to support the health care sector and the public in responding to this pandemic,” said Melanie Fontes Rainer,… More

Colorado’s Newly Released Data Privacy Regulations Get Specific Regarding Design and Technical Specifications

We have written previously regarding Colorado’s adoption of the Colorado Privacy Act (CPA)—describing its provision of consumer data rights, how it may function within the context of the cannabis industry, and how business might consider the law as they renew their insurance coverage. And all this before the state released regulations accompanying the CPA.

On March 15, 2023, the Colorado Attorney General filed the final rules implementing the CPA to go into effect July 1,… More

The FTC Outlines What It Sees as “The HIdden Impacts of Pixel Tracking”

In a very comprehensive post from the Federal Trade Commission’s Office of Technology, the FTC takes what it calls “[a] deep dive into the technical side of FTC’s recent cases on digital health platforms, GoodRx & BetterHelp.”

As most readers know, the FTC recently took enforcement action against GoodRx and BetterHelp, two digital healthcare platforms, for allegedly sharing user health data with third parties for advertising.… More

Minimizing Risk and Liability from Man-in-the-Middle Attacks (or, How to Keep Your Company’s Wire Transfers from Going Awry)

Given the recent failures of Signature Bank and Silicon Valley Bank, we know clients are looking to set up new banking relationships and moving money around, especially by wire transfers.  It will not come as a surprise that bad guys see this as an opportunity to prey on folks who are trying to access funds needed to make payroll or other basic business expenses.  This is just what the criminal “man in the middle” attacker wants – a time when businesses have let down their guard and hackers can induce fraudulent wire transfer.  … More

Lex Mundi Reports on Global Trends in Data Privacy in 2023

Foley Hoag is pleased to contribute to Lex Mundi’s report on global data privacy trends and topics.  Our Lex Mundi network gives us access to the best attorneys in data privacy in jurisdictions across the globe, who provide local expertise on anticipated regulatory risks to overcome related to cross-border data and cybersecurity challenges. To access the full report, click here. More

ChatGPT Writes a Blog Post About Itself.

Editors’ Note:  How does ChatGPT fare in writing a law firm blog post?  We asked ChatGPT to write one . . . 

PROMPT:  Write a 500 word blog post, in the style of a law firm blog post, on ChatGPT, focusing in particular on questions of privacy, cybersecurity, and ethics.


ChatGPT is a large language model developed by OpenAI that has the ability to generate human-like text on a variety of topics.… More

Time to Update Your Cookie Banners? Helpful Guidance from the European Data Protection Board on Bad Cookie Banner Practices

When it comes to website privacy compliance, cookies have consistently presented the most fraught issues for U.S. businesses.  This is especially true for those businesses that find themselves in a sometimes new or often uncertain relationship with the EU or UK GDPR.  Do I need a cookie banner?  Where does it go?  How big does it have to be?  Will a privacy policy alone do?  Can’t users just be directed to the appropriate place to disable their browser’s cookie collection? … More

Thirty-Three State Attorneys General Show Support for FTC’s Proposed Crackdown on “Commercial Surveillance”

On August 22, 2022, the Federal Trade Commission (“FTC”) indicated through the Advanced Notice of Proposed Rulemaking its intent to limit commercial surveillance – the common corporate practice of collecting, analyzing, and monetizing consumers’ data. As slews of data breaches resulted in millions of dollars in settlement and countless consumers whose data had been jeopardized, 33 states, including Massachusetts, New York, and Texas, showed support for the FTC’s proposed rule through a comment letter dated November 17,… More

‘Tis the (Insurance Renewal) Season! What Enhanced Consumer Data Protection Laws Mean for Your Business

Key Takeaways:

  • Insurance renewal season is upon us.  Now is the time to make sure your insurance coverages are aligned with your business needs over the coming year.
  • Consumer privacy laws are changing and developing rapidly.
  • Enhanced protections for consumers’ data, particularly biometric and sensitive personal information, have implications for a variety of businesses and industries.
  • Colorado is and will likely continue developing laws that protect consumers’ personal information and may open businesses up to increased exposure to liability.…
  • More

Massachusetts Governor Issues Executive Order to Strengthen State’s Cyber Defenses

Governor Charlie Baker recently took steps to strengthen cybersecurity in Massachusetts by signing an executive order on December 14, 2022 creating an advisory panel to improve the state’s cyber defense. The new state task force will assess existing resources, develop contingency plans, and identify strategies for preventing future cyberattacks.  The goal of the task force is to ensure that the Bay State is at the forefront of the ever-evolving cybersecurity landscape.… More