Tag Archives: privacy

HHS OCR Issues Guidance on HIPAA, COVID-19 Vaccinations, and the Workplace

On September 30, 2021, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) issued guidance to help the public understand when the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule applies to disclosures and requests for information about whether a person has received a COVID-19 vaccine.

The guidance reminds the public that the HIPAA Privacy Rule does not apply to employers or employment records.… More

Ransomware Payments – OFAC Updates its Advisory and Congress Gets Involved

Ransomware payments continue to be a focus of the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”). As previously reported by Foley Hoag, on October 1, 2020, OFAC released an advisory regarding potential sanctions risks related to facilitating ransomware payments. Almost a year later, on September 21, 2021, OFAC updated its advisory to provide additional guidance regarding what OFAC considers to be mitigating factors if facilitating a ransomware payment results in an apparent violation of U.S.… More

Virginia’s New Data Privacy Law: An Uncertain Next Step for State Data Protection

On March 2, 2021, Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law. This made Virginia the second state to enact a consumer privacy and data security law, and follows hot the heels of California’s Consumer Privacy Act (CCPA) and the newly-enacted California Privacy Rights and Enforcement Act (CPRA). Virginia will not be the last to regulate the relationship between consumers and businesses holding their data;… More

First Circuit Creates Exception to Massachusetts Wiretap Statute Based on First Amendment Rights, Allows Citizens and Press to Record Police Activity Without Permission

The First Circuit’s recent opinion in Project Veritas Action Fund v. Rollins, upheld a challenge to the Massachusetts anti-wiretap law, Mass. Gen. Laws ch. 272, § 99, carving out an exception for certain activity protected by the First Amendment.   The opinion begins:

Massachusetts, like other states concerned about the threat to privacy that commercially available electronic eavesdropping devices pose,… More

Massachusetts AG Creates “Data Privacy and Security Division”; What Enforcement Changes Will Follow?

Massachusetts Attorney General Maura Healey recently announced the creation of the Data Privacy and Security Division within her office, with the stated goal of “protect[ing] consumers from the surge of threats to the privacy and security of their data in an ever-changing digital economy.”

The leadership of the Office of the Attorney General’s (OAG’s) privacy and security efforts will not change:  Sara Cable,… More

Watch Now: Maintaining Privacy and Data Security in the Remote Workplace

The coronavirus pandemic has required a rapid and dramatic shift to remote work, raising important implications for workplace privacy and information security. Some of these concerns are new; others are the same concerns that employers have always held, now amplified by the increasingly blurred lines between work and home. All of these concerns will remain as the workplace travels from the office to the home and, in the near future,… More

GDPR, CCPA and Now, the NY SHIELD Act: Additional Data Security Responsibilities for Companies Holding the Private Information of NY Residents

On March 21, 2020, the last of the features of the NY Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) became effective:  its data security requirements.  The SHIELD Act is a sweeping statute governing individual rights relating to data breaches.  It was adopted in July 2019 and has been rolled out in the months since then:  its breach notification provisions took effect on October 23, 2019, and its data security requirements have now taken effect. … More

Privacy and COVID-19 Contact Tracing – Lessons from South Korea?

Very interesting discussion in the most recent Journal of the American Medical Association, “Information Technology–Based Tracing Strategy in Response to COVID-19 in South Korea—Privacy Controversies.”

The sources of information are staggering in their breadth:  mobile phone carriers, immigration services, law enforcement, credit card companies, public transit companies, government agencies, health insurers and health care providers.  It is difficult to imagine this type of tracing in the United States.… More