Archives: US

Subscribe to US RSS Feed

Webinar: The Final California Consumer Privacy Act – What Are Your Obligations?

The California Consumer Privacy Act (CCPA) takes effect on January 1, 2020. The California legislature passed a number of amendments on September 13, 2019, that alter the law in important ways. These amendments are now being reviewed by the governor and will be finalized by October 13, 2019. Join our webinar just a few days later, … Continue Reading

CCPA 2019 Amendments: Do They Provide the Clarity Businesses Need?

This is Squire Patton Boggs’ Data Privacy and Cybersecurity Group’s second post regarding the recent amendments to the California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020. Our earlier post covering the CCPA amendment requiring data brokers to register with the California Attorney General, is available here. Please also read our prior posts … Continue Reading

CCPA and California’s New Registration Requirement

The California legislature made several amendments to the California Consumer Privacy Act (“CCPA”) last Friday, September 13, 2019.  This post focuses on the enactment of Assembly Bill No. 1202, which requires certain businesses that sell consumers’ personal information, as defined under the CCPA, to register as data brokers with the California Attorney General.  For more … Continue Reading

CCPA and Gap Assessments

With the CCPA’s January 1, 2020 compliance date rapidly approaching, organizations subject to the California Consumer Privacy Act (“CCPA”) should conduct a gap assessment to determine what they need to accomplish in the next three months.  Our second client alert in our California Consumer Privacy Act Series – Part 2: Gap Assessments provides further insight … Continue Reading

DOJ False Claims Enforcement Remind Providers to Conduct HIPAA Security Risk Assessments

As explained in a recent post published on Squire Patton Bogg’s Anticorruption Blog, the DOJ is pursuing providers who submit false claims under the electronic health records initiative.  This enforcement action should serve as a reminder to examine carefully attestations of EHR compliance, including the requirement to complete a HIPAA-required security risk assessment.… Continue Reading

Will the CCPA be the New TCPA for Plaintiffs?

Last year, the California legislature enacted the California Consumer Privacy Act (the “CCPA”), which imposes key data privacy requirements on businesses collecting or storing data about California residents.  The CCPA provides for civil penalties imposed by the California Attorney General (“AG”) and creates a private right of action for those residents impacted by a data … Continue Reading

Join Us– Webinar: Understanding and Preparing for the California Consumer Privacy Act

Effective January 1, 2020, the California Consumer Privacy Act (CCPA) will impose burdensome GDPR-like transparency and individual rights requirements on almost every company that handles “personal information” regarding California residents, regardless of where the business is based. The Act will impact information regarding not only consumers, but also employees and business contacts. Join us for … Continue Reading

Could a Federal Data Privacy Law be a Reality in 2019?

From the continual evolution of the California Consumer Protection Act (CCPA) to the potential ramifications of a Brexit “no-deal” on data transfers, 2019 may be a defining point in data privacy and cybersecurity.  Nowhere is this increased attention more pronounced than the growing support for US federal data privacy legislation. … Continue Reading

States’ Focus on Biometric Privacy Developments Warrants Close Attention

The Illinois Supreme Court’s recent broad interpretation of the pioneering Illinois Biometric Identity Protection Act justifies close attention to legislative and regulatory developments regarding collection and protection of biometric identifier data.  Our previous report of this decision may be found here.  Two other states, Texas and Washington, already have biometric identifier privacy laws in place, … Continue Reading

Cybersecurity Takes Focus in Healthcare

Cybersecurity awareness recently took center stage in the healthcare industry when the Department of Health and Human Services (HHS) issued comprehensive risk-prioritized cybersecurity best practices to combat top threats.  HHS mapped this guidance to the National Institute of Standards and Technology (NIST) Cybersecurity Framework, cross-referencing 88 individual sub-practices for healthcare organizations of all sizes. The … Continue Reading

Google Defeats Alleged BIPA Violations for Retention and Collection of Face-geometry Scans via Google Photos

Google recently defeated claims that it violated Illinois’s Biometric Identification Privacy Act (“BIPA”) by collecting and retaining facial scans created from photographs uploaded by Google Photos users without obtaining consent and complying with other statutory requirements. The federal court ultimately held that plaintiffs failed to allege a concrete injury sufficient for Article III standing. Finding … Continue Reading

Illinois Supreme Court to Resolve the Conflict over the Scope of BIPA’s Private Right of Action.

In Illinois, the courts are grappling with an issue akin to the Article 3 standing issues that courts have been analyzing in post-breach cases for years, that is, whether a plaintiff must claim actual harm as a result of a statutory violation or whether the violation is sufficient by itself to support standing to sue.… Continue Reading

Digital Health Update: Recent FDA Cyber Initiatives

The Food and Drug Administration (FDA) has recently issued several cybersecurity and medical device initiatives as part of the agency’s increased focus on digital health. These initiatives include draft cybersecurity guidance for medical devices, increased coordination with the Department of Homeland Security, and the promotion of artificial intelligence. Elliot Golding and Jennifer Tharp provided an … Continue Reading

Amendments to the California Consumer Privacy Act of 2018: Progress toward Clarity

Amendments to California’s expansive Consumer Privacy Act of 2018 (“the Act”) include new provisions that may significantly impact the timing of enforcement and provide exemptions for large amounts of personal data regulated by other laws. The Act, signed into law in June, is a sweeping data privacy law that regulates the processing of personal data … Continue Reading

Supreme Court Takes Another Step to Keep Up With the Digital Times: Criminal Procedure and Cell Phone Records in Carpenter

Personal location information held by a third party now receives heightened protection from disclosure to law enforcement Thanks to Timothy Ivory Carpenter, Cell Site Location Information (“CSLI”) is now part of our vernacular.  More important, in light of the Supreme Court’s June 2018 ruling in Carpenter v. United States, a company’s collection and retention of … Continue Reading

California’s Consumer Privacy Act of 2018

California’s newly enacted Consumer Privacy Act of 2018 is the strictest of the US’s patchwork of privacy related regulations. The Act will impact any legal entity that (i) does business in California, (ii) is operated for the profit or financial benefit of its owners, (iii) collects consumers’ personal information and determines the purpose and means … Continue Reading

Law360 Expert Analysis: Health Tech Is The New Focus For Cybersecurity Policy

In an article posted in Law360 Expert Analysis on May 22, 2018, Squire Patton Boggs partner Elliot Golding describes how the rise of health care smart devices and tracking apps has intensified the focus on data privacy and cybersecurity within the health care industry.  Subsequently, new and proposed government and regulatory initiatives are underway. Additional … Continue Reading

Significant Health Care Technology Privacy and Cybersecurity Considerations

Elliot Golding, in a podcast interview with Healthcare InfoSecurity, discusses progressing healthcare privacy and security issues, especially complex issues involving Internet of Things (IoT) devices. Topic points include, new risks when connected devices link to legacy systems, the applicable regulatory environment, and other important issues companies operating in the health care space need to confront … Continue Reading

SEC Fines Yahoo $35 Million for Misleading Investors by Failing to Disclose Cybersecuity Breach

In a first of its kind, the SEC recently fined Yahoo US$35 million for failing to assess and disclose a 2014 data breach that affected over 500 million user accounts. What caused the SEC to charge Yahoo with cybersecurity-related disclosure violations?  Our colleague Coates Lear has prepared an analysis of this enforcement action, including the post-breach information relayed … Continue Reading

Data Breach Laws on the Books in Every State; Federal Data Breach Law Hangs in the Balance

With no central federal data breach law, states have taken the reins, passing an increasing number of laws that require both the protection of citizens’ private data and prompt notice of any breach of that privacy.  Governors in the last two holdout states, South Dakota and Alabama, recently signed bills to enact laws governing data … Continue Reading

States Increase HIPAA Enforcement

Overview of Recent Settlement Actions Recent Health Insurance Portability and Accountability Act (“HIPAA”) enforcement settlements for Virtual Medical Group (“VMG”) in New Jersey and EmblemHealth in New York may signal a broader trend of increased state HIPAA enforcement.  Under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act’s amendment to HIPAA, codified at … Continue Reading

Federal Financial Institutions Examination Council Cautions Companies Not to Over-Rely On Cyber Insurance in Lieu of Robust Security Controls

In a Joint Statement issued this week, the Federal Financial Institutions Examination Council (“FFIEC”) – which comprises the principals of the Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, and State Liaison Committee – cautioned the … Continue Reading
LexBlog