With its private right of action and expansive scope – extending far beyond Washington state’s borders and applying to a wide swath of health- and non-health-oriented companies alike – Washington’s My Health My Data Act is poised to be more ground-shifting than any other consumer privacy law that came before it. Join Kyle Fath, Bola Shonowo and Gicel Tomimbang for a discussion of:
Until late August 2023, California’s data protection law, the California Consumer Privacy Act, or “CCPA,” only provided for future rulemaking on automated decision-making, including profiling, on risk assessments, and on cybersecurity audits. However, during a board meeting it held this past Friday, September 8th, the California Privacy Protection Agency (“CPPA” or “Agency”), which shares enforcement authority of the CCPA with the California Attorney General, discussed a new set of draft regulations (“Regs”) it released for Agency discussion purposes in late August 2023. While not yet part of the official rulemaking, the draft and the discussions around it provides direction on its upcoming rulemaking on these topics. We will refer to the draft and related commentary as the “Roadmap.” Most notably, the Roadmap proposes that condensed versions of assessments and audits completed by businesses pursuant to their CCPA obligations be filed with the CPPA and sets forth detailed obligations surrounding such assessments and audits. The implication of this is that it may become obvious to the Agency which companies are or are not conducting assessments or audits and thus complying with their CCPA obligations. It may also provide the Agency an easily accessible way to review the evaluate businesses’ practices, especially with regard to higher risk processing activities. Furthermore, the Agency’s Roadmap suggests assessment requirements that not only incorporate, but exceed, what is required in the Colorado regulations, including risk / harm assessments of any monitoring of personnel or students, or monitoring of consumers in public places. We will be co-hosting a webinar with Ankura to take a deeper dive into what companies should be doing regarding assessments and audits. Register here to join us on October 18 to learn more.
Today, Governor Jay Inslee signed into law the My Health My Data Act (SB 1155) (the “Act” or “MHMD”), a first-of-its-kind consumer health data law. Passage of the Act was, in part, a direct response by Washington state lawmakers to the U.S. Supreme Court’s decision in Dobbs v. Jackson Women’s Health Org. overturning Roe v. Wade. Recognizing that the nation’s federal health law, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), has blind spots in protecting health-related information collected outside of contexts involving HIPAA covered entities (e.g., healthcare institutions), the legislature in passing MHMD sought to “close the gap” in privacy protections for health data that falls outside the scope HIPAA, including information related to reproductive health and gender-affirming care.
Continue Reading Governor Inslee Signs Washington My Health My Data Act Into Law: First-of-Its-Kind Consumer Health Data Law, Explained
Each year, the French data protection authority, “CNIL”, conducts hundreds of investigations (345 in 2022) on the basis of complaints received, notification of data breaches, information conveyed by press or other media, but also annual priority topics set by the CNIL. These topics are the following for 2023.
Continue Reading Priority Topics for French CNIL Investigations in 2023: “Smart” Cameras, Mobile Apps, Bank and Medical Records
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
LinkedIn’s Data Scraping Battle with hiQ Labs Ends with Proposed Judgment | Privacy World
Key Takeaway: Organizations must conduct a fact-based analysis to determine whether health data collection and tracking technology deployed on their websites and mobile apps complies with the federal Health Insurance Portability and Accountability Act (“HIPAA”) and other applicable laws and guidance.
Cookies, web beacons, and similar technology are used to collect and analyze
In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
FTC Emphasizes Commitment to Protection of Highly Sensitive Data
Federal and State Actions to Protect Robocall Invasion of Consumer
Yesterday the Acting Associate Director of the Federal Trade Commission (“FTC”) Division of Privacy & Identity Protection posted a blog underscoring the agency’s “unprecedented” concerns to individuals’ personal privacy with connected devices. This announcement comes in the wake of an Executive Order from President Biden intended to address, among other issues, the potential threat to
To stay up to date on the newest developments in data privacy, security and innovation, be sure to register for Team CPW’s speaking engagements in December. Details for the events next month are available below.
December 2: Association of Corporate Counsel Just In Time CLE December 2