California has pushed through an online privacy law that is sending some shockwaves through the Internet economy. On Thursday, June 29, the legislature passed the California Consumer Privacy Act of 2018 (“CCPA”), which the Governor signed swiftly. Beginning January 1, 2020, many companies that do business in California will need to make significant changes and … Continue Reading
On May 31, 2011 the Department of Health and Human Services Office for Civil Rights issued a notice of proposed rulemaking that would add substantial data privacy requirements to the HIPAA Privacy Rule. One of the requirements the HHS proposed pursuant to both the HITECH Act and its more general authority under HIPAA is for … Continue Reading
On May 10, 2011 the Senate Judiciary Subcommittee on Privacy, Technology and the Law held a hearing entitled Protecting Mobile Privacy: Your Smartphone, Tablets, Cell Phones and Your Privacy. The hearing focused on the privacy concerns raised by mobile devices, location-based mobile services, and check-in applications.… Continue Reading
A week after the Senate held a hearing on the state of online consumer privacy, Senator John Kerry (D-Mass) has published a draft of the "Commercial Privacy Bill of Rights Act of 2011." The Act, co-sponsored by Senator John McCain (R-Ariz.), directs the FTC to make rules requiring certain entities that handle information covered by … Continue Reading
Over the past couple years, many predicted that new state laws would follow the lead of states like Nevada and Massachusetts, and some anticipated we could see a situation where 50 different privacy/security laws across the country. Now it looks like we are beginning to see some renewed activity on the state level. In Hawaii we have a proposed bill that would require breached entities to provide credit monitoring and call center services to impacted individuals. In my home state, Colorado, a legislator (Dan Pabon) has proposed a novel bill that takes a new approach to incentivizing companies to implement good security. In this post, we take a look at the highlights of the Colorado bill.
… Continue Reading
Congressman Bobby Rush has introduced a new data privacy bill to Congress known as the "Building Effective Strategies to Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards" Act (a.k.a. "BEST PRACTICES Act" or "Act").
We have put together a summary of the Act in "FAQ" format. In Part One we look at some of the key definitions, requirements concerning transparency, notice and individual choice, mandates around accuracy, access and dispute resolution, and finally data security and data minimization requirements under the Act. Part Two will focus on the "Safe Harbor" outlined in the Act, various exemptions for deidentified information, and provisions concerning the application and enforcement of the Act.
… Continue Reading
The Department of Health and Human Services released proposed modifications to the privacy and security rules related to HIPAA. We are still reading through the 234 page document, but it appears that the new rules expand HIPAA responsibilities for business associates. In addition, HHS has set up a web portal that provides a summary of … Continue Reading
The heat is on as we enter the dog days of summer. The same is true at the intersection of law, technology, privacy and security where tricky issues continue to heat up. Things are moving so fast now it is a challenge to keep track of all the developments. Here are a few "quickhits" to … Continue Reading
This blogpost is the third (and final) in our series analyzing the terms of Google's and Computer Science Corporation's ("CSC") cloud contracts with the City of Los Angeles. In Part One, we looked at the information security, privacy and confidentiality obligations Google and CSC agreed to. In Part Two, the focus was on terms related to compliance with privacy and security laws, audit and enforcement of security obligations, incident response, and geographic processing limitations, and termination rights under the contracts. In Part Three, we analyze what might be the most important data security/privacy-related terms of a Cloud contract (or any contract for that matter), the risk of loss terms. This is a very long post looking at very complex and interrelated contract terms. If you have any questions feel free to email me at email@example.com
… Continue Reading
The California Department of Public Health (“CDPH”) recently announced its imposition of $675,000 in fines to six hospitals that had reported security breaches involving medical records (since January 1, 2009, the CDPH has issued fines totaling $1.1 million). The story has been extensively reported on in the media . You can listen to the CDPH’s … Continue Reading
This blogpost is the second in our series analyzing the terms of Google and Computer Science Corporation’s (“CSC”) Cloud contract with the City of Los Angeles. In Part One, we looked at the information security, privacy and confidentiality obligations Google and CSC agreed to. In this installment, we will focus on terms related to compliance … Continue Reading
Earlier in the week, I referenced the U.S. Department of Commerce’s Notice of Inquiry concerning “Information Privacy and Innovation in the Internet Economy” (the “Inquiry”). DataGuidance.com recently did a short article on the Inquiry in which I am quoted. I have now had a chance to review the document in more detail and believe … Continue Reading
On March 22, 2010, Washington state became the third state to incorporate the Payment Card Industry Data Security Standard ("PCI") into law (the other two are Nevada and Minnesota). The Washington House and Senate have passed HB 1149 by substantial margins, and it has now been signed into law by the governor. HB 1149 amends … Continue Reading
For those interested, I was recently interviewed by SearchSecurity.com concerning the Data Accountability and Trust Act ("DATA") passed in the House in December 2009. While I might not be cut out for a career in broadcasting, hopefully the information I provided is useful. If you would like more information, the Information Law Group has written … Continue Reading
The Information Law Group has been following various Federal data security bills as they wind their way through the House and Senate. In December 2009, the Information Law Group commented on the passage of the Data Accountability and Trust Act ("DATA") by the House. I was recently asked by Data Protection Law and Policy (an excellent … Continue Reading