Tag Archives: Regulation

The New CA Consumer Privacy Act: Don’t Panic (Yet)

California has pushed through an online privacy law that is sending some shockwaves through the Internet economy. On Thursday, June 29, the legislature passed the California Consumer Privacy Act of 2018 (“CCPA”), which the Governor signed swiftly. Beginning January 1, 2020, many companies that do business in California will need to make significant changes and … Continue Reading

Changes to HIPAA Privacy Rule Proposed by HHS – Find Out Who Has Accessed Your Health Records

On May 31, 2011 the Department of Health and Human Services Office for Civil Rights issued a notice of proposed rulemaking that would add substantial data privacy requirements to the HIPAA Privacy Rule. One of the requirements the HHS proposed pursuant to both the HITECH Act and its more general authority under HIPAA is for … Continue Reading

Kerry Releases Draft of “Privacy Bill of Rights”

A week after the Senate held a hearing on the state of online consumer privacy, Senator John Kerry (D-Mass) has published a draft of the "Commercial Privacy Bill of Rights Act of 2011." The Act, co-sponsored by Senator John McCain (R-Ariz.), directs the FTC to make rules requiring certain entities that handle information covered by … Continue Reading

A Novel Data Security Law Proposed in Colorado

Over the past couple years, many predicted that new state laws would follow the lead of states like Nevada and Massachusetts, and some anticipated we could see a situation where 50 different privacy/security laws across the country. Now it looks like we are beginning to see some renewed activity on the state level. In Hawaii we have a proposed bill that would require breached entities to provide credit monitoring and call center services to impacted individuals. In my home state, Colorado, a legislator (Dan Pabon) has proposed a novel bill that takes a new approach to incentivizing companies to implement good security. In this post, we take a look at the highlights of the Colorado bill. … Continue Reading

FAQ on the “BEST PRACTICES Act” – Part One

Congressman Bobby Rush has introduced a new data privacy bill to Congress known as the "Building Effective Strategies to Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards" Act (a.k.a. "BEST PRACTICES Act" or "Act"). We have put together a summary of the Act in "FAQ" format. In Part One we look at some of the key definitions, requirements concerning transparency, notice and individual choice, mandates around accuracy, access and dispute resolution, and finally data security and data minimization requirements under the Act. Part Two will focus on the "Safe Harbor" outlined in the Act, various exemptions for deidentified information, and provisions concerning the application and enforcement of the Act. … Continue Reading

What’s in Google’s SaaS Contract with the City of Los Angeles? Part Three.

This blogpost is the third (and final) in our series analyzing the terms of Google's and Computer Science Corporation's ("CSC") cloud contracts with the City of Los Angeles. In Part One, we looked at the information security, privacy and confidentiality obligations Google and CSC agreed to. In Part Two, the focus was on terms related to compliance with privacy and security laws, audit and enforcement of security obligations, incident response, and geographic processing limitations, and termination rights under the contracts. In Part Three, we analyze what might be the most important data security/privacy-related terms of a Cloud contract (or any contract for that matter), the risk of loss terms. This is a very long post looking at very complex and interrelated contract terms. If you have any questions feel free to email me at dnavetta@infolawgroup.com … Continue Reading

California Department of Public Health Breach Fines and Legally Defensible Security

The California Department of Public Health (“CDPH”) recently announced its imposition of $675,000 in fines to six hospitals that had reported security breaches involving medical records (since January 1, 2009, the CDPH has issued fines totaling $1.1 million). The story has been extensively reported on in the media . You can listen to the CDPH’s … Continue Reading

What’s in Google’s SaaS Contract with the City of Los Angeles? Part Two.

This blogpost is the second in our series analyzing the terms of Google and Computer Science Corporation’s (“CSC”) Cloud contract with the City of Los Angeles. In Part One, we looked at the information security, privacy and confidentiality obligations Google and CSC agreed to. In this installment, we will focus on terms related to compliance … Continue Reading

FAQ on Washington State’s PCI Law

On March 22, 2010, Washington state became the third state to incorporate the Payment Card Industry Data Security Standard ("PCI") into law (the other two are Nevada and Minnesota). The Washington House and Senate have passed HB 1149 by substantial margins, and it has now been signed into law by the governor. HB 1149 amends … Continue Reading

SearchSecurity.com Interview on the Data Accountabilituy and Trust Act

For those interested, I was recently interviewed by SearchSecurity.com concerning the Data Accountability and Trust Act ("DATA") passed in the House in December 2009.  While I might not be cut out for a career in broadcasting, hopefully the information I provided is useful.  If you would like more information, the Information Law Group has written … Continue Reading

The Breach Notification Obligations in the Data Accountability and Trust Act

The Information Law Group has been following various Federal data security bills as they wind their way through the House and Senate.  In December 2009, the Information Law Group commented on the passage of the Data Accountability and Trust Act ("DATA") by the House.  I was recently asked by Data Protection Law and Policy (an excellent … Continue Reading