Privacy Law Blog

Trends in Privacy and Data Security

Privacy and cybersecurity remain top priorities for regulators and companies alike, as the threats posed by large-scale data breaches and other cyber incidents show no signs of waning. Companies and their counsel must monitor privacy and data security-related enforcement trends, new laws and regulations, and key emerging issues to mitigate risks and minimize potential liability.

Read our Practical Law article for an overview of recent privacy and data security legal developments (pre COVID-19).

 

FTC Issues New Guidance on Artificial Intelligence Technology

In the largest piece to come out of the FTC’s new focus on emerging technologies, the FTC Bureau of Consumer Protection issued new guidance on the use of artificial intelligence (“AI”) and algorithms. The guidance follows up on a 2018 hearing where the FTC explored AI, algorithms, and predicative analysis. As the FTC recognizes, these technologies already pervade the modern economy. They influence consumer decision making – from what video to watch next, to what ad to click on, or what product to purchase. They make investment decisions, credit decisions, and, increasingly, health decisions, which has also sparked the interest of State Attorneys General and the Department of Health & Human Services. But the promise of new technologies also comes with risk. Specifically, the FTC cites an instance in which an algorithm designed to allocate medical interventions ended up funneling resources to healthier, white populations.

Read the full post on our Minding Your Business blog.

HHS to Exercise Enforcement Discretion to Permit HIPAA Business Associates to Use and Disclose PHI to Public Health Authorities during the COVID-19 Health Crisis

On April 2, 2020, the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services released a notification related to the discretion that OCR will exercise concerning HIPAA enforcement during the COVID-19 public health emergency. Effective immediately, OCR will not impose penalties for violations of certain provisions of the HIPAA Privacy Rule against business associates for “good faith uses and disclosures of PHI by business associates for public health and health oversight activities.” HIPAA already permits covered entities to provide this data. With this new guidance from OCR, now business associates can disclose this data to certain public health authorities without risk of a HIPAA privacy enforcement action or penalty. Continue Reading

Amid Pandemic Remaining New York SHIELD Act Data Security Requirements Have Taken Effect

The developing coronavirus pandemic affects businesses and personnel within the state and elsewhere.  With more New Yorkers working from home, there are more opportunities for cyberattacks through unsecure remote connections and the public concern growing each day.

The New York SHIELD (“Stop Hacks and Improve Electronic Data Security”) Act was signed to law on July 25, 2019.  It is an amendment to New York’s data breach notification law.  The SHIELD Act provides a number of changes that we reported last year, including expanding the definitions of “private information” and “breach.”  The definition of “private information” now covers emails and passwords or security questions and answers, credit card details, and biometric data among others.  A “breach of the security system” now covers unauthorized access, where such access may have occurred if “the information was viewed, communicated with, used, or altered” without authorization. Continue Reading

FTC Ramps up COVID-19 Activity After Improving its Data Security Enforcement Orders

With the spread of the novel coronavirus (COVID-19), cybersecurity criminals and scammers are ramping up their efforts to target vulnerable employers and workforces. The FTC announced today that since January they have received more than 7,800 fraud complaints from consumers related to the COVID-19 pandemic. But the FTC isn’t slowing down either. Even with the FTC having to change its own procedures due to COVID-19, the FTC has been publishing guidance on COVID-19 scams and also sending out warning letters to sellers of false treatments. Continue Reading

Privacy Considerations for Employers and Health Care Providers When Communicating about Coronavirus-Infected Individuals

This alert focuses on the ongoing and developing privacy issues that have arisen for employers and healthcare providers communicating about the 2019 novel coronavirus (COVID-19).  Specifically, we will discuss the steps that employers and healthcare companies need to consider when communicating to its employees, the media and general public, and government officials when an individual has been diagnosed with the coronavirus or may have been exposed to the coronavirus. Continue Reading

California Governor Signs All Pending CCPA-Related Bills Into Law

On October 11, 2019, the California Governor, Gavin Newsom, signed into law five CCPA-amending bills and an additional CCPA-related bill that were awaiting his signature. The CCPA, or the California Consumer Privacy Act of 2018, gives California consumers certain rights to learn about and control how a business within the CCPA’s scope handles the personal information that business collects about the consumer.

In anticipation of the official finalized version of the CCPA, incorporating the five, newly-signed amendments, we have created an “Unofficial CCPA, As Amended” which is available here for reference.

The Governor’s signature on these six bills last Friday is the latest step in the efforts of the California legislature to clarify and amend the scope and requirements of the CCPA since its passage in 2018. These amendments to the CCPA will become operative with the rest of the CCPA on January 1, 2020. More information about these bills is available here.

The day before, October 10, 2019, the California Attorney General released proposed implementing regulations for the CCPA, which are now subject to public comment prior to finalization. More information about the press release and the proposed regulations is available here.

Please continue to check our blog for CCPA-related information and updates.

For more insights or inquiries on CCPA, please reach out to your Proskauer lawyers: Ryan Blaney, Lary Alan Rappaport, Christina Kroll or Divya Taneja.

LexBlog