Proskauer on Privacy

Tag Archives: Compliance

HHS Bulletin: Covered Entities’ Disclosure of PHI Collected via Online Tracking Technologies Falls under HIPAA

On December 1, 2022, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued a Bulletin to highlight the obligations of HIPAA-covered entities and business associates when using “online tracking technologies,” or what OCR describes as “script or code on a website or mobile app used to gather information … Continue Reading

Happy “Labor …” More Privacy Rights for Employees: California Legislature Closes Session Without Extending Employee and B2B Data Exemptions Under the CCPA

As summer nears its end, uncertainty and complexity lie ahead for many companies as they evaluate how to operationalize compliance with the California Privacy Rights Act (CPRA), existing California employment laws and potentially the passage of a federal privacy law, the American Data Protection and Privacy Act, H.R. 8152 (ADPPA), that may preempt some but … Continue Reading

DOJ’s Civil Cyber-Fraud Initiative Secures More Than $9 Million in Two False Claims Act Settlements for Alleged Cybersecurity Violations

Last fall, the United States Department of Justice (“DOJ”) launched its Civil Cyber-Fraud Initiative (“CCFI”) as part of its effort to “combat new and emerging cyber threats to the security of sensitive information and critical systems.” Led by the Civil Fraud Section of DOJ’s Commercial Litigation Branch, the CCFI leverages the False Claims Act (“FCA”) … Continue Reading

U.S. and EU Agree in Principle on New Trans-Atlantic Data Privacy Framework

In a joint press conference on March 25, 2022, U.S. President Joseph Biden and European Commission President Ursula von der Leyen announced an agreement “in principle” on a framework, called the Trans-Atlantic Data Privacy Framework (“Privacy Shield 2.0”), to replace the U.S.-EU Privacy Shield. The EU General Data Protection Regulation (“GDPR”) places restrictions on personal … Continue Reading

Growing Risks to Corporate Groups and the Global PE Industry from Robust European Privacy and Cybersecurity Enforcement

Since the EU General Data Protection Regulation (“GDPR”) came into effect in May 2018 there have been numerous high-profile enforcement actions (~US$880m is the largest GDPR fine to-date) and private litigation (including class-action type claims). Notable fines have included the ~US$25m fine levied in October 2020 by the UK’s GDPR regulator against Marriott International for … Continue Reading

Noteworthy Trends in Privacy and Data Security

Reports of sophisticated cyberattacks and ransomware threats dominated 2021 headlines, along with evolving state data privacy laws in the absence of comprehensive federal data protection regulation. Cross-border data transfers between the EU and US still lack a clear, streamlined mechanism while national authorities continue to negotiate an EU-US Privacy Shield replacement. The past year also … Continue Reading

Notable Trends in Privacy and Data Security

COVID-19, the California Consumer Privacy Act (CCPA) coming into force, and the invalidation of the EU-US Privacy Shield already made 2020 an especially active year for privacy and data security risks and obligations. Rounding out the year, December then brought discovery of the unprecedented Solarwinds cyberattack affecting government agencies, critical infrastructure entities and others. Thus, looking ahead, … Continue Reading

One More Year: Attorney General Issues Final Regulations as CA Legislature Delays Some Compliance Obligations

Qualifying businesses have another year to complying with certain, major provisions of the CCPA. The CCPA, or the California Consumer Privacy Act of 2018, is a California law that gives California consumers, defined broadly to encompass all California residents, certain rights with respect to their personal information. Namely, it gives consumers the right to know … Continue Reading

New York DFS Cybersecurity September 2018 Deadline

The New York Department of Financial Services cybersecurity regulation 23 NYCRR 500 (the “Regulation”) came into effect in March 2017 and established four staggered compliance deadlines for its various requirements. By the third deadline of September 3, 2018, Covered Entities are required to be in compliance with sections 500.06 (audit trails), 500.08 (application security), 500.13 … Continue Reading
LexBlog

This website uses third party cookies, over which we have no control. To deactivate the use of third party advertising cookies, you should alter the settings in your browser.

OK