privacy law

Consumer Data Privacy Laws: What’s Happened and What Comes Next

By Michael Guggenheim on August 9, 2023

Increasing oversight of tech companies, particularly in the realm of consumer privacy, has been a rare example of bipartisan agreement. Despite data privacy being a growing concern for consumers, however, there has been relatively little federal policymaking. To counteract this lack of action, some states have stepped in to fill…

Going Beyond HIPAA – Washington Health Privacy Law Enacted: Broad Reach, Amorphous Scope, Big Litigation Risk

By Jonathan Mollod & Ryan P. Blaney on May 1, 2023

The Health Information Portability and Accountability Act (“HIPAA”) has long been described as the floor for health care privacy laws and that states and regulators are free to enact more restrictive health care privacy laws. Last week, Washington state became the first state in the nation to codify into law broad protections for consumer health data that go well beyond HIPAA.

2022 Trends in Privacy and Data Security Law

By Jonathan Mollod & Jeffrey Neuburger on March 16, 2023

As the National Security Agency (NSA) noted in its 2022 cybersecurity yearly review, “[c]yberspace is dangerous.”

Reports of sophisticated cyberattacks and ransomware threats were prevalent in the past year. The government, manufacturers, and others further developed standards for securing digital infrastructure like 5G, cloud services, cryptography, internet protocols, and…

Shining a Light on the Corporate Transparency Act: FinCEN’s Rules for Beneficial Ownership Reporting

By Andrew Bettwy, Ryan P. Blaney, Stephanie Heilborn, Jeffrey A. Horwitz, Seetha Ramachandran, Yuval Tal, Elanit Snow, Amy Gordon & Portia Proctor on January 18, 2023

On January 1, 2021, Congress enacted the Corporate Transparency Act as part of the Anti-Money Laundering Act of 2020 to “better enable critical national security, intelligence, and law enforcement efforts to counter money laundering, the financing of terrorism, and other illicit activity.” FinCEN issued the final rule on Beneficial Ownership…

HHS Bulletin: Covered Entities’ Disclosure of PHI Collected via Online Tracking Technologies Falls under HIPAA

By Ryan P. Blaney, Danielle Brooks & Jonathan Mollod on December 14, 2022

On December 1, 2022, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued a Bulletin to highlight the obligations of HIPAA-covered entities and business associates when using “online tracking technologies,” or what OCR describes as “script or code on a website or mobile…

Paying the Ransom in Response to a Ransomware Attack can Sometimes Backfire

By Nolan Goldberg & Margaret Ukwu on December 2, 2022

One of the key decisions that needs to be made in the aftermath of a successful ransomware attack is whether or not the victim organization can or should pay the ransom. Of course, there are many considerations that go into such a decision – for example, whether the payment is…

EU-U.S. and UK-U.S. Data Transfer Deals Advance with White House Executive Order

By Ryan P. Blaney, Vishnu V. Shankar, Kelly McMullon & Vincent J. Tennant on October 20, 2022

A new legal mechanism to allow for transfers of personal data between the EU and the U.S. is now advancing after an October 7^th, 2022 Executive Order was issued by U.S. President Biden (the “Executive Order”). The new mechanism is referred to as the EU-U.S. Data Privacy Framework…

DOJ’s Civil Cyber-Fraud Initiative Secures More Than $9 Million in Two False Claims Act Settlements for Alleged Cybersecurity Violations

By Ryan P. Blaney & Matthew J. Westbrook on July 21, 2022

Last fall, the United States Department of Justice (“DOJ”) launched its Civil Cyber-Fraud Initiative (“CCFI”) as part of its effort to “combat new and emerging cyber threats to the security of sensitive information and critical systems.” Led by the Civil Fraud Section of DOJ’s Commercial Litigation Branch, the CCFI leverages…

Proskauer on Privacy