Updates on Developments in Data Privacy and Cybersecurity
Earlier this week, the Federal Communications Commission (“FCC”) took another step toward implementing the TRACED Act by announcing that it is seeking nominations for the Hospital Robocall Protection Group.
As we previously explained, the TRACED Act was enacted with the aim of curbing unwanted robocalls. One of the law’s…
Continue Reading FCC Seeks Nominations for Hospital Robocall Protection Group
In a new post on the Covington Digital Health blog, our colleagues discuss two recent final rules aimed at improving patient access to electronic health information (EHI) and standardizing modes of exchange for EHI. Among other things, the rules are intended to prevent so-called “information blocking” and to provide patients…
Continue Reading HHS Finalizes Interoperability Rules
Over the past several days, Germany Supervisory Authorities and health authorities have issued statements and guidance about the handling of personal data in the context of the ongoing COVID-19 pandemic. In this blog, we consider some these statements in greater detail, as well as their implications for employers and employees.
Continue Reading German Authorities Issue Guidance Related to Coronavirus
Last week, the Seventh Circuit issued a decision in Physicians Healthsource, Inc., v. A-S Medication Solutions, LLC, a case that could have important implications for fax marketing. The court found that the consent required under the Telephone Consumer Protection Act (TCPA) to send an unsolicited fax advertisement must satisfy highly specific standards and potentially cannot be transferred as part of a corporate transaction.
Continue Reading Seventh Circuit TCPA Decision Imposes Potentially Restrictive Consent Standard for Faxes
The Seventh Circuit has issued a unanimous decision in Gadelhak v. AT&T Services, adopting a narrow interpretation of a key definitional term in the Telephone Consumer Protection Act (TCPA). This decision is in line with a recent ruling from the Eleventh Circuit (which we analyzed here) but departs from the Ninth Circuit’s approach—deepening a circuit split that increases the possibility the Supreme Court will review the issue.
Continue Reading Seventh Circuit Adopts Narrow Interpretation of TCPA Autodialer Definition, Deepening Circuit Split
On February 14, 2020, California State Assembly Member Ed Chau introduced the Automated Decision Systems Accountability Act of 2020, which would require any business in California that provides a person with a program or device that uses an “automated decision system” (“ADS”) to establish processes to “continually test for biases during the development and usage of the ADS” and to conduct an impact assessment on that program or device.
ADS is defined broadly as “a computational process, including one derived from machine learning, statistics, or other data processing or artificial intelligence techniques, that makes a decision or facilitates human decision making, that impacts persons.” The required ADS impact assessments would study the various aspects of the ADS and its development process, “including, but not limited to, the design and training data of the ADS, for impacts on accuracy, fairness, bias, discrimination, privacy, and security.” At minimum, the assessments must include “[a] detailed description of the ADS, its design, training provided on its use, its data, and its purpose” and “[a]n assessment of the relative benefits and costs of the ADS in light of its purpose,” with certain factors such as data minimization and risk mitigation required in the cost-benefit analysis.
The provider of the ADS also must determine whether the ADS system “has a disproportionate adverse impact on a protected class,” examine whether it serves “reasonable objectives and furthers a legitimate interest,” and consider alternatives or reasonable modifications that could be incorporated “to limit adverse consequences on protected classes.”
Continue Reading California Introduces Bill to Regulate Automated Decision Systems
On February 12, 2020, Senator Kirsten Gillibrand (D-NY) announced a plan to create a new Data Protection Agency through her proposed legislation, the Data Protection Act of 2020 (S.3300).
Under the proposal, the new agency would replace the Federal Trade Commission (FTC) as the “privacy cop on the beat.” As such, the FTC’s current authority in the privacy space—including its ability to draft guidelines, conduct studies, and issue implementing regulations for certain federal privacy laws, would be transferred to the new agency.
As opposed to the Online Privacy Act, a bill introduced by Representatives Anna Eshoo (D-CA-18) and Zoe Lofgren (D-CA-19) that also would create a new privacy agency, Sen. Gillibrand’s bill would not create a new omnibus federal privacy law. Instead, it is focused on the creation of the Data Protection Agency and its rulemaking authority. However, various aspects of the new agency’s authority provide valuable insights into what privacy regulation at the federal level might look like under the bill.
Continue Reading Sen. Kirsten Gillibrand Proposes New Digital Privacy Agency
In a complaint filed on Monday involving an alleged data breach, Barnes v. Hanna Andersson, the California Consumer Privacy Act (CCPA)—the State’s comprehensive privacy law that went into effect on January 1, 2020—was cited for what appears to be the first time in a lawsuit. Importantly, however, the plaintiff…
Continue Reading CCPA Cited for the First Time in Litigation
Last Friday, the Department of Defense announced the release of Version 1.0 of its Cybersecurity Maturity Model Certification (“CMMC”), which sets forth the cybersecurity requirements that contractors and suppliers must meet to participate in the Department’s supply chain. A new post on Covington’s Inside Government Contracts blog discusses the release…
Continue Reading DoD Announces the Release of CMMC Version 1.0
The Eleventh Circuit has issued a decision in Glasser v. Hilton Grand Vacations Company that rejects an expansive interpretation of a key definitional term in the Telephone Consumer Protection Act (TCPA)—an interpretation that has been embraced by the Ninth Circuit. The decision therefore creates a circuit split that could increase…
Continue Reading Eleventh Circuit Rejects Expansive Interpretation of TCPA Autodialer Definition, Creating Split with Ninth Circuit
