Photo of Olivia Vega

Olivia Vega

Olivia Vega advises global companies on a broad spectrum of privacy, healthcare, and technology matters, helping them navigate both established and emerging laws and regulations. Her practice includes helping clients comply with state privacy laws, such as the California Consumer Privacy Act and the Washington My Health My Data Act, as well as federal frameworks like HIPAA and the privacy standards established by the Federal Trade Commission.

As part of her practice, Olivia helps clients develop privacy notices and policies, negotiate privacy terms with third-party vendors, and design governance programs for new products and services. Olivia also represents clients in enforcement actions brought by the Federal Trade Commission, particularly in areas like data privacy, artificial intelligence, and marketing practices. In addition, she plays a key role in advancing clients’ advocacy efforts during regulatory rulemaking processes on issues related to data privacy, cybersecurity, and artificial intelligence.

Olivia maintains an active pro bono practice, including assisting small and nonprofit entities with data privacy topics.

Contact:Read more about Olivia VegaEmail

In a new post on the Covington Digital Health blog, our colleagues discuss the Office for Civil Rights’ (“OCR”) recently published request for information (“RFI”) seeking comment on implementing certain provisions of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act.  The RFI seeks input as to
Continue Reading OCR Seeks Comments Related to Recognized Security Practices and Distribution of Civil Monetary Penalties under the HITECH Act

In a new post on the Covington Digital Health blog, our colleagues discuss recently announced Federal Trade Commission (“FTC”) guidance meant to help companies determine their obligations under the Health Breach Notification Rule (the “Rule”).  The guidance follows the FTC’s September 2021 Policy Statement, which expanded the Rule’s application
Continue Reading FTC Releases New Health Breach Notification Rule Guidance, Targets Health Apps and Connected Devices

An Illinois state appellate court recently issued a ruling that could reduce defendants’ litigation exposure on certain types of Biometric Information Privacy Act (“BIPA”) claims.  On September 17, the panel clarified in Tims v. Black Horse Carriers, Inc., 2021 IL App (1st) 200563 (1st Dist. Sept. 17, 2021), that the statutes of limitation applicable to BIPA claims vary depending on the nature of the claim.  Claims for failing to provide a written retention policy, give notice, or obtain consent prior to collecting an individual’s biometric information may be brought within five years.  But claims for violating BIPA’s selling, disclosing, or disseminating information provisions must be brought within one year.
Continue Reading Illinois Court Splits Time on BIPA Statute of Limitations

Florida may be next state to join the growing number of states with a consumer privacy law, as both chambers of Florida’s legislature are currently considering comprehensive state privacy legislation.  Both HB 969 and SB 1734 resemble the California Consumer Privacy Act (“CCPA”), though they contain some notable differences.  Florida Governor Ron DeSantis expressed support of these measures, stating that these proposals “finally check these companies’ unfettered ability to profit off our data and ensure the protection of Floridians’ personal and private information.”
Continue Reading Florida Legislature Considering Comprehensive Privacy Law