On Wednesday, October 6th, Governor Gavin Newsom signed SB 41, the Genetic Information Privacy Act, which expands genetic privacy protections for consumers in California, including those interacting with direct-to-consumer (“DTC”) genetic testing companies. In a recent Inside Privacy blog post, our colleagues discussed SB 41 and the growing patchwork of state genetic privacy laws
The United Arab Emirates Announces New Federal Data Protection Law
On 5 September 2021, the UAE announced plans to introduce a new federal data protection law (“UAE Data Law”) in the coming weeks, its first-ever comprehensive data privacy and protection law to be issued. The new law forms part of the UAE’s Projects of the 50, a set of economic and developmental…
Newly Effective Florida Law Imposing Criminal Sanctions Adds to Developing Nationwide Patchwork of State Genetic Privacy Laws
Last Friday, October 1, the Protecting DNA Privacy Act (HB 833), a new genetic privacy law, went into effect in the state of Florida establishing four new crimes related to the unlawful use of another person’s DNA. While the criminal penalties in HB 833 are notable, Florida is not alone in its focus on increased genetic privacy protections. A growing number of states, including Utah, Arizona, and California, have begun developing a net of genetic privacy protections to fill gaps in federal and other state legislation, often focused on the privacy practices of direct-to-consumer (“DTC”) genetic testing companies. While some processing of genetic information is covered by federal law, the existing patchwork of federal genetic privacy protections do not clearly cover all forms of genetic testing, including DTC genetic tests. …
Continue Reading Newly Effective Florida Law Imposing Criminal Sanctions Adds to Developing Nationwide Patchwork of State Genetic Privacy Laws
COVID-19: Legal Considerations and Best Practices for Employers Processing Vaccination Data
With the rollout of the COVID-19 vaccine, more and more businesses are planning to reopen their physical office spaces. They are confronted with ensuring a safe workplace and minimizing the risk of exposure to COVID-19. As employers consider health screening measures, ranging from temperature checks to vaccine mandates, they must navigate complex privacy issues.
Continue Reading COVID-19: Legal Considerations and Best Practices for Employers Processing Vaccination Data
COVID-19 Vaccine Verification Frameworks: Emerging Standards Seek to Balance Privacy Concerns With Public Health Benefits
As COVID-19 vaccination becomes required in more personal and professional contexts, several different frameworks have emerged that propose both guiding principles and technical requirements for vaccine verification systems, including those developed by the World Health Organization (WHO) and the Good Health Pass Collaborative (GHPC).
Continue Reading COVID-19 Vaccine Verification Frameworks: Emerging Standards Seek to Balance Privacy Concerns With Public Health Benefits
FTC Adopts Policy Statement on Privacy Breaches by Health Apps and Connected Devices
On September 15, the Federal Trade Commission (“FTC”) adopted, on a 3-2 party-line vote, a policy statement that takes a broad view of which health apps and connected devices are subject to the FTC’s Health Breach Notification Rule (the “Rule”) and what triggers the Rule’s notification requirement.
The Rule was promulgated in 2009 under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. Under the Rule, vendors of personal health records that are not otherwise regulated under the Health Insurance Portability and Accountability Act (“HIPAA”) are required to notify individuals, the FTC, and, in some cases, the media following a breach involving unsecured identifiable health information. Third-party service providers also are required to notify covered vendors of any breach.
Continue Reading FTC Adopts Policy Statement on Privacy Breaches by Health Apps and Connected Devices
New Bill Would Revoke Section 230 Liability Protection for “Health Misinformation” Promoted During Public Health Emergencies
To add to the growing number of bills that would amend or revoke Section 230 of the Communications Decency Act, last month Senator Amy Klobuchar (D-MN) introduced the Health Misinformation Act of 2021 (S.2448). Senator Ben Lujan (D-NM) cosponsored the bill.
The bill would amend Section 230 to revoke the Act’s liability shield…
Belgian Supervisory Authority Launches Public Consultation on the Use of Biometric Data
On July 15, 2021, the Belgian Supervisory Authority (“SA”) released a 40-page draft recommendation on the use of biometric data and launched a public consultation to solicit feedback about it.
Most notably, the SA points out that there is no valid legal basis other than explicit consent (with all the GDPR limitations attached to it) that would enable the processing of biometric data for authentication purposes (e.g., security), because Belgian lawmakers failed to adopt the required national legislation to supplement the GDPR (specifically, to underpin the public interest exception found in Art. 9(2)(g) GDPR for processing sensitive personal data). The SA considers this outcome a departure from the rules that applied prior to the GDPR, and will therefore allow a one-year grace period to give controllers and lawmakers sufficient time to address the issue.…
Continue Reading Belgian Supervisory Authority Launches Public Consultation on the Use of Biometric Data
Proposed Bill Would Expand the Scope of the CMIA
In a new post on the Covington Digital Health blog, our colleagues discuss proposed legislation that would expand the definition of “provider of health care” under California’s Confidentiality of Medical Information Act (“CMIA”).
Continue Reading Proposed Bill Would Expand the Scope of the CMIA
Major Cyber-attack on Irish Health System Causes Commercial Concern
Continue Reading Major Cyber-attack on Irish Health System Causes Commercial Concern