Archives: United States

Subscribe to United States RSS Feed

HHS Seeks to Facilitate Certain Uses and Disclosures of Health Data to Public Health and Health Oversight Agencies Amidst COVID-19 Nationwide Public Health Emergency

On April 2, 2020, the U.S. Department of Health and Human Services (“HHS”) issued a Notification of Enforcement Discretion (the “Notification”) regarding the disclosure of protected health information (“PHI”) to public health authorities and use of PHI to perform analytics for such authorities.  Designed to “facilitate uses and disclosures for public health and health oversight … Continue Reading

Washington Enacts New Facial Recognition Law

On March 31st, Washington Governor Jay Inslee signed into law SB 6280, a bill aimed at regulating state and local government agencies’ use of facial recognition services.  An overview of the law’s provisions can be found here. Notably, Governor Inslee vetoed Section 10 of the bill, which aimed to establish a legislative task force that … Continue Reading

COVID-19 Cybersecurity Advice: FTC and FBI Provide Guidance on Cybersecurity Scam Trends and Preventive Measures

In response to the COVID-19 outbreak, several U.S. government entities have released warnings about a rise in scams and fraudulent activity connected to the outbreak.  In a recent bulletin, the FBI warned of a rise in phishing emails, counterfeit treatments or equipment for COVID-19 preparedness, and fake emails from the Centers for Disease Control and … Continue Reading

HHS Relaxes Enforcement of Certain HIPAA Provisions Amidst COVID-19 Nationwide Public Health Emergency

This month, the U.S. Department of Health and Human Services (“HHS”) issued guidance waiving enforcement of certain provisions of the Health Insurance Portability and Accountability Act (“HIPAA”) in response to the COVID-19 nationwide public health emergency.… Continue Reading

Washington State Passes Bill Limiting Government Use of Facial Recognition

On March 12, 2020, Washington’s state legislature passed SB 6280, a bill that will regulate state and local government agencies’ use of facial recognition services (“FRS’s”).  The bill aims to create a legal framework by which agencies may use FRS’s to the benefit of society (for example, by assisting agencies in locating missing or deceased … Continue Reading

New York SHIELD Act’s Reasonable Safeguard Requirements Became Effective on March 21st —Is Your Company Ready?

On March 21, 2020, the data security requirements of the New York SHIELD Act became effective.  The Act, which amends New York’s General Business Law, represents an expansion of New York’s existing cybersecurity and data breach notification laws.  Its two main impacts on businesses are: expanding data breach notification requirements under New York law; and … Continue Reading

FCC Clarifies that COVID-19 “Emergency Purposes” Calls/Text are Not Subject to “Prior Express Consent” Requirement

Yesterday, the Federal Communications Commission (“FCC”) on its own motion released a Declaratory Ruling to confirm that the COVID-19 pandemic constitutes an “emergency” under the Telephone Consumer Protection Act (“TCPA”); as a consequence, hospitals, health care providers, state and local health officials, and other government officials may lawfully communicate through automated or prerecorded calls (which … Continue Reading

COVID-19 Cybersecurity Advice: FTC, NIST, and CISA Release Guidance on Secure Teleworking and Critical Infrastructure Jobs

In response to the drastic increase of U.S. employees working remotely, the U.S. Federal Trade Commission (“FTC”) and the U.S. National Institute of Standards and Technology (“NIST”) have both issued guidance for employers and employees on best practices for teleworking securely.  In addition, the Cybersecurity and Infrastructure Security Agency (“CISA”) has provided advice on identifying … Continue Reading

Vermont Enacts Data Breach Notification and Student Privacy Legislation

Earlier this month, the Governor of Vermont signed into law S.B. 110, which will amend the state’s data breach notification law and create a new student privacy law focused on operators of educational technology services.  Notably, the amendments to the state’s data breach notification law will expand the categories of personally identifiable information (“PII”) that … Continue Reading

FTC Sends Warning Letters to Teami Tea Influencers

Cardi B might like it, but the Federal Trade Commission (“FTC”) did not.  On March 5, 2020, the agency sent Cardi B and other high-profile influencers warning letters alleging that the influencers made inadequate disclosures in their endorsements of Teami tea.  The letters followed on the heels of the FTC’s proposed order against Teami, LLC … Continue Reading

HHS Finalizes Interoperability Rules

In a new post on the Covington Digital Health blog, our colleagues discuss two recent final rules aimed at improving patient access to electronic health information (EHI) and standardizing modes of exchange for EHI.  Among other things, the rules are intended to prevent so-called “information blocking” and to provide patients with greater control over their … Continue Reading

California AG Releases Draft CCPA Regulations: Round 3

In the latest development in the CCPA saga, the California Attorney General has further modified the draft regulations implementing the California Consumer Privacy Act (“CCPA”). His office’s website posted clean and redlined versions of the new regulations (the “March draft regulations”). Below, please find a summary of some of the most notable changes:… Continue Reading

New Bill Seeks to Impose Design Restrictions on Kids’ Online Content and Marketing

On March 5, Senators Ed Markey (D-MA) and Richard Blumenthal (D-CT) introduced the Kids Internet Design and Safety (KIDS) Act.  The bill, which covers online platforms directed to children and teenagers under 16 years old, aims to curb the time spent by these minors on such platforms and could dramatically affect advertising and influencer content … Continue Reading

California Introduces Bill to Regulate Automated Decision Systems

On February 14, 2020, California State Assembly Member Ed Chau introduced the Automated Decision Systems Accountability Act of 2020, which would require any business in California that provides a person with a program or device that uses an “automated decision system” (“ADS”) to establish processes to “continually test for biases during the development and usage … Continue Reading

Sen. Kirsten Gillibrand Proposes New Digital Privacy Agency

On February 12, 2020, Senator Kirsten Gillibrand (D-NY) announced a plan to create a new Data Protection Agency through her proposed legislation, the Data Protection Act of 2020 (S.3300). Under the proposal, the new agency would replace the Federal Trade Commission (FTC) as the “privacy cop on the beat.”  As such, the FTC’s current authority … Continue Reading

Kids’ Privacy Bill Allowing for Private Suits Introduced in House

On January 30, House Rep. Kathy Castor (D-FL) introduced the Protecting the Information of our Vulnerable Children and Youth (“PRIVCY”) Act, a bill that promises to be a significant overhaul of the Children’s Online Privacy Protection Act (“COPPA”). Currently, COPPA applies only to personal information collected from children under 13 years old.  The PRIVCY Act … Continue Reading

State Privacy Trends to Watch in 2020

While all eyes are on California following the implementation of the California Consumer Privacy Act (“CCPA”) earlier this month and the start of enforcement later this year, other states are off to the privacy races already.  On Monday, Washington State became the latest entrant with the introduction of a revised Washington Privacy Act. From the … Continue Reading

FTC Summarizes 2019 Changes to Data Security Orders

In a recent blog post, the Federal Trade Commission highlighted three key changes it made in 2019 in its approach to issuing orders in data security enforcement matters.  As stated by Andrew Smith, the Director of the FTC’s Bureau of Consumer Protection, in the blog post, the agency intends for these changes to strengthen consumer … Continue Reading

State Legislatures Are Off to the Privacy Races, With New Hampshire in the Lead

While some state legislators are still putting away their holiday decorations, New Hampshire legislators introduced new data privacy legislation, New Hampshire House Bill 1680.  The legislation is similar to the California Consumer Privacy Act (which we’ve written extensively about before, including here and here).  It grants consumers access, portability, transparency, non-discrimination, deletion, and opt-out-of-sale rights … Continue Reading

Four Federal Privacy Trends to Watch in 2020

Heading into the new year, California Consumer Privacy Act (“CCPA”) readiness remains top of mind for many businesses, especially as continued developments, such as the California Attorney General’s forthcoming implementing regulations, may implicate compliance efforts.  State legislation will likely move forward in 2020.  At the same time, however, companies should not lose sight of legislative … Continue Reading

FTC Settles with Broker Who Allegedly Disclosed Personal Information of Yelp Reviewers

On January 6, 2020, the Federal Trade Commission (FTC) sued a California-based mortgage broker for allegedly disclosing the personal information of customers who left negative Yelp reviews, and filed a settlement of the claims. According to the complaint, Ramon Walker is the owner and operator of Mortgage Solutions FCS, Inc., a broker connecting residential mortgage … Continue Reading

House Energy and Commerce Committee Circulates Draft Privacy Bill Expanding FTC Authority

On December 18, 2019, staffers on the House Energy and Commerce Committee circulated a draft of a bipartisan privacy bill.  The draft is currently unnamed and unfinished, but it lays out a comprehensive framework that expands both individuals’ rights to their data and the FTC’s enforcement role over digital privacy.  Rep. Cathy McMorris-Rodgers (R-Wash.) and … Continue Reading

Democratic Senators Introduce the Consumer Online Privacy Rights Act

On November 26, 2019, a group of Democratic senators introduced the Consumer Online Privacy Rights Act (COPRA).  This comprehensive privacy bill—sponsored by Senators Maria Cantwell (D-WA), Brian Schatz (D-HI), Amy Klobuchar (D-MN), and Ed Markey (D-MA)—would grant individuals broad control over their data, impose new obligations on data processing, and expand the FTC’s enforcement role … Continue Reading

State Privacy Laws Have the Potential to Haunt Industry

With less than two months until it goes into effect, many practitioners are focused on bringing their programs into compliance with the California Consumer Protection Act (“CCPA”) by January 1, 2020.  But the rapid pace of privacy legal developments could continue next year.  This past year, five states established studies or task forces to study … Continue Reading
LexBlog