In a new post on the Covington Digital Health blog, our colleagues discuss a recent amendment to California’s Confidentiality of Medical Information Act (“CMIA”) that expands the scope of the law to cover mental health services that are delivered through digital health solutions and the associated health information generated from these services. 

Continue Reading California Expands the Scope of the CMIA to Cover Certain Digital Mental Health Services and Information

The California Privacy Protection Agency (“CPPA”) held two informational hearings on March 29, 2022 and March 30, 2022, in anticipation of its upcoming rulemaking later this year.  While the CPPA Board was present throughout the hearings, its members did not present any views as part of the program.  The speakers covered the following topics of note:
Continue Reading California Privacy Protection Agency Holds Informational Hearings

2021 was another busy year for data privacy regulatory enforcement and litigation. With some distance to reflect on last year, we have prepared this post identifying and describing important trends from 2021 that can help provide insight into what to expect in the data privacy landscape in 2022.

Data Privacy Regulatory Enforcement Trends

Federal Trade Commission (FTC) and state enforcement action in 2021 centered on several key areas, including protecting children.

An FTC enforcement action last year alleged that the maker of an online coloring book application violated the Children’s Online Privacy Protection Act (COPPA) by collecting personal information about children who used the app without notifying their parents and obtaining their consent.  The allegations note that the app included a “Kids” category that was targeted to children.  The FTC further claimed that the app’s social media features collected personal information from users and that some parents, lacking knowledge of these features, may have inadvertently permitted their young children to use the app.
Continue Reading 2021 Trends in Privacy Regulatory Enforcement and Litigation

Last Friday, October 1, the Protecting DNA Privacy Act (HB 833), a new genetic privacy law, went into effect in the state of Florida establishing four new crimes related to the unlawful use of another person’s DNA.  While the criminal penalties in HB 833 are notable, Florida is not alone in its focus on increased genetic privacy protections.  A growing number of states, including Utah, Arizona, and California, have begun developing a net of genetic privacy protections to fill gaps in federal and other state legislation, often focused on the privacy practices of direct-to-consumer (“DTC”) genetic testing companies.  While some processing of genetic information is covered by federal law, the existing patchwork of federal genetic privacy protections do not clearly cover all forms of genetic testing, including DTC genetic tests.
Continue Reading Newly Effective Florida Law Imposing Criminal Sanctions Adds to Developing Nationwide Patchwork of State Genetic Privacy Laws

The California Privacy Protection Agency (CPPA), which is responsible for issuing regulations implementing the California Privacy Rights Act (CPRA), has posted its approved discussion draft for seeking public comments in preparation for its CPRA rulemaking activities.  The CPPA indicated that it is particularly interested in receiving comments on the following eight topics:
Continue Reading California Privacy Protection Agency Seeks Comments on Preliminary CPRA Issues

Voters in California approved Proposition 24, which updates the California Consumer Privacy Act (“CCPA”) just a few months after the landmark regulations implementing the privacy law went into effect.  As we have previously explained, the California Privacy Rights Act (“CPRA”) will change the existing CCPA requirements in a number of ways, including limiting the sharing of personal information for cross-context behavioral advertising and the use of “sensitive” personal information, as well as creating a new correction right.  It also establishes a new agency to enforce California privacy law.  The key provisions of the bill will not go into effect until January 1, 2023, providing much-needed time to clarify the details and for businesses to adjust their CCPA compliance approaches to account for the additional requirements.

Continue Reading Californians Approve Ballot Initiative Modifying the California Consumer Privacy Act

In a new post on the Covington Digital Health blog, our colleagues discuss California Attorney General Xavier Becerra’s recent settlement against Glow, Inc., resolving allegations that the fertility app had “expose[d] millions of women’s personal and medical information.” The post explains the allegations and settlement terms, as well as takeaways for providers of digital

On Monday, the California Attorney General (“AG”) proposed a third set of modifications to the recently enacted California Consumer Privacy Act (“CCPA”) regulations.  Interested parties have until October 28 to file comments in response.

These proposed modifications are the latest effort in an extensive rulemaking process that has lasted more than a year.  Most recently, on August 14, the California Office of Administrative Law (“OAL”) formally approved the AG’s initial set of CCPA regulations, which went into effect immediately.  In approving the regulations, the OAL deleted five provisions that had been included in the version the AG submitted in June, but indicated that the AG could revise and resubmit those subsections for approval in the future.  The latest modifications are largely focused on reviving several of these last-minute removals.
Continue Reading California Attorney General Releases New Proposed Modifications to California Consumer Privacy Act Regulations

Two developments in the past week will likely have a significant impact on businesses subject to the California Consumer Privacy Act (“CCPA”): the long-awaited CCPA regulations have been finalized and put into immediate effect with modifications, while at the same time it seems increasingly likely that the exemptions for employees’ and business-to-business contacts’ data will be extended beyond January 2021.
Continue Reading Final CCPA Regulations Take Effect With Modification; Extension of Employee and Business-to-Business Exemptions Advances