Privacy & Cybersecurity
Viewpoints
Filter by:
Nebraska’s Consumer Privacy Law Takes Effect Soon and Targets Businesses Selling Personal Data
November 26, 2024 | Blog | By Michael Katz, Cynthia Larose, Paty Garza Gonzalez
The Nebraska Data Privacy Act (or NEDPA) becomes effective on January 1, 2025. This relatively short period between signature and effective date left little time for impacted companies to prepare; however, Nebraska’s approach to applicability criteria has cast a specifically tailored net focused on businesses selling personal data of Nebraska residents.
Just Around the Corner, Iowa’s Consumer Privacy Law Taking Effect
November 19, 2024 | Blog | By Michael Katz, Cynthia Larose, Paty Garza Gonzalez
Iowa's consumer privacy law is taking effect soon. Learn more about the Iowa Consumer Data Protection Act or “IACDPA” which becomes effective on January 1, 2025.
Consumer Privacy Laws are Taking Effect Across the Nation – Are You Ready?
October 30, 2024 | Blog | By Michael Katz, Cynthia Larose, Paty Garza Gonzalez
Learn about the Oregon Consumer Privacy Law which took effect in July of 2024.
California Privacy Protection Agency Reminds Us that “Dark Patterns” Are Illegal
October 22, 2024 | Blog | By Christopher Buontempo
Dark Patterns come into focus as the California Privacy Protection Agency (CPPA) issues September 4 Enforcement Advisory.
String Of Numbers Or Identifier: The Ninth Circuit Weighs In On BIPA’s Application To Non-Users
October 17, 2024 | Blog | By Scott Lashway, Matthew Stein
In June, the U.S. Court of Appeals for the Ninth Circuit affirmed a social media company’s summary judgment win on BIPA claims, in a sophisticated ruling providing a plausible path forward for technology companies and others offering facial matching services.
Rhode Island Enacts Comprehensive Privacy Law
July 17, 2024 | Blog | By Christopher Buontempo
The RIDTPPA provides privacy rights to Rhode Islanders and imposes obligations on covered entities largely in line with several other U.S. state privacy laws.
Maryland Enacts Sweeping Privacy Reform
May 16, 2024 | Blog | By Cynthia Larose, Jon Taylor
The push by U.S. states to pass data privacy laws continues with Maryland being the 18th state to join their ranks. However, Maryland has taken a more stringent and comprehensive approach than many of its peers
Maryland Says “Don’t Mess with Kids”
May 16, 2024 | Blog | By Cynthia Larose, Jon Taylor
As U.S. states continue to pass data privacy legislation, Maryland has gone above and beyond in signing both the Maryland Online Data Privacy Act of 2024 (MODPA) and the Maryland Age Appropriate Design Code (HB 603/SB 5712023) into law on May 9, 2024. The Kids Code will go into effect in October and the MODPA will go into effect one year thereafter.
HIPAA Privacy Protections for PHI related to Reproductive Health Care: The Final Rule and what Covered Entities and Business Associates need to Know
April 26, 2024 | Blog | By Cassandra Paolillo
Earlier this week, the Biden-Harris Administration, through the Office for Civil Rights (OCR) announced a Final Rule aimed at protecting protected health information (PHI) related to lawfully provided reproductive health care services. As we discussed last year, the HIPAA Privacy Rule to Support Reproductive Health Care Privacy was proposed in response to concerns about the confidentiality of PHI related to reproductive health care following the decision in Dobbs v. Jackson Women’s Health Organization. In the executive summary of the Final Rule, OCR emphasized that the changing post-Dobbs legal landscape “increases the likelihood that an individual’s PHI may be disclosed in ways that cause harm to the interests that HIPAA seeks to protect, including the trust of individuals in health care providers and the health care system.” The Final Rule defines “reproductive health care” as “health care…that affects the health of an individual in all matters relating to the reproductive system and to its functions and processes.”
American Privacy Rights Act – Another Shot at a Comprehensive Federal Privacy Law
April 17, 2024 | Blog | By Cynthia Larose, Christopher Buontempo
Will the U.S. finally join most developed nations and pass a comprehensive federal privacy law? Some believe this may be the year that the U.S. does just that.
New Jersey Adopts a Comprehensive Data Privacy Law
April 15, 2024 | Blog | By Cynthia Larose, Jon Taylor
This post provides the details and information you and your business need to know about the New Jersey Privacy Act (NJPA), signed into law by Governor Phil Murphy.
HHS Health Care Cybersecurity Performance Goals: Proposed Incentives, Penalties and Compliance Standards Review
April 4, 2024 | Blog | By Pat Ouellette
As promised in the U.S. Department of Health and Human Services (HHS) concept paper in December 2023, the agency published voluntary health care and public health cybersecurity performance goals (HPH CPGs) in January 2024 and then proposed in the HHS FY 2025 Budget to establish certain HPH CPG compliance incentives and penalties for hospitals.
Further Updates to the CPPA Proposed Regulations: Risk Assessments and Automated Decisionmaking Technology
March 25, 2024 | Blog | By Cynthia Larose, M. Bertie Magit
After years of internal discussion, the Board of the California Privacy Protection Agency (CPPA), at their March 8th meeting, voted to progress toward formalizing the proposed regulations on risk assessments and automated decisionmaking technology (ADMT).
Major Win for California Privacy Protection Agency: Enforcement of Regulations Can Begin Immediately
February 15, 2024 | Blog | By Cynthia Larose
If you have been relying on last year’s court order staying the ability of the California Privacy Protection Agency (CPPA) to enforce regulations promulgated under the California Privacy Rights Act (CPRA) to also stay your own CPRA compliance program --- time to ramp back up.
New Year, New Privacy Law in New Jersey
January 30, 2024 | Blog | By M. Bertie Magit
Consumer privacy protection must have been tops on the New Jersey legislature’s list of New Year’s resolutions. The year was just two weeks old and New Jersey became the first State in 2024 to enact a comprehensive privacy law and is now one of over a dozen states to have its own comprehensive privacy law (together, the Privacy States”). New Jersey Governor Phil Murphy wrote in a recent press release that he is proud New Jersey is better protecting its residents with Senate Bill 332/A1971 (the “Law”). This comprehensive law aims to protect consumer privacy by creating strict requirements for how applicable companies may use and collect personal data from New Jersey consumers and provides such consumers with rights of access, modification and deletion of their personal data.
FTC Warns AI Companies to Honor Privacy and Confidentiality Commitments — AI: The Washington Report
January 19, 2024 | Blog | By Michael Katz, Bruce Sokler, Alexander Hecht, Christian Tamotsu Fjeld, Raj Gambhir
Read about the FTC’s business guidance blog post discussing its resolve to enforce the privacy commitments of certain AI firms known as “model-as-a-service” companies in the latest edition of AI: The Washington Report, a joint undertaking of Mintz and ML Strategies covering potential federal legislative, executive, and regulatory activities related to AI.
2023 Round-Up on State Consumer Data Privacy Laws
December 28, 2023 | Blog | By Ilse P. Johnson, Michael Katz, Jon Taylor
Updates to CPPA Proposed Regulations – Part 2: Risk Assessments and Automated Decisionmaking Technology
December 15, 2023 | Blog | By M. Bertie Magit
This post will analyze the discussion and draft regulations for risk assessments and automated decisionmaking technology. The board spent over three hours on this agenda item, focusing closely on defined terms and the timing of certain requirements. As these regulations will impose new burdens and restrictions on many businesses, the board is walking a tightrope, balancing between protecting the consumer and burdening businesses.
Updates to CCPA Proposed Regulations: Cybersecurity Audits
(Spoiler Alert … they will cost real money and take real effort)
December 14, 2023 | Blog | By Christopher Buontempo
HHS Proposes Plan to Advance Cyber Resiliency in Health Care; OCR Settles Phishing Attack Investigation
December 12, 2023 | Blog | By Pat Ouellette
The U.S. Department of Health and Human Services (HHS) released a concept paper on December 6, 2023 outlining its action plan to enhance cyber resiliency in the health care sector by proposing certain voluntary cybersecurity actions and standards that may ultimately become requirements.
Explore Other Viewpoints:
- AI: The Washington Report
- Antitrust
- Appellate
- Arbitration, Mediation & Alternate Dispute Resolution
- Artificial Intelligence
- Awards
- Bankruptcy & Restructuring
- California Land Use
- Cannabis
- Class Action
- Complex Commercial Litigation
- Construction
- Consumer Product Safety
- Corporate Governance (ESG)
- Cross-Border Asset Recovery
- Debt Financing
- Direct Investing (M&A)
- Diversity
- EB-5 Financing
- Education & Nonprofits
- Employment
- Energy & Sustainability
- Environmental (ESG)
- Environmental Enforcement Defense
- Environmental Law
- Environmental, Social, and Corporate Governance (ESG)
- FDA Regulatory
- False Claims Act
- Federal Circuit Appeals
- Financial Institution Litigation
- Government Law
- Growth Equity
- Health Care
- Health Care Compliance, Fraud and Abuse, & Regulatory Counseling
- Health Care Enforcement & Investigations
- Health Care Transactions
- Health Information Privacy & Security
- IP Due Diligence
- IPRs & Other Post Grant Proceedings
- Immigration
- Impacts of a New US Administration
- Insolvency & Creditor Rights Litigation
- Institutional Investor Class Action Recovery
- Insurance & Financial Services
- Insurance Consulting & Risk Management
- Insurance and Reinsurance Problem-Solving & Dispute Resolution
- Intellectual Property
- Investment Funds
- Israel
- Licensing & Technology Transactions
- Life Sciences
- Litigation & Investigations
- M&A Litigation
- ML Strategies
- Medicare, Medicaid and Commercial Coverage & Reimbursement
- Mergers & Acquisitions
- Patent Litigation
- Patent Prosecution & Strategic Counseling
- Pharmacy Benefits and PBM Contracting
- Portfolio Companies
- Privacy & Cybersecurity
- Private Client
- Private Equity
- Pro Bono
- Probate & Fiduciary Litigation
- Products Liability & Complex Tort
- Projects & Infrastructure
- Public Finance
- Real Estate Litigation
- Real Estate Transactions
- Real Estate, Construction & Infrastructure
- Retail & Consumer Products
- Securities & Capital Markets
- Securities Litigation
- Social (ESG)
- Special Purpose Acquisition Company (SPACs)
- Sports & Entertainment
- State Attorneys General
- Strategic IP Monetization & Licensing
- Tax
- Technology
- Technology, Communications & Media
- Technology, Communications & Media Litigation
- Trade Secrets
- Trademark & Copyright
- Trademark Litigation
- Value-Based Care
- Venture Capital & Emerging Companies
- White Collar Defense & Government Investigations
- Women's Health and Technology