On 10 July, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework (the DP Framework). It thereby declared that the United States (the US) ensures an adequate level of protection for personal data transferred
Court delays new California privacy regulations
On June 30, 2023—the day before the regulations were scheduled to go into effect—the Superior Court of California halted the enforcement of the California regulations that had been finalized on March 29, 2023 until March 29, 2024. (California Chamber
Texas enacts comprehensive privacy law
On June 13, 2023, the Texas Governor signed HB4, making Texas the tenth state to have a comprehensive privacy law, joining California, Colorado, Connecticut, Montana, Virginia, and Utah (all in effect or going into effect in 2023), Montana and
Biden restricts U.S. government use of commercial spyware
Governments state that they use commercial spyware exclusively for criminal investigations, but critics claim such spyware has purportedly been used for human rights abuses targeting journalists, human rights defenders, lawyers, and political dissidents. Moreover, the U.S. Government and its employees
Privacy law is becoming more technically sophisticated. So should you.
As privacy laws and requirements become more technically sophisticated, businesses may want to consider how they can follow suit.
FTC proposed consent order prohibits perpetual retention of personal information
We had previously written about an FTC proposed consent order that would prohibit a company from perpetual retention of personal health information. On March 2, 2023, the FTC announced a complaint and proposed consent with BetterHelp, Inc. that would prohibit
BIPA damages accrue per transaction
On February 17, 2023, the Illinois Supreme Court decided, by a 4-3 vote, that each time a private entity scans or transmits an individual’s biometric information without complying with Illinois Biometric Information Privacy Act (BIPA), that constitutes a separate violation
“Forever and forever, farewell”: FTC prohibits indefinite retention of PHI in consent order
On February 1, 2023, the Federal Trade Commission announced a complaint and stipulated order with GoodRx, with the FTC using for the first time its interpretation of the Health Breach Notification Rule. Under the Rule, the FTC interpreted a
ICYMI – Late December in privacy and cybersecurity
Late December and early January tend to be a busy time for everyone, so you may have missed a privacy update or two during that time. We have set out some updates in the form of questions, with some links
BIPA and the record retention requirement
On November 30, 2022, an Illinois court of appeals ruled that Illinois’ biometrics privacy law—known as BIPA—requires that anyone subject to that law must develop a retention and destruction schedule when it possesses biometric data. In this case, the