HHS: Online trackers without prior authorization and BAAs can violate HIPAA
By Steve Roosa, Sue Ross, Dan Rosenzweig
On the evening of December 1, 2022, the U.S. Department of Health and Human Services (HHS) issued a 12-page Bulletin titled “
Data protection legal insight at the speed of technology
HHS: Online trackers without prior authorization and BAAs can violate HIPAA
By Steve Roosa, Sue Ross, Dan Rosenzweig
On the evening of December 1, 2022, the U.S. Department of Health and Human Services (HHS) issued a 12-page Bulletin titled “…
It appears Snap has become the most recent company to pay a settlement for alleged violations of Illinois Biometric Information Privacy Act (“BIPA”). The law, which gives consumers a private right of action, has become a popular class action and…
On July 13, 2022, the Office of the Superintendent of Financial Institutions (OSFI) released its final Guideline B-13 (the Guideline), setting out technology and cyber risk management expectations for all federally regulated financial institutions (FRFIs), such as banks, insurance and…
The House of Commons recently introduced Bill C-27, the successor to Bill C-11, which died on the docket when Parliament was dissolved in the fall of 2021. Bill C-27 introduces three new acts: the Consumer Privacy Protection Act (“…
In our previous publication, we discussed the legal obligations and procedural considerations surrounding maintaining records of privacy incidents. While the specific obligations vary by jurisdiction, maintaining some form of a record that tracks privacy incidents is a statutory obligation…
The Transportation Security Administration (“TSA”) announced on July 21, 2022 that it is transitioning to a less prescriptive and more result-based approach in its revised emergency cybersecurity directive for critical gas and liquid pipeline companies. The Security Directive Pipeline-2021-02C (“SD02C”), effective July 27, 2022, represents a significant departure from the highly prescriptive requirements set forth in its predecessor directives (SD 2021-02A and SD 2021-02B) issued by the TSA last year.
On June 14, the House of Commons introduced Bill C-26: An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts (Bill C-26). This bill is presented in two parts:
…
The Department for Culture, Media and Sport (DCMS) has finally published the UK government’s long-awaited response to the consultation on the future of the UK data protection regime.
The government set out very high level principles for a Data…
As privacy incidents and security breaches involving personal information become increasingly frequent, organizations are more and more aware of the importance of implementing a robust privacy program to mitigate the risks and impacts of such incidents. While this preparation is…
On Friday, June 3, 2022, the Senate and House released a draft of the American Data Privacy and Protection Act, (ADPPA), a watershed privacy bill that would introduce a federal standard. Currently, a hodgepodge of industry-specific and state…