Tagged as: CCPA / CPRA

Conducting Privacy Impact Assessments State-By-State

While data protection or privacy impact assessments may be familiar to businesses that process personal information of individuals from certain countries outside the U.S. — e.g., those in Europe — until recently, consumer privacy laws applicable to businesses in the U.S. have not mandated PIAs. PIAs help businesses identify risks that…

Read More

Takeaways from Washington's Sweeping Health Privacy Bill

On April 27, Washington Gov. Jay Inslee signed into law the state’s sweeping health privacy bill – the My Health Data Act.[1] The act, which establishes a comprehensive privacy framework for entities that do business in the state and that handle consumer health data, will take effect less than a…

Read More

6 Predictions, 6 Attorneys - Goodwin's 2023 Data, Privacy & Cybersecurity Outlook

In honor of Data Privacy Week, and as we kick off 2023, many of us are wondering what this year’s hot topics and trends will be in the privacy and cybersecurity sector. How will the new Privacy Shield in the EU and UK affect data regulation? How will state privacy…

Read More

The Sephora Case: Do Not Sell - But Are You Selling?

Businesses barely had time to recover from a hectic privacy summer, with U.S. privacy legislation making progress on the Hill and the U.S. Federal Trade Commission’s launch of a sweeping rulemaking initiative, when California Attorney General Rob Bonta dropped a bombshell: The first enforcement settlement under the California Consumer Privacy Act. Pursuant…

Read More

Deidentified Under HIPAA, But Regulated Under the CCPA

The Health Insurance Portability and Accountability Act (“HIPAA”) establishes standards by which Protected Health Information (“PHI”) may be deidentified.  Upon deidentification, HIPAA generally allows covered entities to use or disclose the information without limitation.  However, states are increasingly passing privacy laws with definitions of personal information expansive enough to arguably…

Read More

Utah Passes Comprehensive Consumer Privacy Legislation

On March 24, 2022, Utah became the fourth U.S. state to adopt consumer data privacy legislation after Utah Gov. Spencer Cox signed the Utah Consumer Privacy Act (“UCPA”).  The UCPA is largely based on the Virginia Consumer Data Protection Act (“VCDPA”). It regulates how a controller (defined by the UCPA…

Read More

The Princeton University Data Access Research: A Timely Reminder to Revisit Data Subject Request Processes

Update: Since going live with the below, the EDPB has published its draft guidelines addressing key aspects of a data subject’s right of access.  More to follow soon. Last month, a large number of EU and US companies received queries about their data access request procedures under the General Data Protection…

Read More

The Year Ahead: Privacy Developments in 2022

Now that 2021 came to a close, what does our crystal ball predict for privacy developments in 2022? Here’s a quick rundown. Law and policy developments In 2022, expect an avalanche of new laws and regulations, attempting to govern and impose order on a dizzying array of tech developments. New…

Read More

Biometrics Regulations: Navigating US Biometric Laws

The United States is in need of comprehensive federal data privacy legislation, which may finally be gaining traction. In late 2019, two competing federal privacy proposals were drafted. Senate Bill 2968 (the “Consumer Online Privacy Rights Act”), was introduced by Senator Maria Cantwell (D-WA), among others.  And the “United States…

Read More

12