On February 11, 2019, President Trump signed an Executive Order on “Maintaining American Leadership in Artificial Intelligence.” The Executive Order (EO) recognizes that the United States is the world leader in AI research and development (R&D) and deployment,” and that “[c]ontinued American leadership in AI is of paramount importance. . . .”
Continue reading “New Executive Order on Maintaining American Leadership in Artificial Intelligence”
The Office for Civil Rights at the U.S. Department of Health and Human Services (HHS-OCR) had a record-breaking year in 2018 with Health Insurance Portability and Accountability Act (HIPAA) enforcement activity. HHS-OCR entered into 10 settlements and received summary judgment in a case before an Administrative Law Judge, totaling nearly $28.7 million in enforcement actions. According to the HHS-OCR Director, Roger Severino, this record year underscores the need for covered entities to be proactive about their HIPAA data security.
Continue reading “2018 An All-Time Record Year for HIPAA Enforcement Actions by HHS-OCR”
A new bill, titled the “Washington Privacy Act,” was introduced in the Washington State Senate on January 18, 2019. If enacted, Washington would follow California to become the second state to adopt a comprehensive privacy law.
Similar to the California Consumer Privacy Act (CCPA), the Washington bill applies to entities that conduct business in the state or produce products or services that are intentionally targeted to residents of Washington and includes similar, though not identical size triggers. For example, it would apply to businesses that 1) control or process data of 100,000 or more consumers; or 2) derive 50 percent or more of gross revenue from the sale of personal information, and process or control personal information of 25,000 or more consumers. The bill would not apply to certain data sets regulated by some federal laws, or employment records and would not apply to state or local governments.
Continue reading “New Washington State Privacy Bill Incorporates Some GDPR Concepts”
In December 2018, the New York Attorney General’s Office announced settlements with five companies operating mobile apps, including Equifax and Western Union. The N.Y. Attorney General stated that the companies failed to keep sensitive information secure on their mobile apps and have agreed to implement improved security controls. The settlements came following a data privacy initiative by the Attorney General’s Office to proactively identify security vulnerabilities before consumer information is breached. As part of this effort, the Attorney General’s Office tested dozens of mobile apps that collect sensitive information.
On Friday, the Illinois Supreme Court ruled that in order to pursue a claim for $1,000 – $5,000 in statutory damages under the Biometric Information Privacy Act (BIPA) an individual need not plead or prove more than a technical violation of the statute. This decision opens the door to additional lawsuits under the only biometric law in the nation that allows for a private right of action.
On January 23, 2019, the European Commission announced its decision to adopt adequacy status with Japan for transfers of personal data. Pursuant to the European Union’s (EU) General Data Protection Regulation (GDPR), this decision will allow personal data to flow freely between the 28 EU countries, three additional European Economic Area member countries (Norway, Liechtenstein, and Iceland), and Japan, without the need for additional data protection safeguards or derogations. Japan adopted an equivalent decision with the EU on January 22, 2019. These reciprocal findings of adequacy will create the largest area of safe data flows in the world.
Continue reading “European Union Adopts Adequacy Decision For Safe Data Flows With Japan”
