Category: Privacy

GAO Report Recommends Congress Consider Comprehensive Privacy Regulation

Share

The GAO recently concluded a comprehensive analysis of the U.S. federal regulatory landscape with respect to internet privacy, specifically focusing on FTC and FCC enforcement actions and authorities. GAO interviewed representatives from industry, consumer advocacy groups, academia, FTC and FCC staff, former FTC and FCC commissioners, and officials from other agencies. (See page 40 of the GAO report for a complete list of those interviewed.) GAO recommends that Congress consider developing comprehensive legislation on internet privacy that would enhance existing consumer protections and provide flexibility to address a rapidly evolving privacy environment.

Continue reading “GAO Report Recommends Congress Consider Comprehensive Privacy Regulation”

$3 Million Settlement for Two Separate HIPAA Breaches Affecting Over 62,500 Individuals

Share

Cottage Health and the Office for Civil Rights at the U.S. Department of Health and Human Services (HHS-OCR) recently entered into a $3 million no-fault settlement and three year corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA). This was HHS-OCR’s last HIPAA related settlement of 2018 – a record year in HIPAA enforcement activity, as detailed in this DBR on Data blog post.

Continue reading “$3 Million Settlement for Two Separate HIPAA Breaches Affecting Over 62,500 Individuals”

New Washington State Privacy Bill Incorporates Some GDPR Concepts

Share

A new bill, titled the “Washington Privacy Act,” was introduced in the Washington State Senate on January 18, 2019. If enacted, Washington would follow California to become the second state to adopt a comprehensive privacy law.

Similar to the California Consumer Privacy Act (CCPA), the Washington bill applies to entities that conduct business in the state or produce products or services that are intentionally targeted to residents of Washington and includes similar, though not identical size triggers. For example, it would apply to businesses that 1) control or process data of 100,000 or more consumers; or 2) derive 50 percent or more of gross revenue from the sale of personal information, and process or control personal information of 25,000 or more consumers. The bill would not apply to certain data sets regulated by some federal laws, or employment records and would not apply to state or local governments.

Continue reading “New Washington State Privacy Bill Incorporates Some GDPR Concepts”

Rosenbach v. Six Flags Entertainment Corporation – Illinois Supreme Court Holds That a Technical Violation of Statutory Biometric Rights is Sufficient to Bring a Claim

Share

On Friday, the Illinois Supreme Court ruled that in order to pursue a claim for $1,000 – $5,000 in statutory damages under the Biometric Information Privacy Act (BIPA) an individual need not plead or prove more than a technical violation of the statute.  This decision opens the door to additional lawsuits under the only biometric law in the nation that allows for a private right of action.

Continue reading “Rosenbach v. Six Flags Entertainment Corporation – Illinois Supreme Court Holds That a Technical Violation of Statutory Biometric Rights is Sufficient to Bring a Claim”

European Union Adopts Adequacy Decision For Safe Data Flows With Japan

Share

On January 23, 2019, the European Commission announced its decision to adopt adequacy status with Japan for transfers of personal data.  Pursuant to the European Union’s (EU) General Data Protection Regulation (GDPR), this decision will allow personal data to flow freely between the 28 EU countries, three additional European Economic Area member countries (Norway, Liechtenstein, and Iceland), and Japan, without the need for additional data protection safeguards or derogations.  Japan adopted an equivalent decision with the EU on January 22, 2019.  These reciprocal findings of adequacy will create the largest area of safe data flows in the world.

Continue reading “European Union Adopts Adequacy Decision For Safe Data Flows With Japan”

California Attorney General’s Office Gathers Public Opinions Regarding the Implementation of the California Consumer Privacy Act

Share

The California Department of Justice has opened up public forums this month as part of the Attorney General’s rulemaking process to promulgate regulations under the California Consumer Privacy Act of 2018 (CCPA). We previously discussed the Attorney General’s Office’s public statement regarding the CCPA here.

As required by the CCPA, the Attorney General must adopt certain regulations on or before July 1, 2020. In holding these public forums, the Attorney General’s Office hopes to provide an initial opportunity for the public to participate in establishing procedures to facilitate consumers’ rights under the CCPA and to provide guidance for business compliance. Specifically, the following aspects are of high priority: businesses’ obligation to disclose data collection and sharing practices to consumers; consumer rights to request deletion of data; consumer rights to opt out of having their personal information sold to third parties; and restrictions on the sale of personal information of consumers under the age of 16 without explicit consent. The Attorney General’s Office scheduled six public forums across different counties in California and invites in-person attendance or written submissions of public comments through February 2019.

Continue reading “California Attorney General’s Office Gathers Public Opinions Regarding the Implementation of the California Consumer Privacy Act”

©2025 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy