The Canadian House of Commons introduced draft legislation that, if enacted, would align federal Canadian privacy law with the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). The draft legislation, titled the Consumer Privacy Protection Act (CPPA), proposes significant advancements to the current legal regime governing personal data.
Read more »Tag: personal information
-
Canada Introduces Legislation to Revamp Federal Privacy Landscape Posted on: February 16, 2021 In: Data Privacy & Cybersecurity
-
Don’t Forget the HIPAA Small Breach Notification Deadline of March 1, 2021. It’s Right Around the Corner! Posted on: February 10, 2021 In: Data Privacy & Cybersecurity
Despite all that made 2020 an unusual year, data security incidents did not slow down. For organizations that are covered by the Health Insurance Portability and Accountability Act (HIPAA), the deadline to report small incidents is fast approaching. Organizations that experienced a data security incident in 2020, which affected the protected health information (PHI) of less than 500 individuals, have until March 1, 2021 to submit their notification to the U.S. Dept. of Health & Human Services.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part V: New & Expanded Consumer Rights Posted on: February 08, 2021 In: Data Privacy & Cybersecurity
The newly-passed California Privacy Rights Act (CPRA) includes additional and expanded consumer rights not currently existing under the California Consumer Privacy Act (CCPA). This fifth installment in our series about the changes to the CCPA brought by the CPRA focuses on consumers’ new rights of correction and access to certain personal information and revisions to certain existing consumer rights in the CCPA, including rights to know (and access), deletion, non-discrimination, and rights for minors.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape, Part II: CPRA’s Covered “Businesses” & Exemptions Posted on: December 29, 2020 In: Data Privacy & Cybersecurity
California voters’ approval of the California Privacy Rights Act (CPRA), a privacy ballot initiative that amends and expands the California Consumer Privacy Act (CCPA), is a significant development in the U.S. privacy world. In this second installment of our Digital Insights series on the major changes effected by the CPRA, we discuss what qualifies as a regulated "business" under the Act, and what data exemptions exist.
Read more »
-
CCPA 2.0 and the Changing Privacy Landscape: CPRA’s Definition and Treatment of “Sensitive Personal Information” Posted on: December 23, 2020 In: Data Privacy & Cybersecurity
On November 3, 2020, Californians approved Proposition 24, a ballot measure creating the California Privacy Rights Act (CPRA), which amends and expands the provisions and requirements of the California Consumer Privacy Act (CCPA). In this Digital Insights series on the CPRA, we will highlight and detail some of the most substantive and important modifications the new law will impose on the CCPA, and what those changes mean to businesses subject to California’s ever-evolving privacy regime.
Read more »
-
California Voters Make CCPA 2.0 a Reality – California Privacy Rights Act Ballot Measure Passes Posted on: November 10, 2020 In: Data Privacy & Cybersecurity
On November 3, 2020, California voters approved Proposition 24, otherwise known as the California Privacy Rights Act (CPRA), a ballot measure that will expand the privacy protections for California residents under the existing California Consumer Privacy Act (CCPA). Effective January 1, 2023, the CPRA significantly amends the CCPA by expanding consumer rights, heightening privacy protections, and establishing an enforcement agency dedicated to protecting consumers through vigorous enforcement of the law.
Read more »
-
The Next Major Public Health Crisis Posted on: October 15, 2020 In: Data Privacy & Cybersecurity
In 2014, a business associate of a healthcare entity was notified by law enforcement that it had suffered a cyberattack to the company's information system. The hackers were able to access and exfiltrate the health information of more than 6 million people from numerous entities served by the business associate. In addition to a fine issued by OCR, a related covered entity was sued and a multimillion-dollar settlement was reached. OCR placed the covered entity under a very detailed corrective action plan.
Read more »
-
California Legislature Extends CCPA Exemptions for Employees’ Personal Information & “Business-to-Business” Exchanges to 2022 Posted on: September 24, 2020 In: Data Privacy & Cybersecurity
But for limited exemptions added to the California Consumer Privacy Act (CCPA) last year, personal information exchanged in the employment context, and personal information collected through “business-to-business” exchanges, would be subject to all requirements of the CCPA. Those exemptions were set to expire next year. However, the California legislature has recently voted, through Assembly Bill 1281, to extend the exemptions until January 1, 2022.
Read more »
-
Legislative Alert: Washington Expands Definition of Personal Information for Public Agencies Posted on: April 22, 2020 In: Data Privacy & Cybersecurity
On March 18, 2020, Washington State Governor Jay Inslee signed into law Senate Bill 6187, which amends the state’s security breach notification statute as applicable to state and local agencies by expanding the definition of “personal information” to include the last four digits of an individual’s Social Security number.
Read more »
-
Legislative Alert: D.C. Passes Security Breach Protection Amendment Act, Creating New Notice Requirements and Cybersecurity Safeguards Posted on: April 17, 2020 In: Data Privacy & Cybersecurity
On March 26, 2020, District of Columbia Mayor Muriel Bowser signed into law Act 23-268, known as the “Security Breach Protection Amendment Act of 2020.” The Act, which amends section 28 of Chapter 38 of the District of Columbia Code, broadens the existing definition of “personal information,” increases the breach notice contents requirements, provides attorney general notice requirements, and mandates cybersecurity safeguards.
Read more »
-
HIPAA Small Breach Notification Deadline is March 1, 2020 – The Clock’s Ticking to Submit to HHS/OCR! Posted on: February 27, 2020 In: Data Privacy & Cybersecurity
Organizations that experienced a data incident in 2019 affecting the protected health information (PHI) of less than 500 individuals have just a few more days to submit their notification to the U.S. Department of Health & Human Services’ Office for Civil Rights (HHS/OCR).
Read more »
-
Nevada Passes Privacy Law Posted on: January 09, 2020 In: Data Privacy & Cybersecurity
While much has been made of the California Consumer Privacy Act (CCPA), which took effect on January 1, 2020, new security laws in other states – like Nevada – have been almost entirely ignored.
Read more »