Insights on Privacy Compliance

On January 22, Nebraska state Senator Mike Jacobson (R), at the request of Governor Jim Pillen (R), introduced the Agriculture Data Privacy Act (LB525). This is a first-of-its kind privacy bill that would specifically regulate agricultural-sector data.

In the final days of the Biden Administration, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a notice of proposed rulemaking (NPRM) to modify the Security Rule under the Health Insurance Portability and Accountability Act (HIPAA). The NPRM proposes sweeping changes that impact how health care providers, health plans, and health care clearinghouses (covered entities) and their business associates (collectively, regulated entities) implement, document, and maintain safeguards for electronic protected health information (ePHI). OCR is accepting public comments on the NPRM through March 7.

2025 is set to be another important year for US state privacy laws, with five new laws effective in January and three more coming into effect through October. New laws in Delaware, Iowa, Nebraska, and New Hampshire will go into effect on January 1, 2025, while New Jersey’s law will follow on January 15, 2025. Below, we detail these laws effective in January. Make sure to check back here in 2025 for more information on the laws effective in July and October.

On September 29, California Governor Gavin Newsom vetoed SB 1047, one of the most ambitious efforts yet to establish a comprehensive artificial intelligence (AI) regulatory framework in the United States.

As the federal government grapples with the complexities of comprehensive artificial intelligence (AI) regulation and competing agendas, several US states are taking matters into their own hands by computing their own solutions to the challenges posed by the rapid advancement of AI.

The National Institute of Mental Health reported that 16.32% of youth (aged 12-17) in the District of Columbia (DC) experience at least one major depressive episode (MDE).

Educational technology (EdTech) has long been used by educators as a way to support teaching and facilitate student learning using a wide range of digital tools, platforms, and resources designed to engage students and encourage innovation.

A split Illinois Supreme Court issued on Friday another long-awaited decision interpreting the Illinois Biometric Information Privacy Act (BIPA), holding that a separate BIPA violation occurs with each undisclosed and unconsented-to scan or transmission of an individual’s biometric identifier.

In recent months, there has been a surge of class actions brought under the Illinois Biometric Information Privacy Act (BIPA) against retailers using virtual “try-on” features on their websites.

The newest old privacy law being weaponized in consumer class actions is the Video Privacy Protection Act (VPPA), a Reagan- era law passed in the wake of Judge Robert Bork’s video rental history being leaked to the press.  

Headlines that Matter for Privacy and Data Security.

Illinois Biometric Information Privacy Act (BIPA) class action lawsuits were heavily litigated again in 2022, as plaintiffs continued to target companies using biometric technology and their vendors. At the same time, avoiding liability continued to be a challenge for businesses defending BIPA cases

Headlines that Matter for Privacy and Data Security.

Headlines that Matter for Privacy and Data Security.

Between consumer demand for more transparency and anticipated 2023 privacy laws, companies may be vulnerable to class action lawsuits.

Headlines that Matter for Privacy and Data Security.

Headlines that Matter for Privacy and Data Security.

The Federal Trade Commission (FTC) recently cracked down on Lithionics Battery, LLC, and Lions Not Sheep Products, LLC, for violating the FTC’s Made in USA Labeling Rule. These are some of the first enforcement actions after the FTC codified its longstanding informal Made in USA guidance.

Headlines that Matter for Privacy and Data Security.

As more states enact their own privacy laws, members of the privacy community and those impacted by privacy legislation continue to push for uniformity. The American Data Privacy and Protection Act (ADPPA) addresses this growing concern by drafting a uniform national data privacy framework.

The California Privacy Protection Agency (CPPA) published California Privacy Rights Act (CPRA) proposed regulations (Regulations) on May 27, 2022. The Regulations provide helpful insight into the CPPA’s vision for the CPRA and help to better prepare businesses.

Headlines that Matter for Privacy and Data Security

Over half a decade after the industry developed its own standards in light of a lack of meaningful guidance from regulators, the Department of Justice recently issued a guidance document on compliance with the Americans with Disabilities Act (ADA) for website accessibility.

Headlines that Matter for Privacy and Data Security.

As security risks continue to be at the forefront of legislators’ agendas across the country, New York has joined the growing roster of states pressing businesses to develop more robust breach procedures.