- California Enacts First U.S. Law Requiring IoT CybersecurityFebruary 12, 2019
“Smart” devices have become common, if not pervasive, experiences of daily life. Parents may monitor a baby’s heart rate and oxygen levels through sensor enabled baby socks. Businesses may equip fleet drivers with smart hats that measure alertness to monitor for accident-causing driver fatigue. Yogis can utilize yoga clothing with integrated sensors that provides vibrating position correcting feedback to enhance their practice and experience completely virtual guided yoga. Beachgoers can monitor UV exposure through integrated monitoring sensors in their swimsuits. These types of devices comprise... more
- Washington State Potentially Joins California with Broad Privacy LegislationFebruary 05, 2019
If nature abhors a vacuum, then apparently so too does legislation. Between the EU General Data Protection Regulation and the still-evolving California Consumer Privacy Act (CCPA), there has been much discussion amongst us privacy wonks as to whether this is the time for a comprehensive federal privacy law to succeed. Whether this is the future, state legislatures are not standing by waiting patiently for Congress to act. On January 17th, Washington State legislators introduced Senate Bill 5376 (with a companion bill introduced concurrently in the... more
- When Biometric Laws BiteJanuary 29, 2019
Amongst the flurry of activity in the privacy space recently, there have been two particular trends that businesses need to monitor. The first is the state by state expansion of what constitutes personal information. A decade ago, most state laws emphasized an individual’s name in conjunction with a Social Security Number, a driver’s license, or some kind of financial account details. Now, at least with respect to breach reporting, state laws encompass insurance details, genetic information, biometrics, and potentially email addresses. This expansion of what... more
- Massachusetts Expands Its Breach Notification Requirements: Are You Ready?January 22, 2019
As of April 11, 2019, Massachusetts data breach victims will be entitled to enhanced rights and protections under An Act Relative To Consumer Protection From Security Breaches. Any company that deals with the personal information of Massachusetts residents should be mindful of these regulatory changes and update its data security policies and practices—importantly, including its required Written Information Security Program—to reflect these changes in advance of the April 11, 2019 effective date. Highlights of the regulatory change include: Effective April 11, 2019 Data Breach Regulations... more
- HHS Releases Voluntary Cybersecurity Practices, Supplementing Existing RequirementsJanuary 15, 2019
At the close of 2018, the Department of Health and Human Services (HHS) published Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients. While not formally styled as guidance or interpretive material, when the primary regulator of patient and health data protection offers “suggestions,” those subject to HIPAA had better pay attention. Beyond highlighting common threats to the protection of patient data, the HICP encompasses two supplemental technical volumes centering on small organizations and medium and large organizations. Background Healthcare and life sciences organizations (particularly... more
TIPS
“Smart” devices have become common, if not pervasive, experiences of daily life. Parents may monitor a baby’s heart rate and oxygen levels through sensor enabled baby socks. Businesses may equip fleet drivers with smart hats that measure alertness to monitor for accident-causing driver fatigue. Yogis can utilize yoga clothing with integrated sensors that provides vibrating position correcting feedback to enhance their practice and experience completely virtual guided yoga. Beachgoers can monitor UV exposure through integrated monitoring sensors in their swimsuits. These types of devices comprise... more
If nature abhors a vacuum, then apparently so too does legislation. Between the EU General Data Protection Regulation and the still-evolving California Consumer Privacy Act (CCPA), there has been much discussion amongst us privacy wonks as to whether this is the time for a comprehensive federal privacy law to succeed. Whether this is the future, state legislatures are not standing by waiting patiently for Congress to act. On January 17th, Washington State legislators introduced Senate Bill 5376 (with a companion bill introduced concurrently in the... more
Amongst the flurry of activity in the privacy space recently, there have been two particular trends that businesses need to monitor. The first is the state by state expansion of what constitutes personal information. A decade ago, most state laws emphasized an individual’s name in conjunction with a Social Security Number, a driver’s license, or some kind of financial account details. Now, at least with respect to breach reporting, state laws encompass insurance details, genetic information, biometrics, and potentially email addresses. This expansion of what... more
As of April 11, 2019, Massachusetts data breach victims will be entitled to enhanced rights and protections under An Act Relative To Consumer Protection From Security Breaches. Any company that deals with the personal information of Massachusetts residents should be mindful of these regulatory changes and update its data security policies and practices—importantly, including its required Written Information Security Program—to reflect these changes in advance of the April 11, 2019 effective date. Highlights of the regulatory change include: Effective April 11, 2019 Data Breach Regulations... more
At the close of 2018, the Department of Health and Human Services (HHS) published Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients. While not formally styled as guidance or interpretive material, when the primary regulator of patient and health data protection offers “suggestions,” those subject to HIPAA had better pay attention. Beyond highlighting common threats to the protection of patient data, the HICP encompasses two supplemental technical volumes centering on small organizations and medium and large organizations. Background Healthcare and life sciences organizations (particularly... more