• California Enacts First U.S. Law Requiring IoT CybersecurityFebruary 12, 2019

    “Smart” devices have become common, if not pervasive, experiences of daily life.  Parents may monitor a baby’s heart rate and oxygen levels through sensor enabled baby socks.  Businesses may equip fleet drivers with smart hats that measure alertness to monitor for accident-causing driver fatigue.  Yogis can utilize yoga clothing with integrated sensors that provides vibrating position correcting feedback to enhance their practice and experience completely virtual guided yoga.  Beachgoers can monitor UV exposure through integrated monitoring sensors in their swimsuits.  These types of devices comprise... more

  • Washington State Potentially Joins California with Broad Privacy LegislationFebruary 05, 2019

    If nature abhors a vacuum, then apparently so too does legislation. Between the EU General Data Protection Regulation and the still-evolving California Consumer Privacy Act (CCPA), there has been much discussion amongst us privacy wonks as to whether this is the time for a comprehensive federal privacy law to succeed. Whether this is the future, state legislatures are not standing by waiting patiently for Congress to act. On January 17th, Washington State legislators introduced Senate Bill 5376 (with a companion bill introduced concurrently in the... more

  • When Biometric Laws BiteJanuary 29, 2019

    Amongst the flurry of activity in the privacy space recently, there have been two particular trends that businesses need to monitor. The first is the state by state expansion of what constitutes personal information. A decade ago, most state laws emphasized an individual’s name in conjunction with a Social Security Number, a driver’s license, or some kind of financial account details. Now, at least with respect to breach reporting, state laws encompass insurance details, genetic information, biometrics, and potentially email addresses. This expansion of what... more

  • Massachusetts Expands Its Breach Notification Requirements: Are You Ready?January 22, 2019

    As of April 11, 2019, Massachusetts data breach victims will be entitled to enhanced rights and protections under An Act Relative To Consumer Protection From Security Breaches. Any company that deals with the personal information of Massachusetts residents should be mindful of these regulatory changes and update its data security policies and practices—importantly, including its required Written Information Security Program—to reflect these changes in advance of the April 11, 2019 effective date. Highlights of the regulatory change include: Effective April 11, 2019 Data Breach Regulations... more

  • HHS Releases Voluntary Cybersecurity Practices, Supplementing Existing RequirementsJanuary 15, 2019

    At the close of 2018, the Department of Health and Human Services (HHS) published Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients. While not formally styled as guidance or interpretive material, when the primary regulator of patient and health data protection offers “suggestions,” those subject to HIPAA had better pay attention. Beyond highlighting common threats to the protection of patient data, the HICP encompasses two supplemental technical volumes centering on small organizations and medium and large organizations. Background Healthcare and life sciences organizations (particularly... more

Email Confirmation

Thank you for your interest in Burns & Levinson LLP. Please be aware that unsolicited e-mails and information sent to Burns & Levinson though our web site will not be considered confidential, may not receive a response, and do not create an attorney-client relationship with Burns & Levinson. If you are not already a client of Burns & Levinson, do not include anything confidential or secret in this e-mail. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not authorized to do so.

By clicking "OK" you acknowledge that, unless you are a current client, Burns & Levinson does not have any obligation to maintain the confidentiality of any information you send us.