Time 1 Minute Read

In January 2025, comprehensive data privacy laws go into effect in Delaware, Iowa, Nebraska, New Hampshire and New Jersey.

Time 2 Minute Read

Texas Attorney General Ken Paxton recently launched investigations into Character.AI and 14 other technology companies on allegations of failure to comply with the safety and privacy requirements of the Securing Children Online through Parental Empowerment Act and the Texas Data Privacy and Security Act.

Time 1 Minute Read

On December 12, 2024, the French Data Protection Authority announced that it had issued notices to several organizations ordering them to modify the cookie banners on their websites to bring them into compliance.

Time 2 Minute Read

On December 17, 2024, the Irish Data Protection Commission announced that it concluded two inquiries initiated following a personal data breach reported in 2018 affecting Meta Platforms Ireland Limited.

Time 4 Minute Read

The Colorado Attorney General announced the adoption of the draft amendments on December 5, 2024, and the adopted rules were filed with the Secretary of State and the Office of Legislative Legal Services on December 17, 2024. The amendments underwent minor clarifying changes prior to the Department of Law hearing, and in response to comments and testimony received during the public comment period.

Time 5 Minute Read

In December 2024, the Centre for Information Policy Leadership at Hunton Andrews Kurth published a discussion paper titled, “Applying Data Protection Principles to Generative AI: Practical Approaches for Organizations and Regulators.”

Time 2 Minute Read

On December 3, 2024, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced it imposed a $1.19 million civil monetary penalty on Gulf Coast Pain Consultants, LLC d/b/a Clearway Pain Solutions Institute (“Gulf Coast Pain Consultants”) for various HIPAA Security Rule violations, including a failure to terminate former workforce members’ access to systems containing electronic protected health information (“ePHI”).

Time 2 Minute Read

On December 5, 2024, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced a penalty of $548,265 against Children’s Hospital Colorado (“CHC”) in connection with a series of alleged data breaches that occurred in 2017 and 2020. In September 2017, CHC reported to OCR a phishing attack that compromised an employee’s email account. OCR’s investigation revealed that the breach occurred because multi-factor authentication was disabled on the employee’s email account. According to OCR, the second breach in April 2020 occurred in part because two workforce members provided unknown third parties with access to their email accounts by accepting a multi-factor authentication access request that neither individual had initiated. OCR also determined that CHC violated the HIPAA Privacy Rule’s requirement to train workforce members on the HIPAA Privacy Rule and the HIPAA Security Rule’s requirements regarding conducting risk analyses to determine the risks and vulnerabilities to ePHI in an organization’s systems.

Time 1 Minute Read

The telehealth and prescription drug discount provider, GoodRx, recently agreed to pay $25 million to settle class action claims originating from the company’s unauthorized disclosure of consumers’ personal health information, according to recent filings with the U.S. District Court for the Northern District of California.

Time 3 Minute Read

On December 6, 2024, the U.S. Court of Appeals for the D.C. Circuit upheld the Protecting Americans from Foreign Adversary Controlled Applications Act, which is set to take effect on January 19, 2025, and make the distribution of TikTok illegal in the U.S. if parent company ByteDance has not divested. The D.C. Circuit is now considering a request for emergency injunction pending Supreme Court review. 

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page