Category

Policy

10 October 2019

California Attorney General Releases Proposed CCPA Regulations

Earlier today, the California Attorney General ended months of anticipation by releasing the text of his proposed California Consumer Privacy Act (CCPA) regulations.  Comments on the proposed regulations are due by December 6, 2019, and the Attorney General’s office will hold public hearings on the regulations on December 2 (Sacramento), December 3 (Los Angeles), December 4 (San Francisco), and December 5 (Fresno).

(more…)

EmailShare
02 October 2019

Part 2 Proposed Rule Seeks to Reduce Barriers to Coordination of Care for Substance Use Disorders

In an effort to reduce barriers to coordination of care, the U.S. Department of Health and Human Services (“HHS”) is considering changes to Federal restrictions on the sharing of substance use disorder (“SUD”) records.  The proposed changes would modify 42 C.F.R. Part 2 (“Part 2”) regulations that place restrictive conditions on the disclosure of SUD patient records—limitations that go above and beyond Health Insurance Portability and Accountability Act (“HIPAA”) restrictions.

The barriers imposed by these rules—which have been in place since the 1970s—have become the focus of particular attention in light of the opioid crisis, as members of Congress and other stakeholders have raised concerns about how the Part 2 statute and implementing regulations may inhibit efforts to respond and coordinate care.  Members of Congress have called for reform, but have been unsuccessful at seeking legislative fixes thus far.

(more…)

EmailShare
24 September 2019

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

*Jan Yves Remy is a former Sidley Austin Associate and now serves as the Deputy Director at Shridath Ramphal Centre for International Trade Law, Policy and Services at the University of the West Indies in Barbados.  As with all posts, this article is for your informational purposes only; Sidley Austin does not have offices in or practice law in Barbados.

Today, more than 120 countries have privacy and data protection laws or regulations in place. Many of the new or modernized laws tend to be based on comprehensive legislation, rather than sectoral rules, as data needs to move across industry groups and borders. With its new data protection bill, Barbados is planning to join the ranks; this is a significant move, and it is one fueled at least in part by the entry into force of the European Union’s General Data Protection Regulation (“GDPR”) on May 25, 2018. The GDPR was designed to harmonize data protection laws across Europe and to protect EU residents’ data privacy rights; and, its coming triggered significant privacy and data protection compliance activities amongst organizations doing business in the EU and working with the personal data of EU residents.

(more…)

EmailShare
17 September 2019

Final California Consumer Privacy Act Amendments Bring Practical Changes (But Your Business May Now Be a California “Data Broker”)

After months of wrangling, the California legislature has finally passed a set of significant amendments to the California Consumer Privacy Act (CCPA), a sweeping data privacy and security law commonly referred to as “California’s GDPR” (Europe’s General Data Protection Regulation). Employee personal information and personal information obtained in business-to-business (B2B) interactions are now mostly out of scope. Personal information in credit reports and other data covered by the Fair Credit Reporting Act is also largely exempt. Only personal information that is “reasonably” capable of being associated with a consumer or household is subject to the act. And aggregate or deidentified information definitively does not qualify as CCPA personal information.

(more…)

EmailShare
12 September 2019

Where Does Privacy Go From Here: California, EU and Indian Data Privacy Laws and Global Compliance Programs

This article first appeared on Thomson Reuters Regulatory Intelligence.

The summer of 2018 may be regarded as a pivotal time in the history of data privacy laws. The European Union’s General Data Protection Regulation (GDPR) came into effect in May 2018, the California Consumer Privacy Act (CCPA) was signed into law in June 2018 (and comes into effect on January 1, 2020), and a draft of India’s Personal Data Protection Bill (India DP Bill) was released in July 2018 (and is now under review by India’s government).

These developments, and more generally, the recent proliferation of data privacy laws around the world (notably, in Australia, China, Brazil, Hong Kong, and Singapore) represent a compliance challenge for many multinational organizations.

Read More

EmailShare
03 September 2019

Carpenter and Everything After: The Supreme Court Nudges the Fourth Amendment into the Information Age

*This article was first published by the American Bar Association Infrastructure and Regulated Industries in Summer 2019.

Every year, as the calendar turns to June, the legal community looks to the Supreme Court. Eager to get to the Term’s end, the Justices rush to complete all of the outstanding opinions. Since the most difficult and important cases usually take the longest to work out, they are typically the stragglers. June is thus the time when the “blockbuster” opinions are issued—the cases that law professors analyze in their tenure pieces and that law school students study, quite possibly for years to come.

(more…)

EmailShare
09 August 2019

UK ICO Issues New Draft Data Sharing Code of Practice

The UK’s Information Commissioner’s Office (“ICO”) has recently issued a draft version of its statutory code of practice for sharing of personal data between controllers under the GDPR and the UK Data Protection Act 2018 (“DPA”) (the “Draft Code”) which provides a number of practical recommendations which controllers should take into account when sharing personal data.

(more…)

EmailShare
05 August 2019

New York Enacts Stricter Data Cybersecurity Laws

The flurry of state legislative activity in the wake of the enactment of the California Consumer Protection Act (CCPA) continues with the New York legislature recently passing two bills to increase accountability for the processing of personal information.  On July 25, 2019, Governor Cuomo signed the two bills into law, one which amended the state’s data breach notification law, and another that created additional obligations for data breaches at credit reporting agencies.  Together, the new laws require the implementation of reasonable data security safeguards, expand breach reporting obligations for certain types of information, and require that a “consumer credit reporting agency” that suffers a data breach provide five years of identity theft prevention services for impacted residents.  Meanwhile, the more comprehensive New York Privacy Act, which many viewed as even more expansive than the CCPA, failed to gather the necessary support in the most recent legislative session.

(more…)

EmailShare
24 July 2019

European Commission Publishes Ethics Guidelines for Trustworthy Artificial Intelligence

The High-Level Expert Group on Artificial Intelligence (“AI HLEG”), an independent expert group set up by the European Commission in June 2018 as part of its AI strategy, has published its final Ethics Guidelines for Trustworthy Artificial Intelligence (“AI”) (the “Guidelines”).

These Guidelines form part of a wider focus by the Commission on AI, with President-elect of the European Commission, Ursula von der Leyen commenting most recently on July 16, in her proposed political guidelines, that: “In my first 100 days in office, I will put forward legislation for a coordinated European approach on the human and ethical implications of Artificial Intelligence…”.

(more…)

EmailShare
XSLT Plugin by BMI Calculator