HHS Announces Exercise of Enforcement Discretion for Entities Engaged in COVID-19 Relief Efforts

Since COVID-19 was declared a pandemic, the U.S. Department of Health and Human Services (“HHS”) and its Office for Civil Rights (“OCR”) have taken a variety of steps to relax HIPAA restrictions particularly pertinent to the COVID-19 response.

First, as covered in an earlier posting, HHS took action to waive penalties and assure companies that it would exercise enforcement discretion with respect to the Privacy Rule’s application to telehealth services and certain limited communication activities related to COVID-19 treatment efforts.

Read More

EmailShare

Stay At Home Orders May Have Killed California’s Ballot Initiative to Expand CCPA [**Update – But Californians for Consumer Privacy Say Maybe Not**]

UPDATE:  Soon after we published the post below, we learned that the sponsors of the California Privacy Rights Act (CPRA) – i.e., the ballot initiative that aimed to amend and significantly expand the California Consumer Privacy Act (CCPA) – intend to push forward with their attempt to get it on the ballot this year.  On May 4th, the initiative’s sponsors, the Californians for Consumer Privacy, announced on Twitter they were submitting to counties across the state.  Whether county election officials can verify the signatures in time to qualify for the November 2020 ballot remains to be seen.  While conventional wisdom is that the recommended April deadline is an important one to make, the approval process may be different this year due to the COVID-19 pandemic and how it might affect the availability of resources to approve initiatives.  We will continue to monitor this situation and provide updates on Data Matters as appropriate.    

The California Privacy Rights Act (CPRA), the ballot initiative that aimed to amend and significantly expand the California Consumer Privacy Act (CCPA), including by creating the California’s very own data protection authority, the nation’s first, appears to be dead–at least for this ballot season.

Read More

EmailShare

Clinical Trials in the EU: Ongoing Uncertainty Around Data Protection Compliance for Sponsors

Ongoing confusion about lawful basis for data processing in a clinical study environment: European Data Protection Board and European Commission on the one hand and certain Member States on the other differ on the correct approach. Swiss sponsors operating clinical studies in the EU face ongoing uncertainty around the appropriate lawful basis for processing study subject personal data in spite of guidance being published by the European Commission and the European Data Protection Board.

Read More

EmailShare

COVID-19: Walking the Line Between Worker Safety and Privacy

The COVID-19 pandemic poses unprecedented challenges for employers. Businesses must walk the line between keeping workers safe and respecting their privacy. How do employers ensure a safe and healthy workplace? And how do they manage layoffs, furloughs and benefits in this rapidly deteriorating economic environment? Our latest episode of The Sidley Podcast grapples with those questions and many others. Join host and Sidley partner Sam Gandhi as he speaks with two of Sidley’s thought leaders on the critical issues that employers face—Wendy Lazerson, co-chair of Sidley’s Labor and Employment practice, and Kate Heinzelman, who advises clients on privacy and cybersecurity issues.

Read More

EmailShare

U.S. Warns of Threat to Financial Industry Posed by North Korean Cyberattacks

The U.S. Departments of State, the Treasury and Homeland Security and the Federal Bureau of Investigation issued a joint advisory (the Advisory) on April 15, 2020, discussing the threat to the international community posed by cyberattacks linked to the Democratic People’s Republic of Korea (North Korea), in particular highlighting concerns for the financial services sector. North Korea has been subjected to comprehensive international sanctions implemented to pressure its government to denuclearize. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has implemented additional unilateral sanctions in response to other North Korean activities, including cyberattacks, human rights violations and money laundering. In addition to broad prohibitions on trade with North Korea, U.S. sanctions bar domestic financial institutions from conducting or facilitating any significant transaction in connection with trade with North Korea or on behalf of any person whose property has been blocked under executive orders imposing sanctions on North Korea. Foreign financial institutions risk secondary sanctions for engaging in the same.

Read More

EmailShare

UK Supreme Court Rules Morrisons Not Vicariously Liable for Malicious Data Breach by Employee

Case: WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12

In a decision that employers will welcome, the UK Supreme Court recently ruled that Morrison Supermarkets (Morrisons) was not vicariously liable for a data breach committed maliciously by a former employee who, acting to satisfy a personal vendetta against Morrisons, disclosed employee payroll data online.

Read More

EmailShare

CCPA Marches On: California Attorney General Proposes Further Revisions to CCPA Regulations, Industry Pleads for Enforcement Delay Amid COVID-19 Crisis

While the world seems to have ground to a halt in so many ways, time still marches on, and along with it, the California Consumer Privacy Act (“CCPA”) enforcement date (July 1, 2020) inches ever closer.   On March 11, 2020, the California Attorney General (“AG”) released the third turn of proposed California Consumer Privacy Act (“CCPA”) regulations.  The AG’s revisions make only moderate changes to the last round of regulations issued in February 2020.  Businesses will not need to dramatically change compliance plans as the proposed revised regulations seek to refine requirements in prior drafts rather than introduce any wholesale changes to the regulatory framework. 

Read More

EmailShare
EmailShare
XSLT Plugin by BMI Calculator