The Final Countdown: Your CPRA Checklist

In a July post (available here), we discussed a new rush of state data privacy laws that will affect businesses nationwide. In that post, we discussed new laws coming online in California, Colorado, Connecticut, Utah, and Virginia. Of these, the law that is (or should be) on every business’s mind right now is the California Privacy Rights Act or “CPRA”. This law [...]

2022-11-30T16:48:10-05:00December 2nd, 2022|

Planning for 2023: New State Data Privacy Laws Coming Online

On May 10, 2022, Connecticut Governor Ned Lamont signed the Connecticut Data Privacy Act, making Connecticut the fifth state in the nation to pass a comprehensive data privacy law after California, Colorado, Utah, and Virginia. Together, these laws represent a monumental shift in the regulatory landscape for businesses and impose significant and meaningful legal obligations on companies nationwide – regardless of where the company is located. [...]

2022-07-21T14:59:08-04:00July 20th, 2022|

Colorado Privacy Act Becomes Third Comprehensive State Data Privacy Law

The Colorado Privacy Act (CPA) is a comprehensive consumer data privacy law passed in July 2021. The CPA taking effect on July 1, 2023, regulates the personal information of Colorado residents. Details of the Colorado Privacy Act are provided below. Who Is Regulated Under the Colorado Privacy Act? The Colorado Privacy Act regulates certain businesses that the law terms “controllers.” To qualify [...]

2022-05-06T17:03:31-04:00March 24th, 2022|

Utah Consumer Privacy Act Goes to Governor for Signature

The Utah Consumer Privacy Act (UCPA) is legislation unanimously passed in the Utah Legislature. The final version of this Utah privacy law now awaits the signature of Governor Spencer Cox. If, as expected, the Governor signs the legislation by March 24, 2022, Utah will become the fourth state in the nation with a comprehensive consumer privacy law. The details of the Utah Consumer Privacy Act are [...]

2022-05-06T17:03:32-04:00March 14th, 2022|

Virginia Consumer Data Protection Act Expected to Become Law

The Virginia House of Delegates and Senate have passed legislation known as the Virginia Consumer Data Protection Act (CDPA). The personal data act is expected to reach the desk of Virginia Governor Ralph Northam, who may sign the legislation by as early as the end of February of 2021. The CDPA is modeled on the California Consumer Privacy Act (CCPA), California’s expansive consumer data privacy protection law, and [...]

2021-03-08T11:16:07-05:00February 19th, 2021|

Blackbaud Breach Victim Files Lawsuit Under California Healthcare Law

The Blackbaud breach is infamous for the sheer amount of organizations the incident affected. Among hundreds of affected organizations were several in the healthcare industry, compromising the protected health information of more than 11 million patients across the country. One such victim has filed a lawsuit against Rady Children’s Hospital, one of the breached organizations, under California healthcare law. More details on the lawsuit are discussed. [...]

2022-05-06T14:44:09-04:00January 27th, 2021|

HIPAA Workers Compensation Disclosures

The HIPAA Privacy Rule dictates how a healthcare provider may share protected information, or PHI in the workers compensation context. PHI disclosures to the employer and the workers compensation board must be HIPAA compliant. HIPAA workers compensation requirements are discussed below. What is Workers Compensation? Many employers are required, under state law, to purchase and maintain a workers compensation insurance policy (or to self-insure). When [...]

2020-11-20T15:57:55-05:00April 16th, 2020|

New York Law Bans Sale of Patient Information

In October of 2019, New York Governor Andrew Cuomo signed legislation limiting the disclosure or sale of patient information by emergency responders. Specifically, under the New York law, emergency responders (ambulance and first response service providers) may not disclose or sell private patient information to third parties for marketing purposes. What is the Scope of the New York Law? Before passage of this New York law, emergency response providers [...]

2020-11-16T17:01:55-05:00April 14th, 2020|

The Amended Maryland Personal Information Protection Act (MPIPA)

The Maryland Personal Information Protection Act, known as MPIPA, was amended in April of 2019, by House Bill (HB) 1154. The amended law went into effect on October 1st of 2019. Prior to the amendments, the law required (1) businesses that owned and licensed computerized data that includes personal information of Maryland residents, as well as (2) businesses that maintained (but did not own or license) such data, [...]

2021-08-02T16:55:55-04:00February 25th, 2020|

The CCPA HIPAA Exemption

The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. This law increases privacy protections for California residents. However, larger organizations, with more than $25 million in gross annual revenue or organizations with information on 50,000 consumers, may be subject to a HIPAA exemption, meaning they may not be subject to the requirements of the CCPA. The CCPA HIPAA exemption is discussed [...]

2021-03-24T13:17:50-04:00February 19th, 2020|