SHARE:  

AUGUST 2024

DATA ROUNDUP

By December 23, 2024, all entities regulated under the HIPAA Privacy Rule must comply with the latest amendments issued by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). These amendments provide enhanced protections for reproductive health information and offer guidance for handling abuse, neglect, and endangerment cases.



Exception: The updates to the Notice of Privacy Practices do not need to be implemented until February 16, 2026.


Read the Blog

On July 30, 2024, Texas Attorney General Ken Paxton reached a record $1.4 billion deal to settle claims against Meta (formerly known as Facebook) related to the tech giant’s unauthorized capture and use of Texans’ personal biometric data.



As the single largest settlement ever obtained from an action brought by an individual state, the landmark case marks a significant victory for Texas and sets a groundbreaking precedent for future privacy-related lawsuits. The settlement is also one of the largest penalties ever levied at Meta by lawmakers, second only to the $5 billion sum it paid to the FTC in 2019.


Read the Blog

On July 10, 2024, the Malaysian Parliament introduced and passed a bill to amend its Personal Data Protection law to bring Malaysian data protection laws into closer alignment with international standards, such as the European Union’s General Data Protection Regulation (GDPR) and the data protection frameworks of ASEAN countries like Indonesia, Singapore, the Philippines, Thailand, and Vietnam, ensuring enhanced privacy and security for personal data in line with global best practices.


The Dewan Negara (Senate) is currently in session. Some expect passage, and others expect the bill to be tabled. Nonetheless and as seen in other jurisdictions, we expect passage at some point with a version very similar to what the House of Representative passed. As such, we recommend business clients operating in Malaysia to proactively review their data protection compliance programs and processes. Given the heightened cybersecurity risks, companies should also prepare for data breach incidents with robust incident response protocols and mandatory personal data breach notifications.



Businesses must also be adequately prepared to meet other new substantive requirements, such as revised cross-border data transfer regulations and data portability mandates. Drawing on data protection strategies from other jurisdictions where such requirements are already in place can help manage compliance.


Read the Blog

Last week, the Senate passed the Kids Online Safety Act (KOSA) and the Children and Teens’ Online Privacy Protection Act (COPPA 2.0). Together, the legislation would create regulations that govern the online content offered to minors by tech and social media companies.



The Senate passed the legislative vehicle which included both KOSA and COPPA 2.0 with overwhelming support, in a vote of 91-3. Assuming similar support in the House this fall, the bill’s passage would mark the first time in 25 years that Congress has passed a law aimed at protecting children on the internet.


Read the Blog

We have been writing about the EU AI Act (the “Act”) for several months, and it is now here. On August 1, the EU AI Act went into effect. Now the countdown begins for the effective dates of various provisions of the Act.

Read the Blog

LEGISLATIVE & REGULATORY UPDATE

USA: Comparing new privacy laws in Florida, Texas, Oregon, and Montana

Data Guidance

"On July, 1 2024, state privacy legislation in Florida, Texas, and Oregon will enter into effect, joining those laws already in force including, California, Connecticut, Colorado, Virginia, and Utah."

Read Full Article

Senate's Data Privacy Bill Due for Committee Debate

government technology

"The Senate Commerce Committee will mark up the long-delayed legislation before Congress' recess in August, chair Maria Cantwell said. The markup of a House version was canceled last month, but it retains support, she said."

Read Full Article

ENFORCEMENT ACTIONS

Oracle reaches $115M consumer privacy settlement

Reuters

"Oracle agreed to pay $115 million to settle a lawsuit accusing the database software and cloud computing company of invading people's privacy by collecting their personal information and selling it to third parties."

Oracle (ORCL.N), opens new tab

Read Full Article

Nigeria fines Meta $220 million for violating consumer data laws

Politico

"Nigeria fined Meta Platforms $220 million, its competition watchdog said on Friday, after investigations showed data-sharing on social platforms violated local consumer protection and privacy laws."

Read Full Article

TikTok Fined in U.K. For Inaccurate Parental Controls Data

Forbes

"TikTok has been fined £1.875 million in the U.K. for providing inaccurate data to the official regulator on its parental safety controls."

Read Full Article

FCC Settles with TracFone Wireless for $16 Million Over Alleged Data Privacy and Cybersecurity Violations

WESTLAW TODAY

"The FCC has settled with TracFone Wireless, Inc. over allegations that it failed to protect Customer Proprietary Network Information (CPNI) and customer personal information from unauthorized access in violation of the Communications Act and CPNI Rules. The settlement includes novel provisions to strengthen application programming interface (API) security."

Read Full Article

BREACH REPORT

Average cost of healthcare data breach nearly $10M in 2024: report

HEALTHCARE DIVE

"Though expenses declined since last year, healthcare is still the costliest industry for data breaches - a spot the sector has held since 2011."

Read Full Article

Nearly all AT&T cell customers' call and text records exposed in a massive

CNN

"The call and text message records from mid-to-late 2022 of tens of millions of AT&T cellphone customers and many non-AT&T cellphone customers were exposed in a massive data breach, the telecom company revealed Friday."

Read Full Article

Perry Johnson Mortgage Company Announces Data Breach at IT Vendor

JD Supra

"On July 22, 2024, Perry Johnson Mortgage Company, Inc. filed a notice with the Attorney General of Montana after discovering that one of the company's IT vendors experiences a data breach, resulting in PJM customer data being compromised."

On July 22, 2024, Perry Johnson Mortgage Company, Inc. (“PJM”) filed a notice with the Attorney General of Montana after discovering that one of the company’s IT vendors experienced a data breach, resulting in PJM customer data being compromised.

Read Full Article

PODCAST PORTAL

In this episode of PrivacyCafé, Richard Sheinis and Jade Davis dive into the massive disruption caused by the recent CrowdStrike incident, where they explore the details of how a single antivirus update led to widespread outages affecting millions of Windows devices in critical sectors like healthcare and aviation and prompted opportunistic phishing attacks.

Throughout the episode, they discuss CrowdStrike’s response, potential legal repercussions, and the importance of preparedness in cybersecurity.


Listen Now

MEET OUR TEAM

Richard Sheinis


Rich is a Certified Information Privacy Professional (CIPP-US) and a Certified Information Privacy Technologist (CIPT) through the International Association of Privacy Professionals (IAPP). He works with companies to investigate and respond to HIPAA and other data breaches, advises on regulatory compliance including HIPAA, COPPA, PCI DSS, cross-border data transfer, the EU-US Privacy Shield, and other global privacy regulations.

Jade Davis


Jade provides strategic privacy and cyber-preparedness compliance advice, and defends, counsels, and represents companies on privacy, global data security compliance, data breaches, and investigations. She advises companies on best practices in privacy, cybersecurity, data, mobile, cloud storage, Ad Tech privacy, Internet of Things, and other areas of regulatory compliance.

Joseph Stepina


Joseph is an Attorney in our Little Rock office where he focuses his practice on general liability, premises liability, products liability and data privacy and cybersecurity matters.



Lea McBryde


Lea is an Attorney in our Charlotte office, where she focuses her practice on data privacy and cybersecurity matters.


Savannah Avera


Savannah is an Attorney in our Atlanta office, where she protects the rights of clients in health care and cyberspace.

Web      LinkedIn      Instagram      Facebook