By December 23, 2024, all entities regulated under the HIPAA Privacy Rule must comply with the latest amendments issued by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). These amendments provide enhanced protections for reproductive health information and offer guidance for handling abuse, neglect, and endangerment cases.
Exception: The updates to the Notice of Privacy Practices do not need to be implemented until February 16, 2026.
|
|
On July 30, 2024, Texas Attorney General Ken Paxton reached a record $1.4 billion deal to settle claims against Meta (formerly known as Facebook) related to the tech giant’s unauthorized capture and use of Texans’ personal biometric data.
As the single largest settlement ever obtained from an action brought by an individual state, the landmark case marks a significant victory for Texas and sets a groundbreaking precedent for future privacy-related lawsuits. The settlement is also one of the largest penalties ever levied at Meta by lawmakers, second only to the $5 billion sum it paid to the FTC in 2019.
| |
|
On July 10, 2024, the Malaysian Parliament introduced and passed a bill to amend its Personal Data Protection law to bring Malaysian data protection laws into closer alignment with international standards, such as the European Union’s General Data Protection Regulation (GDPR) and the data protection frameworks of ASEAN countries like Indonesia, Singapore, the Philippines, Thailand, and Vietnam, ensuring enhanced privacy and security for personal data in line with global best practices.
The Dewan Negara (Senate) is currently in session. Some expect passage, and others expect the bill to be tabled. Nonetheless and as seen in other jurisdictions, we expect passage at some point with a version very similar to what the House of Representative passed. As such, we recommend business clients operating in Malaysia to proactively review their data protection compliance programs and processes. Given the heightened cybersecurity risks, companies should also prepare for data breach incidents with robust incident response protocols and mandatory personal data breach notifications.
Businesses must also be adequately prepared to meet other new substantive requirements, such as revised cross-border data transfer regulations and data portability mandates. Drawing on data protection strategies from other jurisdictions where such requirements are already in place can help manage compliance.
| |
Last week, the Senate passed the Kids Online Safety Act (KOSA) and the Children and Teens’ Online Privacy Protection Act (COPPA 2.0). Together, the legislation would create regulations that govern the online content offered to minors by tech and social media companies.
The Senate passed the legislative vehicle which included both KOSA and COPPA 2.0 with overwhelming support, in a vote of 91-3. Assuming similar support in the House this fall, the bill’s passage would mark the first time in 25 years that Congress has passed a law aimed at protecting children on the internet.
| |
We have been writing about the EU AI Act (the “Act”) for several months, and it is now here. On August 1, the EU AI Act went into effect. Now the countdown begins for the effective dates of various provisions of the Act. | |
LEGISLATIVE & REGULATORY UPDATE | | |
|
USA: Comparing new privacy laws in Florida, Texas, Oregon, and Montana
Data Guidance
"On July, 1 2024, state privacy legislation in Florida, Texas, and Oregon will enter into effect, joining those laws already in force including, California, Connecticut, Colorado, Virginia, and Utah."
| | |
|
Senate's Data Privacy Bill Due for Committee Debate
government technology
"The Senate Commerce Committee will mark up the long-delayed legislation before Congress' recess in August, chair Maria Cantwell said. The markup of a House version was canceled last month, but it retains support, she said."
| | |
Oracle reaches $115M consumer privacy settlement
Reuters
"Oracle agreed to pay $115 million to settle a lawsuit accusing the database software and cloud computing company of invading people's privacy by collecting their personal information and selling it to third parties."
Oracle (ORCL.N), opens new tab
| |
| |
Nigeria fines Meta $220 million for violating consumer data laws
Politico
"Nigeria fined Meta Platforms $220 million, its competition watchdog said on Friday, after investigations showed data-sharing on social platforms violated local consumer protection and privacy laws."
| |
| |
TikTok Fined in U.K. For Inaccurate Parental Controls Data
Forbes
"TikTok has been fined £1.875 million in the U.K. for providing inaccurate data to the official regulator on its parental safety controls."
| |
| |
FCC Settles with TracFone Wireless for $16 Million Over Alleged Data Privacy and Cybersecurity Violations
WESTLAW TODAY
"The FCC has settled with TracFone Wireless, Inc. over allegations that it failed to protect Customer Proprietary Network Information (CPNI) and customer personal information from unauthorized access in violation of the Communications Act and CPNI Rules. The settlement includes novel provisions to strengthen application programming interface (API) security."
| |
| |
|
Average cost of healthcare data breach nearly $10M in 2024: report
HEALTHCARE DIVE
"Though expenses declined since last year, healthcare is still the costliest industry for data breaches - a spot the sector has held since 2011."
| | |
|
Nearly all AT&T cell customers' call and text records exposed in a massive
CNN
"The call and text message records from mid-to-late 2022 of tens of millions of AT&T cellphone customers and many non-AT&T cellphone customers were exposed in a massive data breach, the telecom company revealed Friday."
| | |
|
Perry Johnson Mortgage Company Announces Data Breach at IT Vendor
JD Supra
"On July 22, 2024, Perry Johnson Mortgage Company, Inc. filed a notice with the Attorney General of Montana after discovering that one of the company's IT vendors experiences a data breach, resulting in PJM customer data being compromised."
On July 22, 2024, Perry Johnson Mortgage Company, Inc. (“PJM”) filed a notice with the Attorney General of Montana after discovering that one of the company’s IT vendors experienced a data breach, resulting in PJM customer data being compromised.
| | |
In this episode of PrivacyCafé, Richard Sheinis and Jade Davis dive into the massive disruption caused by the recent CrowdStrike incident, where they explore the details of how a single antivirus update led to widespread outages affecting millions of Windows devices in critical sectors like healthcare and aviation and prompted opportunistic phishing attacks.
Throughout the episode, they discuss CrowdStrike’s response, potential legal repercussions, and the importance of preparedness in cybersecurity.
|
| |
Richard Sheinis
Rich is a Certified Information Privacy Professional (CIPP-US) and a Certified Information Privacy Technologist (CIPT) through the International Association of Privacy Professionals (IAPP). He works with companies to investigate and respond to HIPAA and other data breaches, advises on regulatory compliance including HIPAA, COPPA, PCI DSS, cross-border data transfer, the EU-US Privacy Shield, and other global privacy regulations.
| | |
Jade Davis
Jade provides strategic privacy and cyber-preparedness compliance advice, and defends, counsels, and represents companies on privacy, global data security compliance, data breaches, and investigations. She advises companies on best practices in privacy, cybersecurity, data, mobile, cloud storage, Ad Tech privacy, Internet of Things, and other areas of regulatory compliance.
| | |
Joseph Stepina
Joseph is an Attorney in our Little Rock office where he focuses his practice on general liability, premises liability, products liability and data privacy and cybersecurity matters.
|
Lea McBryde
Lea is an Attorney in our Charlotte office, where she focuses her practice on data privacy and cybersecurity matters.
| | |
Savannah Avera
Savannah is an Attorney in our Atlanta office, where she protects the rights of clients in health care and cyberspace.
| | | | | |