SHARE:  

MAY 2024

DATA ROUNDUP

On April 24, 2024, President Biden signed H.R. 815 into law, which included the “Foreign Adversary Controlled Applications Act” (FACAA) as Division H and “Protecting Americans’ Data from Foreign Adversaries Act of 2024” (PADFAA) as Division I, foreign aid for Ukraine, Israel and Indo-Pacific security, humanitarian aid in Gaza, and other national security and related matters.

Read the Blog

In 2009, the FTC passed the Health Breach Notification Rule (HBNR). You may not have been aware of the HBNR because it has rarely been used to penalize companies for breaches; however, in the last month, the FTC finalized updates to the HBNR which bring it front and center for health-related websites and mobile applications.

Read the Blog

On March 22, 2024, the Cyberspace Administration of China (CAC) published its new “Regulations on Cross-Border Data Flows.” The regulations aim to ease the often-heavy compliance burden faced by companies with operations in China.

Read the Blog

LEGISLATIVE & REGULATORY UPDATE

Nebraska Becomes Latest State to Join U.S. Privacy Landscape

Onetrust


On April 17, 2024, the Nebraska Data Privacy Act (NDPA) was signed into law by Governor Jim Pillin, making it the latest state to join the US privacy landscape this year - and the 17th overall. The NDPA bears similarities with many of the laws passed in 2024 including provisions for risk assessments and a range of consumer rights.


As with many state privacy laws, the NDPA will be enforced by the Attorney General and is set to enter into effect on January 1, 2025.

Read Full Article

Colorado Enacts Groundbreaking Brain Data Privacy Law

Live Now Fox


In a landmark move, Colorado has become the first state in the nation to extend privacy protections to neural data, reflecting the increasing interface between technology and human biology. 


Governor Jared Polis signed the bill into law on April 17, marking a significant step in regulating the burgeoning field of neurotechnology.

Read Full Article

ENFORCEMENT ACTIONS

FCC Fines Wireless Carriers About $200 Million for Sharing Customer Data

Federal Communications Commission



"The Federal Communications Commission fined the nation’s largest wireless carriers for illegally sharing access to customers’ location information

without consent and without taking reasonable measures to protect that information against unauthorized disclosure."

Read Full Article

FTC Finalizes Order with InMarket Prohibiting It from Selling or Sharing Precise Location Data

Federal Trade Commission



"The Federal Trade Commission finalized a settlement with digital marketing and data aggregator InMarket Media over allegations the company unlawfully collected and used consumers’ location data for advertising and marketing."

Read Full Article

BREACH REPORT

Kaiser Permanente Reports Data Breach Impacting 13.4M Health Plan Members

Fierce Healthcare


Kaiser Permanente has begun notifying millions of its health plan members that the company was hit with a data breach in mid-April, according to a filing with the feds.


The Kaiser Foundation Health Plan said about 13.4 million people were affected and submitted the required documentation to the Department of Health and Human Services on April 12. That notice was posted publicly on Thursday.

Read Full Article

American Renal Associates Notified Federal Regulators of Recent Data Breach

JD Supra


On April 29, 2024, American Renal Associates d/b/a Innovative Renal Care, filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that an unauthorized party was able to access confidential information that had been provided to the company.


In this notice, American Renal Associates explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information.

Read Full Article

PODCAST PORTAL

PrivacyCafé: Navigating AI in Health Care with Rachel Stuve, Elevance Health

Our most recent HBS Legal Trends podcast features Charlotte Partner Richard Sheinis and Tampa Of Counsel Jade Davis. Together, they discuss the legal implications of using artificial intelligence (AI) in your organization, including how AI can be used, the implementation of AI, developing internal AI policies and procedures, best practices, and much more.


You can listen to the full podcast below and learn more about the interview on the Business RadioX® website.

Listen Now

MEET OUR TEAM

Richard Sheinis


Rich is a Certified Information Privacy Professional (CIPP-US) and a Certified Information Privacy Technologist (CIPT) through the International Association of Privacy Professionals (IAPP). He works with companies to investigate and respond to HIPAA and other data breaches, advises on regulatory compliance including HIPAA, COPPA, PCI DSS, cross-border data transfer, the EU-US Privacy Shield, and other global privacy regulations.

Jade Davis


Jade provides strategic privacy and cyber-preparedness compliance advice, and defends, counsels, and represents companies on privacy, global data security compliance, data breaches, and investigations. She advises companies on best practices in privacy, cybersecurity, data, mobile, cloud storage, Ad Tech privacy, Internet of Things, and other areas of regulatory compliance.

Lea McBryde


Lea is an associate in our Charlotte office, where she focuses her practice on data privacy and cybersecurity matters.

Joseph Stepina


Joseph is an associate in our Little Rock office where he focuses his practice on general liability, premises liability, products liability and data privacy and cybersecurity matters.



Savannah Avera


Savannah is an associate in our Atlanta office, where she protects the rights of clients in health care and cyberspace.

Web      LinkedIn      Instagram      Facebook