Senator Bill Cassidy (R-LA), the Ranking Member of the U.S. Senate Health, Education, Labor, and Pensions (“HELP”) Committee, published on February 21, 2024, a white paper with various proposals to update privacy protections for health data. In Part 1 of this blog series (see here), we discussed the first section of Senator Cassidy’s February
Inside Privacy
Updates on developments in data privacy and cybersecurity
Latest from Inside Privacy - Page 2
FTC Returns to Bipartisan Commission with Confirmation of Two New Republican Commissioners
On Thursday, March 7, 2024, the U.S. Senate confirmed two nominees for the open seats on the Federal Trade Commission: Andrew N. Ferguson, former solicitor general of the Commonwealth of Virginia; and Melissa Holyoak, former solicitor general with the Utah Attorney General’s Office. With this confirmation of two new Republican Commissioners, the FTC is one…
UK ICO Launches a Consultation on “Consent or Pay” Business Models
On 6 March 2024, the ICO issued a call for views on so-called “Consent or pay” models, where a user of a service has the option to consent to processing of their data for one or more purposes (typically targeted advertising), or pay a (higher) fee to access the service without their data being processed…
European Court Clarifies Concept of Personal Data
On March 7, 2024, the European Court of Justice (“CJEU”) rendered its judgment in an appeal against a decision of the EU General Court (C-479/22P). In the original decision, the General Court decided that the information contained in a press release by OLAF (a European anti-fraud organization) regarding fraud committed by an unnamed…
CJEU Decides the IAB Europe Case, Expanding the Concept of Controllership
On March 7, 2024, the CJEU rendered its judgement in the IAB Europe case (C-604/22). The case relates to role of IAB Europe, a sector organization, in its Transparency and Consent Framework (“TCF”) used by companies to record the GDPR consent granted (or not granted) by a user and to document compliance with…
Senator Cassidy Issues White Paper with Proposals to Update Health Data Privacy Framework – Part 1: Updates to the HIPAA Framework
On February 21, 2024, Senator Bill Cassidy (R-LA), the Ranking Member of the U.S. Senate Health, Education, Labor, and Pensions (“HELP”) Committee, issued a white paper, “Strengthening Health Data Privacy for Americans: Addressing the Challenges of the Modern Era”, which proposes several updates to the privacy protections for health data. This follows Senator Cassidy’s…
Nebraska Enacts Direct-to-Consumer Genetic Privacy Law as Several Other States Propose Similar Bills at the Start of 2024
On February 14, 2024, Nebraska enacted a genetic privacy law (LB 308) regulating direct-to-consumer (“DTC”) genetic testing companies. The law is one of a flurry of bills regarding DTC genetic testing that have been introduced in several states since the beginning of 2024, following the enactment of several DTC genetic testing laws in…
NIST Publishes the Cybersecurity Framework 2.0
On February 26, 2024, the U.S. National Institute of Standards and Technology (“NIST”) published version 2.0 of its Cybersecurity Framework. Originally released in 2014 and updated in 2018 and now 2024, the NIST Cybersecurity Framework (“CSF” or “Framework”) “offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization — regardless…
HHS Publishes Final Rule to Align Part 2 and HIPAA
On February 16, 2024, the U.S. Department of Health and Human Services (“HHS”) published a final rule to amend the Confidentiality of Substance Use Disorder (“SUD”) Patient Records regulations (“Part 2”) to more closely align Part 2 with the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (collectively, “HIPAA”)…
HHS OCR Requests Comments on HIPAA Audit Review Survey
On February 12, the U.S. Department of Health and Human Services (“HHS”), Office of Civil Rights (“OCR”), published a notice requesting comment on an upcoming information request. Specifically, OCR invites comments regarding its burden estimate for a “HIPAA Audit Review Survey.” The Survey consists of “39 online survey questions” and will be sent to “207…