privacy Archives - Discerning Data

EU Artificial Intelligence Act – Legislation Adopted by the European Council

The long-awaited European Union Artificial Intelligence Act (the AI Act) is nearing implementation following its adoption by the European Council yesterday (21 May 2024). This signals the completion of the final major stage of the European Union (EU) legislative process and the AI Act is expected to enter into force imminently. We considered the impact of this legislation in detail in our previous article: EU Artificial Intelligence Act — Final Form Legislation Endorsed by European Parliament.

The only remaining formalities are the signature of the President and Secretary-General of the European Parliament and Council and publication in the Official Journal, which is expected to happen in the coming days. The AI Act will enter into force 20 days after this takes place. The AI Act will become fully applicable 24 months after its entry into force (June 2026). However, some provisions will apply before that date.

Continue reading “EU Artificial Intelligence Act – Legislation Adopted by the European Council”

Zombie PHR Breach Rule Rises From the Dead

If an entity that offers a personal health record identifies a breach of information in that record, it is required to provide notice to each impacted individual and to the FTC within 60 calendar days of discovery.

Yesterday, the FTC issued a policy statement announcing a new interpretation of the FTC’s 10-year-old “Personal Health Record Breach Notification Rule.” As the FTC acknowledges, this rule has never been enforced by the FTC. The FTC’s announcement indicates its intention to begin enforcing this rule, which allows the FTC to assess penalties of $43,792 per day of violation.

Continue reading “Zombie PHR Breach Rule Rises From the Dead”

Faegre Drinker on Law and Technology Podcast: Computer Forensics

Computer Forensics: What is it? How is it Used in Civil and Criminal Incident Response Work? In this episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss talks with Supervisory Special Agent Steve Crist of the FBI and former Orange County DA Investigator Dave White about the importance of using computer forensics in private sector and government cyber and incident response investigations. They explore the differences between computer forensics and traditional “wet” forensics; how computer forensics has grown to play a significant role in civil investigative and legal matters; the importance of digital evidence in criminal cases; and how a digital investigator works their way through a case.

Continue reading “Faegre Drinker on Law and Technology Podcast: Computer Forensics”

Failure to Respect Patient’s Right to Access Health Care Information Leads to HIPAA Settlement

Bayfront Health – St. Petersburg (Bayfront) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) entered into a $85,000 no-fault settlement agreement and one year corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA). This settlement is the first case in HHS-OCR’s Right of Access Initiative (Initiative). The Initiative was open for public comment between December 2018 and February 2019 and received over 1,000 comments.

Continue reading “Failure to Respect Patient’s Right to Access Health Care Information Leads to HIPAA Settlement”

California’s BOT Disclosure Law, SB 1001, Now In Effect

The B.O.T. (“Bolstering Online Transparency”) Act, enacted last year pursuant to SB 1001, has gone into effect in California. As of July 1, it is unlawful for a person or entity to use a bot to communicate or interact online with a person in California in order to incentivize a sale or transaction of goods or services or to influence a vote in an election without disclosing that the communication is via a bot. The law defines a “bot” as “an automated online account where all or substantially all of the actions or posts of that account are not the result of a person.” The required disclosure must be clear, conspicuous, and reasonably designed to inform persons with whom the bot communicates or interacts that it is a bot.

The law is the first of its kind enacted by a state legislature and applies only to communications with persons in California. In addition, it applies only to public-facing Internet Web sites, applications, or social networks that have at least 10 million monthly U.S. visitors or users. While the law contains no private right of action and expressly “does not impose a duty on service providers of online platforms,” failure to abide by the disclosure requirement, as enforced by the Attorney General, may constitute a violation of California’s unfair competition laws and result in fines and equitable remedies.

Texas Amends State Breach Notification Law and Creates Advisor Council to Study Privacy Laws

Businesses in Texas that own or license computerized data will expect a shortened data breach notification deadline for any breach of sensitive personal information after January 1, 2020. Meanwhile, reporting to state attorney general (“AG”) will become mandatory if more than 250 Texans are involved in a single data breach.

Continue reading “Texas Amends State Breach Notification Law and Creates Advisor Council to Study Privacy Laws”

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy

Tag: privacy