It is important to always confirm and understand all the various requirements of laws applicable to the sensitive personal information being processed.
Continue Reading Processing Sensitive Personal Information under U.S. State Privacy Laws
June 28 Webinar | Personal Information in the Franchise Relationship
Greenberg Traurig Shareholders Breton H. Permesly and Tyler J. Thompson will present the CLE webinar, “Personal Information in the Franchise Relationship,” on Wednesday, June 28 at 12:30 pm EDT. As privacy laws proliferate around the world while the value of customer personal information simultaneously increases, data has never been riskier or had
Finding the Delta: Understanding the Differences in How State Privacy Laws Define Corporate Affiliates
All modern privacy statutes regulate when personal information can be shared with third parties, whether those third parties are service providers, vendors, contractors, or business partners. Most modern privacy statutes recognize, however, that privacy risks are reduced when the third party is related to the organization from which the data originates. As the following chart
Unpacking the ‘My Health My Data Act’: When does it require that companies get consent?
On April 17, 2023, the Washington State Legislature passed the “My Health My Data Act” (WMHMDA), which will take effect for most companies March 31, 2024. Unlike other modern state privacy laws that purport to regulate any collection of “personal data,” WMHMDA confers privacy protections only upon “Consumer Health Data.” This term is defined to
Updated CCPA Regulations Approved
Three months prior to the enforcement date of the California Consumer Privacy Act (CCPA), as amended, the California Office of Administrative Law approved the updated CCPA Regulations (final rulemaking documents will be posted here after processing). These updates take into account the CCPA’s expanded scope following its amendment by the California Privacy Rights
Under the CCPA, can a service provider use personal information for its own purposes if it deidentifies or aggregates it?
The CCPA states that a service provider must be contractually prohibited from “retaining, using, or disclosing the personal information [provided to it by a business] for any purpose other than for the business purposes specified in the contract for the business . . . .”[1] That prohibition, however, may not apply to information once
March 22 | AdTech and Data Privacy Webinar
Greenberg Traurig Shareholder David A. Zetoony, Co-Chair of the U.S. Data Privacy & Cybersecurity Practice, will present the Thomson Reuters West LegalEdcenter webinar, “AdTech and Data Privacy?” on Wednesday, March 22 at 3:00 pm EDT. AdTech is an important part of marketing and sales, and organizations that use AdTech must
Are companies prohibited from making choices based on profiling?
Not necessarily.
Under modern privacy statutes in the United States and Europe, an activity constitutes profiling if the following three elements are met:
Cookies and Other Tracking Technologies May Violate HIPAA
Given recent Health and Human Services’ Office for Civil Rights guidance, HIPAA-regulated entities should consider immediately taking the steps discussed in this GT blog post to reduce the risk associated with their use of tracking technologies.
Continue Reading Cookies and Other Tracking Technologies May Violate HIPAA
Don’t Have a Do-Not-Call Policy? Every SMS You Send Could Violate the TCPA and Come With A Private Right of Action
The Telephone Consumer Protection Act (TCPA) covers unsolicited calls and texts, aimed at protecting consumers from harassing and unwanted communications. With the April 2021 Facebook SCOTUS case[1] (see GT Alert) reducing the prevalence of some TCPA claims with private rights of action, new claims are starting to emerge as plaintiffs’ favorites.
One