It is important to always confirm and understand all the various requirements of laws applicable to the sensitive personal information being processed.
Continue Reading Processing Sensitive Personal Information under U.S. State Privacy Laws

Updates on the Evolving Data Protection Landscape
It is important to always confirm and understand all the various requirements of laws applicable to the sensitive personal information being processed.
Continue Reading Processing Sensitive Personal Information under U.S. State Privacy Laws
Greenberg Traurig Shareholders Breton H. Permesly and Tyler J. Thompson will present the CLE webinar, “Personal Information in the Franchise Relationship,” on Wednesday, June 28 at 12:30 pm EDT. As privacy laws proliferate around the world while the value of customer personal information simultaneously increases, data has never been riskier or had…
All modern privacy statutes regulate when personal information can be shared with third parties, whether those third parties are service providers, vendors, contractors, or business partners. Most modern privacy statutes recognize, however, that privacy risks are reduced when the third party is related to the organization from which the data originates. As the following chart…
On April 17, 2023, the Washington State Legislature passed the “My Health My Data Act” (WMHMDA), which will take effect for most companies March 31, 2024. Unlike other modern state privacy laws that purport to regulate any collection of “personal data,” WMHMDA confers privacy protections only upon “Consumer Health Data.” This term is defined to…
Three months prior to the enforcement date of the California Consumer Privacy Act (CCPA), as amended, the California Office of Administrative Law approved the updated CCPA Regulations (final rulemaking documents will be posted here after processing). These updates take into account the CCPA’s expanded scope following its amendment by the California Privacy Rights…
The CCPA states that a service provider must be contractually prohibited from “retaining, using, or disclosing the personal information [provided to it by a business] for any purpose other than for the business purposes specified in the contract for the business . . . .”[1] That prohibition, however, may not apply to information once…
Greenberg Traurig Shareholder David A. Zetoony, Co-Chair of the U.S. Data Privacy & Cybersecurity Practice, will present the Thomson Reuters West LegalEdcenter webinar, “AdTech and Data Privacy?” on Wednesday, March 22 at 3:00 pm EDT. AdTech is an important part of marketing and sales, and organizations that use AdTech must…
Not necessarily.
Under modern privacy statutes in the United States and Europe, an activity constitutes profiling if the following three elements are met:
Given recent Health and Human Services’ Office for Civil Rights guidance, HIPAA-regulated entities should consider immediately taking the steps discussed in this GT blog post to reduce the risk associated with their use of tracking technologies.
Continue Reading Cookies and Other Tracking Technologies May Violate HIPAA
The Telephone Consumer Protection Act (TCPA) covers unsolicited calls and texts, aimed at protecting consumers from harassing and unwanted communications. With the April 2021 Facebook SCOTUS case[1] (see GT Alert) reducing the prevalence of some TCPA claims with private rights of action, new claims are starting to emerge as plaintiffs’ favorites.
One…