Given recent Health and Human Services’ Office for Civil Rights guidance, HIPAA-regulated entities should consider immediately taking the steps discussed in this GT blog post to reduce the risk associated with their use of tracking technologies.
Continue Reading Cookies and Other Tracking Technologies May Violate HIPAA
A behavioral advertising cookie typically refers to a cookie that is used to track the websites a consumer visits for the purpose of identifying advertisements that may be of particular interest to the consumer and then serving such advertisements to the consumer. Behavioral advertising cookies are sometimes referred to as third-party behavioral advertising cookies, advertising
There is little standardization concerning how cookie banners are deployed. Generally, however, most cookie banners fall within four broad categories:
A review of the Fortune 500 conducted approximately one year after the CCPA went into effect showed that 21 percent of websites included a “Do Not Sell My Personal Information” link; 78.6 percent of websites did not include a link to opt out of the sale of personal information.[1] Over the past year, that
A “cookie banner” refers to a pop-up notice on a website that discusses the site’s use of cookies. There is little standardization concerning how cookie banners are deployed. For example, websites can position them in different places on the screen (e.g., across the top of the screen, across the bottom of the screen, in a
The Federal Rules of Civil Procedure, as well as state procedural rules, permit parties to a lawsuit to conduct discovery, in search of information and documents that may be relevant to the litigation. Parties can issue requests for documents, information (called interrogatories), and admissions of fact to other parties to the lawsuit; parties may use
Several modern state data privacy statutes refer to precise geolocation information as a “sensitive” category of personal information. What constitutes precise geolocation information differs slightly between and among states. The following table provides a side-by-side comparison of the how the states have defined the term.
| Click here for a side-by-side comparison of the how the |
Some privacy statutes explicitly reference “sensitive” or “special” categories of personal information. While such terms, when used, often include similar data types that are generally considered as raising greater privacy risks to data subjects if disclosed, the exact categories that fall under those rubrics differ between and among statutes. Furthermore, other privacy statutes do not
The term “targeted advertising” is defined relatively consistently between and among modern U.S. data privacy statutes with the noticeable exception of California which deviates somewhat in the California Privacy Rights Act’s (CPRA) definition of the similar term “cross-context behavioral advertising” by omitting any reference to tracking a person over time, or making predictions about a
On April 29, 2022, China’s National Information Security Standardization Technical Committee (commonly referred to as “TC260”) released a draft Technical Guideline on Personal Information Cross-Border Transfer Certifications (Cert Guideline). While the Cert Guideline is still in draft form and thus subject to change, it provides some clarification regarding the certification process for cross-border transfers of