Given recent Health and Human Services’ Office for Civil Rights guidance, HIPAA-regulated entities should consider immediately taking the steps discussed in this GT blog post to reduce the risk associated with their use of tracking technologies.
Continue Reading Cookies and Other Tracking Technologies May Violate HIPAA

The CCPA requires businesses that sell personal information to explain that consumers have a right to opt-out of the sale[1] and provide a clear and conspicuous link on their homepage titled “Do Not Sell My Personal Information” that takes the consumer to a mechanism that permits them to exercise their opt-out right.[2] If

The Federal Rules of Civil Procedure, as well as state procedural rules, permit parties to a lawsuit to conduct discovery, in search of information and documents that may be relevant to the litigation. Parties can issue requests for documents, information (called interrogatories), and admissions of fact to other parties to the lawsuit; parties may use

On Jan. 27, 2022, Brazil’s Data Protection Agency (ANPD) adopted Resolution ANPD No. 2 (the “Resolution”), limiting Brazil’s Data Protection Law (LGPD) obligations on small entities.

Processing Agents

Similar to the European GDPR, the LGPD categorizes businesses subject to the law as either “controllers” or “processors.” However, the LGPD also groups these two categories together

The Federal Rules of Civil Procedure, as well as state procedural rules, permit parties to a lawsuit to conduct discovery, in search of information and documents that may be relevant to the litigation. Parties can issue requests for documents, information (called interrogatories), and admissions of fact to other parties to the lawsuit; parties may use

GT Shareholders Gretchen A. Ramos and Darren Abernethy will lead a webinar hosted by the Association of Corporate Counsel titled “Website and Mobile App Compliance Under the CPRA and New State Privacy Laws Effective in 2023” Oct. 6 at 11 a.m. PDT.

Starting Jan. 1, 2023, the California Privacy Rights Act and the CPRA

On June 24, 2022, China’s National Information Security Standardization Technical Committee (commonly referred to as “TC260”) finalized the Technical Guideline on Personal Information Cross-Border Transfer Certification (Final Cert Guideline). Although the Final Cert Guideline largely remains the same as the draft version released this past April, which is described in our prior blog post, China

Some privacy statutes explicitly reference “sensitive” or “special” categories of personal information. While such terms, when used, often include similar data types that are generally considered as raising greater privacy risks to data subjects if disclosed, the exact categories that fall under those rubrics differ between and among statutes. Furthermore, other privacy statutes do not

On April 29, 2022, China’s National Information Security Standardization Technical Committee (commonly referred to as “TC260”) released a draft Technical Guideline on Personal Information Cross-Border Transfer Certifications (Cert Guideline). While the Cert Guideline is still in draft form and thus subject to change, it provides some clarification regarding the certification process for cross-border transfers of