sensitive personal information

Categorizing data as “sensitive” is a common feature in U.S. state privacy law, as well as the EU’s GDPR (which uses the term “special category” for similar personal data).[1] What is considered sensitive data varies from state to state, as well as the obligations that come with it. Colorado, Connecticut, Florida, Indiana, Montana, Oregon

It is important to always confirm and understand all the various requirements of laws applicable to the sensitive personal information being processed.
Continue Reading Processing Sensitive Personal Information under U.S. State Privacy Laws

Given recent Health and Human Services’ Office for Civil Rights guidance, HIPAA-regulated entities should consider immediately taking the steps discussed in this GT blog post to reduce the risk associated with their use of tracking technologies.
Continue Reading Cookies and Other Tracking Technologies May Violate HIPAA

Jan. 1 is approaching, and with it comes new requirements under the California Consumer Privacy Act (CPRA) and the Virginia Consumer Data Protection Act (VCDPA). What should you and your company be focusing on to ensure you are prepared for the looming compliance deadline? This Data Privacy Dish post offers end-of-year considerations for closing out

After Europe blazed the trail by passing the sweeping General Data Protection Regulation (“GDPR”) in 2016, California followed closely in the footsteps of European efforts by passing the most comprehensive data privacy law in the United States, the California Consumer Privacy Act (the “CCPA”). Effective January 1, 2020, the CCPA provided a number of obligations

GT Shareholders Gretchen A. Ramos and Darren Abernethy will lead a webinar hosted by the Association of Corporate Counsel titled “Website and Mobile App Compliance Under the CPRA and New State Privacy Laws Effective in 2023” Oct. 6 at 11 a.m. PDT.

Starting Jan. 1, 2023, the California Privacy Rights Act and the CPRA

Several modern state data privacy statutes refer to precise geolocation information as a “sensitive” category of personal information. What constitutes precise geolocation information differs slightly between and among states. The following table provides a side-by-side comparison of the how the states have defined the term.

Click here for a side-by-side comparison of the how the

Some privacy statutes explicitly reference “sensitive” or “special” categories of personal information. While such terms, when used, often include similar data types that are generally considered as raising greater privacy risks to data subjects if disclosed, the exact categories that fall under those rubrics differ between and among statutes. Furthermore, other privacy statutes do not

On April 29, 2022, China’s National Information Security Standardization Technical Committee (commonly referred to as “TC260”) released a draft Technical Guideline on Personal Information Cross-Border Transfer Certifications (Cert Guideline). While the Cert Guideline is still in draft form and thus subject to change, it provides some clarification regarding the certification process for cross-border transfers of