Author

Amy de La Lama

Browsing

For those privacy buffs following the status of the California Privacy Rights Act ballot initiative (CPRA), today is the much-anticipated deadline to officially decide whether the CPRA will qualify for the Fall 2020 ballot in November. The final answer? Yes, it will. Background CPRA (which was introduced by the Californians for Consumer Privacy in January 2020) is a ballot initiative that would both expand the scope of the existing California Consumer Privacy Act (CCPA) and…

On June 1, 2020, in a surprise, last-minute filing, the office of the California Attorney General submitted the final CCPA final California Consumer Privacy Act (CCPA) proposed regulations to the California Office of Administrative Law (OAL). What does this mean for businesses subject to the CCPA? Under normal circumstances, the OAL would have 30 days to review the proposed regulations for procedural compliance with California’s Administrative Procedure Act; however due to the COVID-19 pandemic, this timeframe…

Further to our March 25th update and the guidance issued by the Office of Civil Rights (OCR) in late March, OCR has issued an additional Notification of Enforcement Discretion, allowing for enforcement discretion regarding additional uses and disclosures of protected health information (PHI) for public health and health oversight activities during the COVID-19 pandemic. Under the Health Insurance Portability and Accountability Act (HIPAA)’s Privacy Rule, business associates are generally only permitted to use and disclose…

In this episode of Connect On Tech, your host Brian Hengesbaugh is joined by Amy de La Lama, a partner in our Chicago office. Amy and Brian discuss a top of mind topic: telehealth, and the changes to US privacy regulations or enforcement priorities that evolve in response to the COVID-19 pandemic. You will hear: A summary of the current regulatory environment in the US regarding to privacy and telehealthHow US authorities taken steps to…

On March 11, 2020, the California Attorney General released another set of revisions to the California Consumer Privacy Act (CCPA) draft implementing regulations. The regulations are not yet finalized (a public comment period for this most recent version is open until March 27, 2020), but below we highlight key changes and takeaways for businesses under the latest version of the regulations. Note that this round of revisions to the regulations largely consist of updates to…

In response to the COVID-19 global pandemic, on March 17, 2020, the Office of Civil Rights (OCR) at the US Department of Health and Human Services (HHS), the agency charged with enforcing the Health Insurance Portability and Accountability Act of 1996 (HIPAA), issued the Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency (“Guidance”). On March 20, OCR issued supplemental guidance on provision of telehealth services in the form…

With the advent of the novel coronavirus COVID-19, many organizations around the world are undergoing a seismic shift on an accelerated timeline towards telework or remote working for some or all employees. In addition to ensuring that the networks, VPNs, and other IT resources are capable of supporting such a shift, organizations that have not built such teleworking into their disaster preparedness plans should be aware of, and take steps to mitigate, the cybersecurity and…

Many employers in the US are grappling with appropriate efforts to contain and protect the workforce against COVID-19. Those efforts include employee and visitor screening activities that range from requiring all personnel to provide an affirmation upon admission to a worksite to taking vital signs or other hands-on screenings. But are those screening activities lawful under applicable privacy and confidentiality laws in the US? And what should employers do when they have reason to suspect…

On February 7, 2020, the California Attorney General released its revised draft implementing regulations for the California Consumer Privacy Act. The revised regulations are not yet final. The California AG will accept written comments regarding the updated regulations until 5:00 pm (PST) on Tuesday, February 25, 2020. The following is a high-level overview of the key new requirements under the updated regulations that are important for businesses to consider in connection with their CCPA compliance…

Along with changes brought by the CCPA, companies should be aware of other important privacy developments that went into effect in early 2020.  Notable changes to data breach notification laws in California, Illinois, Oregon, and Texas promise to have a significant impact on businesses experiencing security incidents and signal a movement towards stricter and more demanding requirements in this space.    California Amends Definition of Personal Information for Breach Notification         The definition of personal information…