By Sam Castic
Last week the California Attorney General’s office announced a settlement with beauty retailer Sephora for $1.2 million - the AG’s first monetary penalty for CCPA violations. Sephora has also agreed to a 2-year consent decree with ongoing monitoring and reporting obligations. This enforcement action confirms the AG’s interpretation that: (1) the CCPA requires specific CCPA-mandated contractual terms with each cookie, pixel, and tracking technology provider that companies use on their websites for personal information sharing not to be a “sale” of data under the CCPA, and (2) companies that engage in “sales” of personal information on their websites must honor the Global Privacy Control signal from consumers who choose to use the GPC.
Read MoreHintze Law PLLC is very pleased to announce that Deb Gray has joined the firm as a Senior Privacy Analyst. Deb comes to Hintze Law’s Seattle office with over two decades of deep and wide-ranging experience and programmatic skills in privacy and data protection matters, including the California Consumer Protection Act (CCPA), the EU General Data Protection Regulation (GDPR), and COPPA. Deb joins Hintze Law’s growing team of talented privacy analysts who complement Hintze Law’s team of privacy and cybersecurity attorneys.
Read MoreBy Susan Hintze and Sam Castic
On August 11, 2022, the Federal Trade Commission (“FTC”) published an advance notice of proposed rulemaking (“ANPR”) in a 3-2 vote on party lines requesting public comment on questions covering a wide range of “commercial surveillance” and data security practices. The FTC defines “commercial surveillance” to include a wide array of practices most businesses commonly engage in with their customers and employees. The FTC’s scope of data security practices includes expected areas such as data breach response but also includes data management, retention, and data minimization areas it has not dedicated significant attention to in the past. The FTC provided additional summaries of these practices in a “fact sheet” it released with the ANPR.
Read MoreHintze Law PLLC is delighted to announce that Sam Castic has joined the firm as its newest Partner. Sam comes to Hintze Law’s Seattle office with over 15 years of global privacy and cybersecurity experience, most recently as Chief Privacy Officer for Blackhawk Network and as Senior Director Privacy & Associate General Counsel at Nordstrom. In addition to Sam’s experience leading corporate privacy teams and programs, he has advised clients ranging from early-stage startups to large global corporations on privacy, cybersecurity, and data protection matters at Orrick and at K&L Gates.
Read MoreBy Laura Lemire
On Friday, July 8, the California Privacy Protection Agency (CPPA) released a notice of proposed rulemaking to adopt regulations implementing the Consumer Privacy Rights Act of 2020 (CPRA), the law that amends the California Consumer Privacy Act (CCPA) (the “Proposed Regulations”). The Proposed Regulations were previously made available on May 27, 2022, and those remain unchanged. What’s new in the materials released with the notice of proposed rulemaking is rich context on the CPPA’s positions, particularly from the Economic Impact Statement and its supporting Notes.
Read MoreBy Mason Fitch
The Supreme Court’s reversal of Roe v. Wade amplifies attention to concerns around the privacy of abortion-related services, including the provision of healthcare, period tracking apps, and even payment methods and mobile location data. In a direct response to Roe’s reversal, the Department of Health and Human Services (HHS) released guidance underscoring the protections applicable to protected health information (PHI) relating to abortion and other reproductive care under the Health Insurance Portability & Accountability Act (HIPAA), which we outline below. HIPAA, however, is limited in scope and does not protect a vast swath of information relating to abortion care.
Read MoreBy Destiny Ginn, Summer Associate
Here’s a snapshot of a few of the privacy developments we followed over the past few weeks.
Read MoreBy Sheila Sokolowski
On Monday, June 14th the U.S. Department of Health and Human Services (HHS), issued guidance on how the HIPAA rules permit covered health plans to use remote communication technologies for audio-only telehealth.
Read MoreBy Alex Schlight and Emeka Egwuatu
Here’s a snapshot of a few of the privacy developments we followed over the past couple of months from March 22, 2022 – to June 6, 2022.
Read MoreWe are honored to announce that Chambers & Partners has recognized Sheila Sokolowski, Partner and Chair of Hintze Law’s Health & Biotech Privacy Group in its 2022 USA - Nationwide Privacy& Data Security Healthcare rankings. Chambers has also once again recognized Hintze Law and Member Partners, Mike Hintze and Susan Hintze, in its 2022 Privacy & Data Security USA – Nationwide rankings.
Read MoreBy Sheila Sokolowski
On May 19, 2022, the FTC issued a stern warning to ed-tech providers regarding compliance with COPPA suggesting enhanced enforcement in this area. Citing “the steady proliferation of technologies that allow, and business models that depend on, the online collection and monetization of consumers’ personal information” and “the development of ever more sophisticated targeting practices,” the Federal Trade Commission (FTC) voted unanimously to issue a policy statement regarding collection of children’s information by ed tech providers. The Policy Statement of the Federal Trade Commission on Education Technology and the Children's Online Privacy Protection Act states that the FTC “intends to scrutinize compliance with the full breadth of the substantive provisions of the COPPA Rule and statutory language.” The FTC’s statement highlights COPPA’s limitations on collection, use and retention of children’s personal information and security requirements, all of which apply to COPPA-covered ed-tech companies.
Read MoreHintze Law PLLC announced today that Laura Lemire has joined the firm as Of Counsel. Laura comes to Hintze Law’s Seattle office with over a decade of global privacy, cybersecurity, and technology law experience as former privacy counsel for Twitter and Microsoft.
Read MoreBy Elizabeth Crooks and Chehalis Dorman
Here’s a snapshot of a few of the privacy developments we followed from the past couple of months from February 10, 2022 to March 21, 2022.
Read MoreBy Mason Fitch
Here’s a round up of a few of the privacy developments we followed from the past couple of months from December 2021 - February 10, 2022.
Read MoreWe are excited to announce that Mason Fitch has joined the Hintze Law team as the newest member of our Health & Biotech Team. Mason joins us from Hims & Hers Health, a telehealth startup, where he served as their first Privacy Counsel.
Read MoreBy Alex Schlight
Following in the footsteps of the last few years, 2022 is shaping up to be a landmark year for privacy and data security. Here is a quick privacy forecast to help you identify where to focus, and what to expect, in the coming year.
Read MoreHintze Law, PLLC announced today that, effective January 2022, Jennifer Ruehr has been promoted to partner. Jennifer has spent the last 8+ years focusing on complex issues at the intersection of emerging technology and data protection.
Read MoreBy Emeka Egwuatu
Our latest snapshot of recent privacy law developments from around the world.
Read MoreBy Jennifer Ruehr
This week, two pieces of important employee privacy legislation were passed in New York. The first is an amendment to New York’s civil rights law that adds new requirements for businesses that conduct employee monitoring activities in the state. And, the second only applies to businesses in New York City in relation to automated employment decision tools used for hiring and promotion purposes.
Read MoreBy Sheila Sokolowski
On October 6, 2021, California’s governor signed the Genetic Information Privacy Act (the “Act”), adding the state to the growing number enacting laws requiring direct-to-consumer genetic testing companies to protect the privacy and security of their customers’ genetic data.
Read More