On Monday, September 18, 2023, a federal judge in the Northern District of California issued a preliminary injunction delaying enforcement of California’s Age Appropriate Design Code (“CA AADC”) in NetChoice, LLC v. Bonta signaling the likelihood that CA AADC will be deemed unconstitutional.
Read MoreOn September 15, 2023, the California Legislature passed Senate Bill 362, known as the Delete Act, which amends the California data broker law. The bill now awaits a signature from the governor. If signed, certain aspects of the law will go into effect as soon as January 31, 2024.
Read MoreBy Destiny Ginn
Under a proposed stipulated order dated September 11, 2023, background check providers, Instant Checkmate, TruthFinder, The Control Group media company, IntelicareDirect, and PubRec, will be required to pay $5.8 million for alleged violations of the Fair Credit Reporting Act (FCRA) for activities as consumer reporting agencies (CRA) and of the Federal Trade Commission Act (FTC Act) for deceptive activities.
Read MoreHintze Law PLLC is excited to announce that Destiny Ginn has joined the firm as a first-year associate* in the Seattle office.
Read MoreHintze Law PLLC is delighted to announce that Mike Hintze, Member Partner, and Jevan Hutson, Associate, have been recognized by Best Lawyers®. Mike is recognized in The Best Lawyers in America® 2024 edition under the category of Information Technology Law and Technology Law for his work in privacy and data security. Jevan is recognized in the 2024 Best Lawyers: Ones to Watch™ in America for his work in Privacy and Data Security Law.
Read MorePlease join us in congratulating, Jevan Hutson, Associate at Hintze Law PLLC, for earning recognition as 2023 Washington Rising Star by Super Lawyers, part of Thomson Reuters. Jevan is a Certified Information Privacy Professional (CIPP) and Certified Information Privacy Manager and key member of Hintze’s Cybersecurity & Breach Response Group and the Artificial Intelligence and Machine Learning Group. His recognition stems in part from his role as a respected expert and thought leader on artificial intelligence (AI) and machine learning (ML) ethics, law, and policy.
Read MoreBy Ro Friend & Susan Hintze
Here at Hintze Law, we are thrilled and honored to announce that through a nomination by LinkedIn, we have been awarded the DEI Roundtable Law Firm Diversity Award for our commitment to diversity, equity, and inclusion. The DEI Roundtable consists of legal counsel from tech leaders AirBnB, ByteDance/TikTok, Google, LinkedIn, Meta, Microsoft, Snap, & ZenDesk and provides a platform for fruitful discussions about how we can collectively support and improve diversity in our community.
Read MoreBy Sheila Sokolowski and Kate Black
In a joint letter sent to 130 hospital systems and telehealth providers, the Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services (HHS) warned health care providers, both those covered by HIPAA and those not, about their potential to violate the HIPAA Rules, FTC Act and FTC Health Breach Notification Rule (HBNR) when they use technology that tracks users’ activities on their websites and apps.
Read MoreThe California Attorney General announced on Friday, July 14 that it has initiated an investigative sweep of California employers’ compliance with the California Consumer Privacy Act (CCPA) as it applies to employees and applicants. This action serves as a reminder that organizations need to ensure that they have taken steps to comply with CCPA’s numerous requirements as they apply to employee and applicant personal information.
Read MoreOn July 10, 2023, the European Commission adopted its adequacy decision for the EU – U.S. Data Privacy Framework (“EU-U.S. DPF”) which provides organizations with another mechanism for lawfully transferring EU personal information to the United States.
Read MoreHintze Law PLLC is thrilled to announce that Zachary Douglas has joined the firm as a part of our growing team of talented privacy analysts who complement Hintze Law’s team of privacy and cybersecurity attorneys.
Read MoreHintze Law PLLC is pleased to announce that Chambers & Partners has once again recognized Hintze Law and its partners Sheila Sokolowski, Susan Hintze, and Mike Hintze in its 2023 USA Privacy & Data Security rankings. The firm was also recently recognized in The Legal 500’s 2023 US Cyber Law rankings.
Read MoreBy Mike Hintze
On Friday, June 30, the Washington State Office of the Attorney General (OAG) published its expected guidance on the Washington My Health My Data Act (MHMDA or the Act) in the form of seven “frequently asked questions.” Given the many ambiguities in the Act, this guidance has been eagerly awaited in the hope that it would provide some much-needed clarity. And while it addresses one of the biggest areas of ambiguity and concern (the effective dates) and provides some useful insights into a handful of others, it, unfortunately, left many questions unanswered.
Read MoreBy Leslie Veloz
Florida’s SB 262 was signed into law Tuesday, June 6, 2023, making it the 10th comprehensive state privacy law enacted in the United States. SB 262 consists of several parts.
Read MoreOn May 22nd, 2023, the Federal Trade Commission (FTC) issued a proposed order against Edmodo, LLC (“Edmodo”), a California-based education technology provider, for allegedly violating the FTC’s Children’s Online Privacy Protection Rule (“COPPA Rule") by illegally collecting the information of children and using that information for advertising, and for allegedly violating Section 5 of the FTC Act by unfairly burdening schools and teachers with COPPA-compliance responsibilities. In a first for an FTC order, Edmodo is prohibited from requiring students to hand over more personal data than is reasonably necessary to participate in online educational activities.
Read MoreHere’s a snapshot of the state, national, and global privacy, security, and data developments tracked by our team over the past few weeks.
Read MoreBy Mike Hintze
When it comes into effect, the Washington My Health My Data Act (MHMDA or the Act) will impose new privacy notice obligations on regulated entities. The Act requires specific privacy disclosures relating to data that meets the very broad definition of “consumer health data.” It appears to require regulated entities to draft, post, link to, and maintain a separate “Consumer Health Data Privacy Policy” that will be largely, but not entirely, redundant of their existing privacy statement(s).
Because the Consumer Health Data Privacy Policy will be publicly available and easily scrutinized by plaintiffs’ lawyers and the Washington Attorney General, mistakes implementing this obligation are likely to be a key source of costly and disruptive litigation. Regulated entities will therefore need to take great care in meeting the Act’s notice requirements which are, in some respects, unusual and unexpected.
Read MoreBy Mike Hintze & Jevan Hutson
Biometric data is among the broad range of “consumer health data” regulated by the Washington My Health My Data Act (MHMDA). In light of MHMDA’s broad definition of biometric data, GDPR-level consent requirements, new obligations, and private right of action, the Act dramatically changes and complicates the regulation of biometric data in Washington state and is poised to become the most disruptive change in U.S. biometric privacy law since Illinois’ BIPA.
Read MoreBy Mike Hintze
The Washington My Health My Data Act provides consumers with several rights, including a right of access, a right to delete, a right to withdraw consent, and a right to not be discriminated against for exercising their rights. While each of these rights can be found in other privacy laws and so, at a high level, do not seem particularly surprising here, the ways they are included in this Act are unique, create uncertainty, and in some cases go well beyond what exists in any other privacy law. As a result, regulated entities seeking to comply with them will face difficult, costly, and disruptive implementation challenges (and with respect to the deletion right, the potential for catch-22 situations where full legal compliance may be impossible). These challenges, along with the Act’s private right of action, set up a significant risk of expensive legal claims and litigation.
Read More