Jeffrey L. Widman writes:

Fingerprint scanner, illustrating concept of biometricsIn 2008, the Illinois legislature enacted the Illinois Biometric Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”) to provide standards of conduct for private entities in connection with the collection and possession of “biometric identifiers and information.” BIPA regulates the collection, use, safeguarding, handling, storage, retention and destruction of such biometric

Acting Federal Trade Commission (FTC) Chairman Maureen K. Ohlhausen made it clear that she expects the FTC’s enforcement role in protecting privacy and security to encompass automated and connected vehicles. In her opening remarks at a June 28, 2017 workshop hosted by the FTC and National Highway Traffic Safety Administration (NHTSA), she said the FTC

Eric Bixler has posted on the Fox Rothschild Physician Law Blog an excellent summary of the changes coming to Medicare cards as a result of the Medicare Access and CHIP Reauthorization Act of 2015. Briefly, Centers for Medicare and Medicaid Services must remove Social Security Numbers from all Medicare cards. Therefore, starting April 1, 2018, CMS will begin mailing new cards with a randomly assigned Medicare Beneficiary Identifier to replace the existing use of SSNs.
Continue Reading

On July 23, 2017, Washington State will become the third state (after Illinois and Texas) to statutorily restrict the collection, storage and use of biometric data for commercial purposes. The Washington legislature explained its goal in enacting Washington’s new biometrics law:

The legislature intends to require a business that collects and can attribute biometric data

EU and U.S. officials finally unveiled the full text of the proposed EU-U.S. Privacy Shield framework earlier this week. The agreement is the culmination of a five-month negotiation to address European concerns regarding mass surveillance and personal data protection issues surrounding transatlantic data transfers. The European Commission’s Article 29 Working Party must now review and

Luxembourg politician Viviane Reding proposed three years ago to overhaul the EU Data Protection Directive. Now, European Union officials have settled on an agreement to replace the Directive with new privacy legislation called the General Data Protection Regulation (GDPR). It is not EU law just yet, but the EU Parliament is expected to fully approve

Privacy officials in Germany penned a position paper arguing that standard contract language and binding corporate rules do not adequately provide data protections necessary for legal U.S.-EU data flows. These two data transfer alternatives to Safe Harbor are not viable.

Binary code on the European continent from space, illustrating European Union data privacyThe German data protection authority (DPA) recommended a path of informed consent. U.S. companies should