On the sixth day of CCPA the California Senate Health Committee gave to me … a HIPAA carve-out.

AB 713, reported favorably by the California Senate Health Committee, would expand the exemption related to HIPAA and medical research.

Specific carve-outs:
  • De-identified PHI or medical information, provided that the business does not attempt nor actually re-identify

“Though it’s hard to predict what will happen with regard to a federal privacy bill in 2020, the reality is that the CCPA is here and other states will surely follow,” writes Jedidiah Bracy of the International Association of Privacy Professionals.

“In addition to driving policy talks in the nation’s capital, the CCPA may also

The House Energy and Commerce Committee unveiled a first draft of a bipartisan federal privacy bill.

Staffers on the committee sent the draft legislation to stakeholders and are seeking comments by mid-January. The draft from Republican and Democratic staffers on the House Energy and Commerce Committee comes as the Senate continues to wrestle with its

Colorado should enact a privacy law to hold tech companies accountable for consumer harms because the federal government isn’t likely to adopt a measure, the state’s attorney general, Phil Weiser (D), said in a Dec. 9 interview with Bloomberg Law.

“It’s likely we pass a privacy law” in Colorado in 2020 that would provide

Prep for CCPA now, enjoy compliance later.

The Future of Privacy Forum’s Stacey Gray and Polly Sanderson’s comparison of two federal privacy bills shows that steps businesses are taking to comply with the CCPA will serve them well if a federal law is passed:

  • Revise your privacy notice; draft by category: Both bills require detailed

Beware the federal privacy bill.

“Although there are key differences, the two [federal privacy] bills also have important similarities:

  •  a set of individual rights combined with boundaries on how businesses collect, use, and share information.
  • individual rights including access, correction, deletion and portability for personal information, along with rights to give “affirmative express consent” before

A new comprehensive federal privacy bill, the Consumer Online Privacy Rights Act (COPRA), has been introduced by Senate Commerce Committee Ranking Member Maria Cantwell (D-Wash.) and Senators Ed Markey (D-Mass.) Brian Schatz (D-Hawaii) and Amy Klobuchar (D-Minn.).

Key novel provisions per International Association of Privacy Professionals (IAPP) Research Director Caitlin Fennessy:

  • individual consent for data

The Facial Recognition Technology Warrant Act, introduced by Sen. Chris Coons (D-Del.) would be the first federal restriction on law enforcement’s use of the technology, reports Sara Merken for Bloomberg Law.

“The bill…would require a court order based on probable cause before law enforcement could use facial recognition tools to conduct persistent tracking of a

Data minimization is coming to the United States.

The Federal Trade Commission cited failure to delete information which is no longer needed as a failure to implement reasonable protection.

In its complaint, the FTC alleges that InfoTrax and its former CEO Mark Rawlins failed to use reasonable, low-cost, and readily available security protections to safeguard