CPRA Law + Tech Series: Sensitive Data: Health Conditions, Demographics, and Inferences

FREE February 25, 2022 @ 3:00pm - 4:15pm ET
More Events
Register
Overview
Speakers

Overview

CPRA Law + Tech Series: Understanding Data, Decisionmaking, and Design

Session 2: Sensitive Data: Health Conditions, Demographics, and Inferences

Co-Hosted by: California Lawyers Association Privacy Law Section and the Future of Privacy Forum

About the Series: What do privacy lawyers need to know about the technologies and data practices at the heart of emerging legislation? New state privacy laws, including the California Privacy Rights Act (CPRA), will introduce a host of new obligations for businesses. Privacy lawyers charged with operationalizing these requirements will need to understand the technologies that these laws address. 

In this Winter 2022 series, the California Lawyers Association Privacy Law Section and FPF will host informational sessions on technological basics for privacy lawyers. Each session will provide a brief summary of new requirements under the CPRA, the Virginia Consumer Data Protection Act (VCDPA), and the Colorado Privacy Act (CPA), accompanied by an exploration of the key technologies that are addressed in these laws, including digital advertising, global opt outs, automated decisionmaking, and dark patterns. 

About Session 2: Join us on Friday, February 25th, from 12:00-1:15 PM Pacific Time, for an exploration of what makes certain kinds of consumer data “sensitive” – and how to identify such data and think about new regulations that limit its collection and use.

This session will begin with a brief presentation on the definitions of “sensitive data” under existing legal regimes (CPRA, VCDPA, and CPA), with a specific discussion of the legal parameters of non-HIPAA and non-CMIA consumer health data. 

As an example of sensitive data, we will explore real-world examples of how consumer health information is collected and used in different commercial settings, from a technical and business perspective, including:

  • Consumer services that directly collect and use high-risk or clearly sensitive data that is not covered by HIPAA or other sectoral privacy laws (for example, direct-to-consumer blood sample analysis);
  • Mobile app data involving fitness, wellness, or wearable device information (such as steps and heart rate) that may be considered sensitive or not, depending on the context and uses; 
  • Information that may appear sensitive on its face, but may not be used for the purposes of inferring sensitive information (such as the URL of a website, name of an app, or search engine query in the context of providing basic functionality or services); as well as the opposite: information that may appear non-sensitive on its face (such as a person’s shopping habits) that may nonetheless, over time or in combination with other information, lead to sensitive inferences. 

In this session, we’ll be joined by guest experts:

  • Robert D. Tookoian, Of Counsel, Fennemore Craig, PC
  • Kate Black, Partner, Hintze Law
  • Charlyn L. Ho, Partner, Perkins Coie

Download the Slides Watch the Recording

Speakers

Kate Black

Partner, Hintze Law

Kate Black is a partner in Hintze Law’s Health and Biotech Privacy Group. Kate also heads Hintze Law’s Miami office.

Kate counsels U.S. and global companies on comprehensive strategies for complying with regulatory obligations while achieving business objectives, growing and maintaining customer and public trust, and advancing revolutionary and innovative technology and research. Kate has advised clients on building and operating global privacy programs, assessing privacy and data security compliance, implementing privacy by design product strategies, developing law enforcement response protocols, and negotiating complex vendor and partner deals involving transfer and protection of data. She regularly advises on proposed regulatory and legislative changes that impact the landscape of health and biotech privacy.

Her areas of expertise include HIPAA/HITECH, FTC Act, CCPA/CPRA, GDPR, LGPD, PIPEDA, COPPA, TCPA, CAN-SPAM, state health and biometric laws, and cybersecurity. She advises global clients in a variety of industries, including, gaming, esports, ecommerce, retail, data analytics, digital health, and mobile medical applications.

Charlyn Ho

Partner, Perkins Coie

Charlyn Ho counsels clients on legal issues related to technology and privacy, including those affecting e-commerce sites, mobile devices and applications, artificial intelligence (AI)/machine learning (ML), virtual reality (VR), mixed reality (MR) and augmented reality (AR) platforms, cloud services, enterprise software, cryptocurrency platforms and Internet of Things devices. Charlyn provides strategic advice and counseling to all types of technology companies throughout their lifecycle, from startup to established enterprises. Charlyn’s experience includes:

  • Counseling on and supporting product launches
  • Performing IP and data privacy analysis and due diligence for M&A transactions
  • Supporting enterprise customers in purchasing commercial off-the-shelf and custom software and cloud solutions
  • Assisting startups and entrepreneurs in commercializing their products
  • Helping blockchain clients conduct token sales and develop various technology offerings including self-sovereign identity platforms
  • Drafting collaboration, development, distribution, license and service agreements
  • Counseling clients on privacy and data security compliance obligations, including building programs to comply with data privacy laws such as the GDPR and CCPA and assisting with preparing for and responding to data security incidents.

Charlyn has taught courses to in-house counsel and non-lawyers on negotiating technology agreements and transactions. She also has represented domestic and international clients on banking, acquisition financing, mergers and acquisitions and securities transactions.

Robert Tookoian

Of Counsel, Fennemore Law

Rob represents a broad range of clients in commercial transactions, mergers and acquisitions, compliance, real estate transactions and employment law. His diverse and extensive legal and business background allows him to counsel business owners and executive management to provide practical, business-oriented solutions to complex legal problems. His clients include such varied industries and service groups as healthcare providers, government entities and food processors, as well as agribusiness, technology, and health benefit companies.

Rob began his practice in the San Francisco Bay Area, working as counsel and General Counsel to internet and “high-tech” companies. He has been in-house counsel for start-ups, early-stage and public companies, working on complex services and licensing agreements, compliance, real property transactions, intellectual property, and corporate governance, among other services.

Rob has spent the last 15 plus years working with small and midsize organizations to provide strategic guidance on growth and complex transactions, as well as complex litigation, compliance, and public entity defense. In his healthcare practice, Rob assists clients with formation, contract negotiation and preparation, growth strategies, employment matters, regulatory and contractual compliance, and risk mitigation. Rob regularly counsels his clients about HIPAA, Stark, Anti-kickback, CCPA and other compliance matters.