Search results

The Washington ‘My Health, My Data’ Act (MHMD or the Act) establishes a fundamentally new legal framework within U.S. law to regulate the collection, use, and transfer of consumer health data. Signed into law by Governor Inslee on April 27, MHMD was introduced by request of the Washington Attorney General in response to the […]

[…] as the four states in 2023 that have advanced baseline privacy legislation governing the collection, use, and transfer of consumer data. TIPA is closely modeled on the Virginia Consumer Data Protection Act (VCDPA) that was enacted in March 2021 and went into effect on January 1 of this year. The frameworks share key definitions, […]

[…] unable to be authenticated. Opt-Out Preference Signals: If enacted, Montana will join California, Colorado, and Connecticut in allowing individuals to exercise certain rights by default, through the use of technological mechanisms such as browser-level signals. Right to Cure Sunsets: The MCDPA would offer organizations an opportunity to cure prior to the Attorney General taking […]

[…] from complying with the principles relating to collection and processing of personal information or the security safeguards requirement of the law (Section 58(1)). Covered Actors Opting to use the term “data collectors”1 to refer to data controllers, PIPA applies to data controllers, processors, and recipients, which may be individuals, private entities, or public entities […]

[…] trend shows no signs of abating. Organizations have quickly seen employees using generative AI and LLM tools in their workstreams. Few workers are waiting for permission to use the technologies to speed up complex tasks, get tailored answers to full-sentence questions, or draft content like marketing emails. However, the growing use of LLMs creates […]

[…] jurisdictions. This Report outlines how the three chosen frameworks are similar and where they are different in a number of key areas, including: Underlying Legal Basis for Use of Contractual Framework Core Party Obligations Data Subject and Third Party Rights Response to Government Requests Relevance to Cross-Border Enforcement Permissibility of Modifications This Report also […]

[…] to clarify and differentiate between different types of data, including personal and non-personal information. This clarification will aid companies’ compliance strategies to align their collection, storage, and use of data with data protection regulations. Furthermore, specifying the types of data, especially personal data, could help DPAs to more efficiently protect and uphold data subject […]

[…] without privacy and security risks, including the risk of data breaches and unauthorized transactions. The US open banking ecosystem can also be confusing for customers wishing to use these products and services as well as the organizations that provide them, including in areas related to: Parties’ roles and responsibilities: Open banking involves multiple parties, […]

[…] data processing practices and to protect the security of consumer data, but it would not require businesses to conduct risk assessments or adhere to data minimization and use limitation standards. The Iowa bill would provide for exclusive enforcement authority by the State Attorney General; businesses would have a 90-day right to “cure” any and […]

[…] rights in the US: 1. Support for Congressional efforts to pass a comprehensive federal privacy law that includes limitations on data collection, heightened safeguards for sensitive data use, support for socially beneficial research, and protections for civil rights, including protections regarding automated decision-making that has legal or similarly significant effects. 2. Support the administration […]