Category: Data Protection and Privacy

A new scheme is in place to allow U.S. organisations to import and use personal data from the European Union – should every business rush to sign up?

On 10 July 2023, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”). The adequacy decision is designed to relieve U.S.-based businesses and other institutions and organisations that choose to participate in the DPF from legal uncertainties and administrative burdens continue reading...

California Attorney General Announces New Investigative Sweep Targeting CCPA Compliance for “Large California Employers”

On July 14, 2023, the California Attorney General announced an investigative sweep targeting CCPA compliance efforts by “large California employers.” The Attorney General’s Office stated that it sent inquiry letters to large California employers “requesting information on the companies’ compliance with the California Consumer Privacy continue reading...

FTC Takes First Enforcement Action for Violation of the Health Breach Notification Rule – A Federal Health Privacy Rule Beyond HIPAA

On February 1, 2023, the Federal Trade Commission (FTC) filed a complaint in the U.S. District Court for the Northern District of California alleging that digital health platform GoodRx violated the FTC Act by repeatedly sharing personal health information with advertising companies and platforms, such as Facebook continue reading...