Does MHMD apply to my entity?MHMD applies companies and non-profits that control “consumer health data” and do not fall within the exceptions noted below. “Consumer health data” is personal information that is linked or reasonably linkable to a Washington state resident or a person whose consumer health data is collected in Washington, and the personal
The Matrix
Blog Authors
Latest from The Matrix
Five Key Privacy and Data Security Considerations Heading into 2024
Does your business process sensitive data, such as data related to consumer health, precise geolocation, biometrics or children? As an initial matter, if you aren’t sure whether or how your business processes sensitive data, you should conduct a data inventory. In addition to helping to identify the company’s data practices, data mapping helps companies reasonably…
Costs and the Recent Evolution of Healthcare Data Breaches
Traditional Health Data Breaches Are ContinuingBreaches of healthcare systems are continuing at an aggressive pace. According to Emsisoft Malware Lab, so far this year, at least 25 healthcare providers operating 290 hospitals have been impacted by ransomware. A recently published security industry report by the Ponemon Institute and IBM Security states that, for the…
FCC Rule Set to Require “One-To-One” Written Consent on Lead Generator Websites
FCC Rule Set to Require “One-To-One” Written Consent on Lead Generator WebsitesOn November 22, 2023, the Federal Communications Commission issued a proposed rule that likely will considerably alter the online lead generation industry, including the use of comparison shopping websites. The proposed rule addresses a number of areas, but, notably, the rule would require texters…
FTC Adds Data Breach Reporting Requirement to Its GLB Safeguards Rule Applicable to Nonbank Financial Institutions
FTC Adds Data Breach Reporting Requirement to Its GLB Safeguards Rule Applicable to Nonbank Financial InstitutionsNotification Event
The new amendment to the Safeguards rule requires notification to the FTC upon discovery of a “notification event,” which is a defined term that deviates from existing terminology and arguably requires notification in a broad set of circumstances.…
Lessons From Verizon's Cybersecurity FCA Self-Disclosure
According to the settlement agreement, Verizon was awarded three GSA contracts to provide various telecommunications services, including MTIPS. Because of the nature of the services provided, the GSA required, among other things, that the contracts comply with all critical capabilities set forth in the U.S. Department of Homeland Security’s relevant reference architecture document for…
The Legal Issues Surrounding Deepfakes
Deepfake technology is becoming more accessible to the average user and over time will improve and make deepfakes harder to detect, but the law and any recourse it would provide for those harmed by deepfakes is lagging behind. The outcome of the Young case will shed much needed light on how much protection, if…
FTC and HHS Alert Parties in the Health Arena that Tracking Technologies Pose Privacy and Security Risks
FTC and HHS Alert Parties in the Health Arena that Tracking Technologies Pose Privacy and Security RisksLast week, the FTC and HHS’ Office for Civil Rights (OCR) sent a joint letter to approximately 130 hospitals and telehealth providers concerning the privacy and security risks related to the use of online tracking technologies integrated into their…
Safeguarding Your Online Marketplace Against Bad Actors
On June 27, 2023, the Integrity, Notification, and Fairness in Online Retail Marketplaces for Consumers Act (INFORM Consumers Act) went into effect. The INFORM Consumers Act is intended to bring transparency to e-commerce transactions and deter sales of stolen and counterfeit goods online. The law has three mechanisms to achieve these goals:
…
Texas Enacts Data Privacy and Security Act
On June 18, 2023, Texas Governor Greg Abbott signed the Texas Data Privacy and Security Act (TDPSA) into law, making Texas the next state to enact a comprehensive state-wide data privacy statute. The TDPSA will take effect on July 1, 2024, and applies to businesses that produce a product or service that is “consumed”…