Does MHMD apply to my entity?MHMD applies companies and non-profits that control “consumer health data” and do not fall within the exceptions noted below.  “Consumer health data” is personal information that is linked or reasonably linkable to a Washington state resident or a person whose consumer health data is collected in Washington, and the personal

Does your business process sensitive data, such as data related to consumer health, precise geolocation, biometrics or children? As an initial matter, if you aren’t sure whether or how your business processes sensitive data, you should conduct a data inventory. In addition to helping to identify the company’s data practices, data mapping helps companies reasonably

Traditional Health Data Breaches Are ContinuingBreaches of healthcare systems are continuing at an aggressive pace. According to Emsisoft Malware Lab, so far this year, at least 25 healthcare providers operating 290 hospitals have been impacted by ransomware. A recently published security industry report by the Ponemon Institute and IBM Security states that, for the

FCC Rule Set to Require “One-To-One” Written Consent on Lead Generator WebsitesOn November 22, 2023, the Federal Communications Commission issued a proposed rule that likely will considerably alter the online lead generation industry, including the use of comparison shopping websites. The proposed rule addresses a number of areas, but, notably, the rule would require texters

FTC Adds Data Breach Reporting Requirement to Its GLB Safeguards Rule Applicable to Nonbank Financial InstitutionsNotification Event
The new amendment to the Safeguards rule requires notification to the FTC upon discovery of a “notification event,” which is a defined term that deviates from existing terminology and arguably requires notification in a broad set of circumstances.

FTC and HHS Alert Parties in the Health Arena that Tracking Technologies Pose Privacy and Security RisksLast week, the FTC and HHS’ Office for Civil Rights (OCR) sent a joint letter to approximately 130 hospitals and telehealth providers concerning the privacy and security risks related to the use of online tracking technologies integrated into their