As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our Top 10 most popular topics from 2023.
- States Passing Comprehensive Privacy Laws
There was a landslide of comprehensive state privacy laws passed in 2023, from coast to coast. The laws are similar in mandating requirements for businesses to allow consumers to access, correct, delete, and opt out of the collection of, their personal data.
- Delaware – Effective January 1, 2025
- Indiana – Effective January 1, 2026
- Iowa – Effective January 1, 2025
- Montana – Effective October 1, 2024
- Oregon – Effective July 1, 2024
- Tennessee – Effective July 1, 2025
- Texas – Effective July 1, 2024
In March 2023, the California Chamber of Commerce filed a Petition for Writ of Mandate and Complaint for Declaratory and Injunctive Relief against the California Privacy Protection Agency (CPPA), the agency tasked with implementation and enforcement of the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act (CCPA).
The writ sought to compel the CPPA to promptly adopt final regulations and seek to enjoin enforcement actions under the CPRA until 12 months after the adoption of final implementing regulations.
The hearing on the petition for Writ of Mandate was on June 30, 2023, the last day before enforcement was set to commence for the CPRA. Specifically, the superior court’s opinion discusses that the CPPA adopted the first set of regulations in 12 of the 15 areas needed on March 29, 2023.
New York’s Attorney General (“NYAG”) has made enforcement of the New York SHIELD Act an enforcement priority. The SHIELD Act requires organizations handling personal information related to New York residents to maintain reasonable safeguards to protect that information. Maintaining its focus on this area, the NYAG recently released a guide to help organizations strengthen their data security programs and “to put [them] on notice that they must take their data security obligations seriously, and at a minimum, take the reasonable steps outlined” in the NYAG’s guide
From UK Data Transfers to the NIST draft documents regarding cybersecurity, the fourth quarter wrap-up covered wide-ranging developments in data protection.
For many reasons, using digital information and communication technologies to deliver healthcare services can provide enormous benefits to the overall healthcare system. Indeed, predictions from many leaders in healthcare see expanded use of remote patient care and monitoring, along with other technologies such as artificial intelligence, robotics, and wearables.
- Immigration and Citizenship Status Add to Definition of Sensitive Information under California’s Consumer Privacy Act
California’s Governor Newsom signed Assembly Bill (AB) 947. Effective January 1, 2024, the bill will revise the California Consumer Privacy Act (CCPA) definition of “sensitive personal information” to include personal information that reveals a consumer’s citizenship or immigration status.
- HHS and FTC Send Joint Letter to 130 Hospital Systems, Telehealth Providers Re: Tracking Technologies
The Department of Health and Human Services and the Federal Trade Commission have sent a joint letter to approximately 130 hospital systems and telehealth providers to emphasize the risks and concerns about the use of technologies, such as the Meta/Facebook pixel and Google Analytics, that can track a user’s online activities.
- Virginia Passes Legislation Prohibiting the Use of Employees’ Social Security Numbers as Identifiers
Virginia’s governor approved Senate Bill 1040, which prohibits an employer from using an employee’s social security number or any derivative as an employee’s identification number. The bill also prohibits including an employee’s social security number or any number derived from the social security number on any identification card or badge.
The SEC has had a particular interest in cybersecurity in 2023, driving discussions in boardrooms and corporate security departments of large organizations about the handling and reporting of cybersecurity breaches.
On October 30, 2023, President Biden issued an Executive Order regarding the Development and Use of Artificial Intelligence across the federal government. The Executive Order (EO) is intended to establish new standards for AI safety and security. The EO builds on principles set forth last year in the White House’s Blueprint for an AI Bill of Rights.
The EO comes as states, like Connecticut, are also looking to address AI
Jackson Lewis will continue to track important developments in privacy, data management, and cybersecurity in the new year. If you have questions about these or other related issues contact a Jackson Lewis attorney to discuss.