The European Union’s General Data Protection Regulation (GDPR) first launched the concept of data minimization, which states that a data controller should limit the collection of personal information to what is directly relevant and necessary to accomplish a specified purpose. This seems like a simple concept: an entity should only collect personal information that is
Robinson+Cole's Data Privacy + Cybersecurity Team
Colorado Attorney General Issues Data Security Best Practices Guidance Document
The office of the Colorado Attorney General, Phil Weiser, recently issued a data security best practices guidance document as part of his office’s role in “implementing and enforcing data security and data privacy laws.” In recent remarks on Data Privacy Day on January 28, 2022, the Attorney General (the AG) discussed the upcoming rulemaking process…
FERC Seeks to Tighten Cyber Security for Electric Grid Cyber Systems
The Federal Energy Regulatory Commission (FERC) is tasked with keeping our electric grid safe and maintaining reliable and secure energy for U.S. consumers. On January 20, FERC issued a Notice of Proposed Rulemaking (NOPR) that proposes to strengthen its Critical Infrastructure Protection Reliability Standards by requiring internal network security monitoring for high and medium impact…
Mobile Health Apps and the FTC’s Health Breach Notification Rule: New Enforcement Initiative Coming
Mobile health apps are growing in popularity and their number is increasing every year. Many of us find it convenient to use an app to schedule medical appointments, check medical records, track and store health data, and check symptoms. App developers have always needed to be mindful of protecting the privacy of the information that…
Recent CCPA Enforcement Actions Highlight the Importance of a CCPA-Compliant Privacy Policy
This is the time of year for thought pieces reflecting on the past year or so to speculate on the hot topics for next year. I began to wonder about California Consumer Privacy Act (CCPA) enforcement actions over the past year as this was something that we speculated about not that long ago. The California…
Homeland Security Announces “Hack DHS” Program
The Department of Homeland Security (DHS) announced a “bug bounty” program on December 14, 2021, called “Hack DHS.” Yes, you read that right. DHS is actually going to invite select cybersecurity “hackers” to try to hack into its systems. DHS created the program to “identify potential cybersecurity vulnerabilities within certain DHS systems and increase the…
Smart Health Cards, Vaccine Passports, and Privacy
Massachusetts Governor Charlie Baker and Rhode Island Governor Dan McKee recently announced that they are considering implementing vaccine passport programs in their respective states. Baker stated that he is working with other states to use a QR code system that allows users to scan to verify vaccination status. In Rhode Island, the Department of Health…
How Creepy Is That New Product? Mozilla’s *privacy not included Privacy Guide Will Tell You
It’s that time of year again when we start to think about holiday gifts and Black Friday shopping. So as any good privacy pro knows, the Mozilla *privacy not included guide is the place to go to learn about the “creepiness” of the latest toy or gift that you are looking to buy.
This year,…
Phoenix Children’s Hospital Faces Privacy Lawsuit Over Inadvertent Release of Vaccine Exemption Information
An apparent email snafu has led to the filing of a putative class action against the Phoenix Children’s Hospital. The allegations stem from an email that was allegedly sent out to 368 people that outlined the protocols for employees with approved COVID-19 vaccine exemptions. The email set forth the protocols related to accommodations for such…
Meta Announces the End of Facial Recognition Technology on Facebook
The Facebook company now known as Meta announced this week that it is shutting down the Face Recognition system on Facebook. Meta stated that this is part of a company-wide move to limit the use of facial recognition technology in its products. What does this mean? If you have a Facebook page and you previously…