Author: PBA Cybersecurity and Data Privacy

The Pennsylvania Cybersecurity and Data Privacy Committee analyzes cybersecurity issues and educates PBA members about legal, regulatory and industry standards that preserve the confidentiality of protected information.

First CCPA Enforcement Action Sheds Light on Definition of “Sale of Data”

California Attorney General Rob Bonta announced the state’s first California Consumer Protection Act (CCPA) enforcement action this week. The Office of the Attorney General (OAG) released their proposed final judgment and permanent injunction against Sephora, stating that Sephora not only violated the CCPA’s “Do Not Sell” provisions and ignored Global Privacy Control (GPC) signals, but
Read More »

FTC Publishes ANPR for Public Comment on Commercial Surveillance and Harmful Data Security Practices

On August 22nd, the Federal Trade Commission (FTC) filed an Advanced Notice of Proposed Rulemaking (ANPR) to the Federal Register, starting the 60-day public comment period. The ANPR was published to “request public comment on the prevalence of commercial surveillance and data security practices that harm consumers.” Spanning 95 questions, the enumerated list of topics
Read More »

Updated DHHS OCR Guidance on Health Information Privacy After Dobbs

Medical providers across the United States have been scrambling to make sense of their professional responsibilities and corresponding liability risks in the wake of the Supreme Court’s ruling on Dobbs v. Jackson Women’s Health Organization. As was discussed here previously, the decision threatens to undermine the healthcare system as a whole, jeopardizing health information privacy
Read More »

One Step Closer to Federal Data Privacy Law Reform: H.R. 8152, the American Data Privacy and Protection Act (ADPPA)

Several bills have been under consideration by legislators in Washington, D.C., and the US Federal Privacy Legislation Tracker (hosted at IAPP) is a good starting point for those looking to get caught up. There have been several bills, but the major ones under deliberation have been the Consumer Data Privacy and Security Act of 2021
Read More »

A Post-Roe Future Presents Heightened Data Privacy Risks with FemTech

To call the forthcoming Supreme Court of the United States decision in Dobbs v. Jackson Women’s Health Organization “much anticipated” would be a gross understatement. On May 2, 2022 the draft opinion penned by Justice Alito that appeared in Politico shocked the nation. If such an opinion is ultimately issued by the Roberts Court, it
Read More »