Neurotechnology, like wearable EEG headbands and invasive brain implants, collects information from electrical nerve impulses and brain waves derived from your brain, spinal cord, or nervous system. This information, or neurodata, is valuable, unique, potentially individually identifiable, and has the potential to provide access to a person’s memories, biases, and intentions. (For more information, see […]
HHS and FTC Fire a Warning Shot at Healthcare Companies Using Online Tracking Technologies
On July 20, 2023, the Office for Civil Rights (“OCR”) of the U.S. Department of Health and Human Services (“HHS”), and the Federal Trade Commission (“FTC”) published a joint letter sent to approximately 130 hospital systems and telehealth providers. The FTC/OCR letter warns that certain online tracking technologies that “may be present” on the recipients’ […]
HHS and FTC Expanding Technology, Privacy, and Cybersecurity Divisions
In recent weeks, FTC and HHS have announced expansion of the operational areas of their organizations that are dedicated to enforcement of laws and regulations related to technology, privacy, and cybersecurity. On February 17, 2023, the FTC announced the creation of a new Office of Technology in order to “strengthen the FTC’s ability to keep […]
Sephora Ordered to “Make-Up” for CCPA Violations
On August 24, 2022, California Attorney General Rob Bonta announced a $1.2 million dollar settlement with Sephora to account for alleged violations of the California Consumer Privacy Act (CCPA). This is the first CCPA enforcement action taken by the California AG that has resulted in a fine and settlement. The Attorney General’s Complaint alleged Sephora […]
Department of Labor Issues Cybersecurity Guidelines
On April 14, 2021, the U.S. Department of Labor announced new cybersecurity guidance for plan sponsors, plan fiduciaries, record-keepers, and plan participants. The guidance is specifically “directed at plan sponsors and fiduciaries regulated by the Employee Retirement Income Security Act, and plan participants and beneficiaries” and is intended to mitigate cybersecurity risks to pension plans […]