Data Privacy & Security In the News | June 2024
Last month, we shared lots of privacy-related news, and we have a bit more to share.
Nebraska, has enacted its own Data Privacy Act.
Colorado’s Privacy Act has had “Neural Data” added to its protective covering.
Colorado has also signed a new “AI Act” into law that requires private-sector users of AI programs that are used in making business decisions to “take steps to avoid algorithmic discrimination and to document those efforts.” It further requires disclosures when that system interacts with consumers. The law goes into effect February 1, 2026, giving developers and employers time to figure out how to comply. Five other states have AI-related legislative initiatives in the works: California, Georgia, Hawaii, Illinois and Washington state.
The Illinois Senate have now both passed bills amending the state’s Biometric Information Privacy Act (“BIPA”) to clarify that multiple instances of “capturing” the same biometric information would count as one infraction. This is being done to try to hold down “runaway damage awards.” The bill can now become effective immediately when signed by the governor.
The California Privacy Protection Agency has put out an enforcement advisory – its first –stipulating that businesses collect only the minimum personal data needed to conduct whatever business is at hand.
The FTC has ordered an unnamed online mental health provider to pay over $7 million for violating the FTC act that covers marketing of data security practices, which the FTC says were deceptive – and defective, as they exposed private data of “hundreds of thousands of patients.”
The HHS Office of Civil Right (OCR) has enacted a “final rule” to support reproductive health care privacy. The primary thrust appears to protect abortion rights.