On July 18, 2023, Oregon joined the growing number of states in signing into law comprehensive data privacy legislation. Effective July 1, 2024, the Oregon Consumer Privacy Act (the OCPA or the Act) will create meaningful privacy protections for Oregon consumers and new data protection obligations for businesses operating in Oregon.
Consumer health data, as defined by the Act, encompasses a wide range of personal information linked to or reasonably could identify a consumer’s past, current, or future physical or mental health status consumer's physical or mental health status. Examples include individual health conditions, treatments, genetic data, diseases, diagnosis, use or purchase of prescribed medications, vital signs, bodily functions, symptoms, genetic data, biometric data, and more!
Equinox Business Law Leagal Update: The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) created new privacy rights for consumers and data protection obligations for businesses operating in California. The CPRA, which went into effect on January 1, 2023, includes additional protections for consumers, employees, and small and non-profit businesses, and establishes a new government agency for data privacy enforcement. The CPRA applies to businesses with a gross annual revenue exceeding $25 million, those that buy, sell, or share personal information of more than 100,000 consumers or households per year, or those that derive 50% or more of their annual revenues from selling or sharing consumers' personal information. Businesses need to update their collection notices, privacy policies, opt-out notices, and financial incentive notices and implement proactive risk-based controls. The best way to prepare for compliance is to perform a data audit, map out data flows, construct a privacy policy, and establish good data hygiene processes.
We’ve all heard about cybersecurity risks and the increasing sophistication of hackers seeking to access our data. Small businesses are particularly at risk because they often don’t have sophisticated systems in place. The increasing work-from-home environment due initially to COVID-19, but likely to continue in the future, created even more access. Employees may use their... View Article
With the ever-changing landscape of data privacy, leaders need to stay updated on U.S. data privacy activity. We’ve seen the passing of the CCPA and NY SHIELD Act, and 2020 has seen a significant amount of activity and continued momentum going into next year. We have been keeping a close eye on the proposed changes... View Article
Sweeping new data privacy laws in several states – California, New York, and Nevada – could impact your business. However, you may not be aware that your business may be covered under these privacy laws, even if it does not have a presence in these states. You can take action now by determining whether and... View Article
Data privacy and the protection of personal data will be a defining feature of 2020. States are taking matters into their own hands by passing sweeping new privacy laws, which will impact business owners and website operators across the country. Keep reading for a summary of privacy law activity that business owners may need to... View Article
“Cybersecurity is a business problem, not a technical problem.” – Kip Boyle, CEO of Cyber Risk Opportunities, LLC and Author of Fire Doesn’t Innovate: The Executive’s Practical Guide to Thriving in the Face of Evolving Cyber Risks As a business owner, you may disagree with that statement. After all, the responsibilities associated with data privacy and... View Article
In an increasingly connected global marketplace, data for many companies has become simultaneously one of the greatest assets and one of the greatest risks. Data privacy and cybersecurity are rapidly shooting to the top of the list of concerns that keep business owners and CEOs up at night. According to Deloitte’s 2018 Global Risk Management... View Article