On December 27, 2024, the United States Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), issued a proposed rule to improve data protection measures in the healthcare sector.
Learn more about the proposed rule on our legal update on nortonrosefulbright.com.
Latest from Data Protection Report - Page 2
Online Safety Act: Protecting Children from Harmful Content Online – Ofcom’s Guidance on Age Assurance for Part 3 Services
Ofcom has published its guidance for implementing age assurance measures for regulated service providers. User-to-user (U2U) services and search services take note: a decision not to implement highly effective age assurance measures means that your service may be deemed by Ofcom to be accessible by children.
FTC finalizes COPPA rule amendments
On January 16, 2025, the Federal Trade Commission (FTC) announced significant amendments to the Children’s Online Privacy Protection Act (COPPA) Rule after a comprehensive review that began in 2019. This marks the first major update since 2013 and represents a robust effort to address the evolving digital landscape and growing concerns over the monetization of
$3 million HIPAA Settlement
On January 14, 2025, the U.S. Department of Health and Human Services (“HHS”) entered into a settlement agreement relating to alleged HIPAA regulation violations with Solara Medical Supplies LLC, a direct-to-consumer distributer of continuous glucose monitors, insulin pumps, and other supplies to patients with diabetes. Solara is a Covered Entity under HIPAA. The settlement agreement
New Horizons in Data Protection: Malaysia’s Personal Data Protection (Amendment) Act 2024
On 24 December 2024, Malaysia’s Minister of Digital stipulated the dates on which the provisions of the Malaysian Personal Data Protection (Amendment) Act 2024 (Amendment Act) will come into force. The Amendment Act will take effect in three tranches, which we summarise and discuss below with thanks to Malaysian law firm Skrine.
This development marks
CSA releases guidance on the use of artificial intelligence in capital markets
On December 5, 2024, the Canadian Securities Administrators (CSA) released CSA Staff Notice and Consultation 11-348 – Applicability of Canadian Securities Laws and the Use of Artificial Intelligence Systems in Capital Markets (the Notice). The Notice was issued in light of the continued growth in the use of artificial intelligence (AI) systems in capital markets,
The EDPB Opinion on training AI models using personal data and recent Garante fine – lawful deployment of LLMs
The final days of 2024 were very eventful in the world of AI and data protection: the European Data Protection Board (EDPB) published its Article 64 General Data Protection Regulation (GDPR) opinion on training AI models using personal data (the EDPB Opinion). Two days later, the Italian Garante per la Protezione dei Dati Personali (Garante)
Two HIPAA settlements, $1.6 million in penalties
On December 4, 2024, HHS announced an agreement with Gulf Coast Pain Consultants calling for payment of $1.1 million in civil penalties due to alleged lack of compliance with HIPAA’s security requirements. Two days later, HHS announced an agreement with Children’s Hospital Colorado for payment in excess of $500,000 for some HIPAA security issues that
Facial recognition and privacy: Updated OAIC guidance
The Office of the Australian Information Commissioner (OAIC) has issued guidance to private sector organisations who are considering using facial recognition technology (FRT) for identification purposes in commercial or retail settings. The guidance follows a determination of the Privacy Commissioner which found that the use of FRT by a retailer breached the Privacy Act 1988
Australian Privacy Alert: Parliament passes major and meaningful privacy law reform
On 29 November 2024, the first tranche of sweeping Australian privacy reforms under the Privacy and Other Legislation Amendment Bill 2024 (Cth) (Bill) passed both Houses of Parliament. We previously considered the Bill when it was tabled on 12 September 2024. In this update, we summarise some of the key changes to the Privacy Act 1988 (Cth)