Overview
During this webinar, McDermott Partners Elliot Golding and Amy Pimentel discussed state privacy law applicability to health, life sciences and financial services companies, as well as compliance requirements and enforcement risks. They also shared benchmarking and practical recommendations for designing and implementing privacy compliance programs.
Top takeaways included:
- This likely affects you: Most health and financial services companies have data that is NOT exempt from new state privacy laws (particularly in California, Colorado and Washington). That data includes certain online “cookie” data, marketing data, California employee and business contact data, and data collected outside the scope of the primary service offerings.
- The risks are real: State privacy laws have already been enforced against health and financial services companies. The Federal Trade Commission (FTC) and Office for Civil Rights (OCR) have also enforced laws related to online data.
- Next steps: All health and financial services companies should identify which data is subject to these laws and update their compliance programs. Although health and financial companies can leverage existing Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA) programs, they likely must supplement by updating privacy notices and contract terms, obtaining opt-in consent honoring new privacy rights and implementing new governance processes (such as training and documenting privacy impact assessments).
- Reach out with questions: McDermott has extensive experience working with health and financial companies to operationalize these requirements, and we have developed templates, guidance, playbooks and other tailored materials specifically for health and financial companies.
Contact Elliot, Amy or your regular McDermott lawyer to discuss how we can help.
View key takeaways from and recordings of other webinars in our New State Privacy Laws Series: