Privacy & Cybersecurity Newsletter

April 2023

Locke Lord's Privacy & Cybersecurity Newsletter provides topical snapshots of recent developments in the fast-changing world of privacy, data protection and cyber risk management. For further information on any of the subjects covered in the newsletter, please contact one of the members of our privacy and cybersecurity team.

In This Issue

State Privacy Update – Iowa, California, and the NAIC
Read new privacy updates regarding policies in Iowa and California, as well as an update to the NAIC Consumer Privacy Protections Model Act (#674). read more

The Illinois Supreme Court Goes to White Castle…
The Illinois Supreme Court started off 2023 answering two long-awaited and lingering questions about the reach and scope of the Biometric Information Privacy Act (“BIPA”). The Court’s decisions in Tims v. Black Horse Motor Carriers, Inc. and Cothron v. White Castle System, Inc. undoubtedly increase the litigation exposure for companies conducting business in Illinois and using biometric data of Illinois residents. read more

UK Online Safety Bill
The UK Online Safety Bill (OSB) is still before Parliament, but if passed, it would implement a transformative change to the legal responsibilities and accountability of online providers of user-generated content and search engines. The main objectives of the OSB are to protect children, prevent illegal content, provide users with greater control over what they see and how they interact with other users, require service providers to remove material that breaches their own terms of service, and establish a duty to prevent fraudulent advertising. read more

The NIS2 Directive: Towards a Firmer EU-wide Cybersecurity Framework
At the end of 2022, the European Parliament adopted the “Directive on measures for a high common level of cybersecurity across the Union” or the “NIS2 Directive” in short. This new Directive must be implemented by all EU Member States by October 17, 2024, and replaces the former “Network and Information Security Directive” (the “first NIS Directive”), which dates from 2016. read more

2022 HIPAA Enforcement Update – OCR Continues Focus on Rights of Access
In 2022, the Department of Health and Human Services, Office for Civil Rights (OCR) announced eighteen settlement agreements to resolve allegations of Health Insurance Portability and Accountability Act (HIPAA) violations. read more

HHS Publishes Proposed Rule on Confidentiality of Substance Use Disorder Records
The Department of Health and Human Services (HHS) on December 2, 2022 proposed a substantial revision of the regulations governing the confidentiality of Substance Use Disorder records. These changes could mean less administrative burden for providers and more comprehensive care for patients. read more

TSA & Cybersecurity – More than Just Putting Your Laptop Through the X-Ray Machine
When most people hear of the Transportation Safety Administration (“TSA”), they typically think of long lines at the airport, and certainly not cybersecurity. But cybersecurity is top of mind for the TSA these days. read more