In the absence of a federal comprehensive privacy law, states have been enacting their own in a sort of domino effect, creating a patchwork of compliance laws with their own nuances. The Texas Data Privacy and Security Act (TDPSA) is one of those new laws and goes into effect July 1, 2024, bringing Texas into the fold of U.S. states with a comprehensive data privacy law. While the TDPSA is similar to existing state data privacy laws, it has a unique threshold requirement that may broaden its reach compared to other states. Below are some key considerations that covered businesses should take into account to get ready for compliance with this upcoming new law. Read the full Alert on the Duane Morris website.
Generative AI in Healthcare: Promise and Pitfalls
Generative artificial intelligence remains a hot topic in legal and healthcare circles, but the conversation has shifted from the initial wonder of “What can it do?” to the present cautiousness of “What should it not do?” One reason for this shift came in March 2023, when Google revealed the newest version of its Med-PaLM, a Large Language Model that passed the United States Medical Licensing Examination with an 86.5% accuracy rate. A 2022 version had achieved a 67.2% accuracy rate, also a passing score.
Read the full article by Matthew Mousley on the Wharton Healthcare Quarterly website.
District Court Reaffirms Dismissal of Wiretapping Claims Under California Invasion of Privacy Act
On the heels of holding that defendants’ use of session replay software did not constitute a violation of the California Invasion of Privacy Act, Judge William Alsup in Williams v. What If Holdings LLC and ActiveProspect Inc. has now denied the plaintiff’s request for leave to amend. In doing so, the court reaffirmed its previous holding that the plaintiff’s allegations only established that ActiveProspect’s use of session replay software functioned as a tool that supported What If’s management of its own website data, and not as a means of eavesdropping and aggregating information for ActiveProspect’s own purposes.
Read the full Alert on the Duane Morris LLP website.
Website Tracking Technology Risks
As companies take advantage of new technologies in their interactions with customers and employees, they need to be mindful of the risks associated with implementation of those types of systems. This is especially true in the realm of federal and state privacy statutes, which in some instances have been created recently to address privacy concerns. There are also existing laws that are now being applied in a different context.
Read the Law360 article on the Duane Morris LLP website.
Nevada Privacy Law Takes Effect October 1: Is Your Company Compliant?
The newest Nevada privacy law, SB 220, is about to become operative on October 1, 2019, and will require website operators to provide consumers with the right to opt out of the sale of their personal information. The definition of what constitutes a “sale” is fairly narrow and includes several broad exclusions. Therefore, this opt-out provision is likely to apply only in narrow circumstances. However, businesses that may be covered by this new law will need to complete the following items prior to October 1:
- Determine whether the law applies to your business.
- Confirm compliance with existing consumer notice requirements.
- Establish a designated request address where consumers may submit a verified request to opt out of the sale of their covered information.
- Develop policies, procedures and processes for verifying and responding to requests within 60 days.
Please see our Alert for a detailed discussion of this law and when it applies.