Hintze Law Attorneys Mike Hintze and Jevan Hutson recognized by The Best Lawyers in America 2024

in

Hintze Law PLLC is delighted to announce that Mike Hintze, Member Partner, and Jevan Hutson, Associate, have been recognized by Best Lawyers®. Mike is recognized in The Best Lawyers in America® 2024 edition under the category of Information Technology Law and Technology Law for his work in privacy and data security. Jevan is recognized in the 2024 Best Lawyers: Ones to Watch in America for his work in Privacy and Data Security Law.

Read More

Hintze Law Associate Jevan Hutson Recognized as Super Lawyer

in

Please join us in congratulating, Jevan Hutson, Associate at Hintze Law PLLC, for earning recognition as 2023 Washington Rising Star by Super Lawyers, part of Thomson Reuters. Jevan is a Certified Information Privacy Professional (CIPP) and Certified Information Privacy Manager and key member of Hintze’s Cybersecurity & Breach Response Group and the Artificial Intelligence and Machine Learning Group. His recognition stems in part from his role as a respected expert and thought leader on artificial intelligence (AI) and machine learning (ML) ethics, law, and policy.

Read More

Hintze Law Receives DEI Roundtable Law Firm Diversity Award

in

By Ro Friend & Susan Hintze

Here at Hintze Law, we are thrilled and honored to announce that through a nomination by LinkedIn, we have been awarded the DEI Roundtable Law Firm Diversity Award for our commitment to diversity, equity, and inclusion. The DEI Roundtable consists of legal counsel from tech leaders AirBnB, ByteDance/TikTok, Google, LinkedIn, Meta, Microsoft, Snap, & ZenDesk and provides a platform for fruitful discussions about how we can collectively support and improve diversity in our community.

Read More

FTC and HHS Warn Healthcare Providers about Risk of Tracking Technologies

in , ,

By Sheila Sokolowski and Kate Black

In a joint letter sent to 130 hospital systems and telehealth providers, the Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services (HHS) warned health care providers, both those covered by HIPAA and those not, about their potential to violate the HIPAA Rules, FTC Act and FTC Health Breach Notification Rule (HBNR) when they use technology that tracks users’ activities on their websites and apps. 

Read More

CA AG Investigative Sweep for Employer Compliance with CCPA

in

By Jennifer Ruehr

The California Attorney General announced on Friday, July 14 that it has initiated an investigative sweep of California employers’ compliance with the California Consumer Privacy Act (CCPA) as it applies to employees and applicants. This action serves as a reminder that organizations need to ensure that they have taken steps to comply with CCPA’s numerous requirements as they apply to employee and applicant personal information.

Read More

Washington My Health My Data Act - Part 9: The Attorney General’s Guidance

By Mike Hintze

On Friday, June 30, the Washington State Office of the Attorney General (OAG) published its expected guidance on the Washington My Health My Data Act (MHMDA or the Act) in the form of seven “frequently asked questions.” Given the many ambiguities in the Act, this guidance has been eagerly awaited in the hope that it would provide some much-needed clarity.  And while it addresses one of the biggest areas of ambiguity and concern (the effective dates) and provides some useful insights into a handful of others, it, unfortunately, left many questions unanswered.

Read More

FTC Takes Action Against Education Technology Provider Edmodo

in ,

By Amy Lanchester

On May 22nd, 2023, the Federal Trade Commission (FTC) issued a proposed order against Edmodo, LLC (“Edmodo”), a California-based education technology provider, for allegedly violating the FTC’s Children’s Online Privacy Protection Rule (“COPPA Rule") by illegally collecting the information of children and using that information for advertising, and for allegedly violating Section 5 of the FTC Act by unfairly burdening schools and teachers with COPPA-compliance responsibilities. In a first for an FTC order, Edmodo is prohibited from requiring students to hand over more personal data than is reasonably necessary to participate in online educational activities.

Read More

Washington My Health My Data Act - Part 8: Notice Obligations

in , ,

By Mike Hintze

When it comes into effect, the Washington My Health My Data Act (MHMDA or the Act) will impose new privacy notice obligations on regulated entities. The Act requires specific privacy disclosures relating to data that meets the very broad definition of “consumer health data.” It appears to require regulated entities to draft, post, link to, and maintain a separate “Consumer Health Data Privacy Policy” that will be largely, but not entirely, redundant of their existing privacy statement(s).

Because the Consumer Health Data Privacy Policy will be publicly available and easily scrutinized by plaintiffs’ lawyers and the Washington Attorney General, mistakes implementing this obligation are likely to be a key source of costly and disruptive litigation. Regulated entities will therefore need to take great care in meeting the Act’s notice requirements which are, in some respects, unusual and unexpected. 

Read More

Washington My Health My Data Act – Part 7: Biometric Data

in , ,

By Mike Hintze & Jevan Hutson

Biometric data is among the broad range of “consumer health data” regulated by the Washington My Health My Data Act (MHMDA). In light of MHMDA’s broad definition of biometric data, GDPR-level consent requirements, new obligations, and private right of action, the Act dramatically changes and complicates the regulation of biometric data in Washington state and is poised to become the most disruptive change in U.S. biometric privacy law since Illinois’ BIPA.

Read More

Washington My Health My Data Act - Part 6: Data Subject Rights

in , ,

By Mike Hintze

The Washington My Health My Data Act provides consumers with several rights, including a right of access, a right to delete, a right to withdraw consent, and a right to not be discriminated against for exercising their rights. While each of these rights can be found in other privacy laws and so, at a high level, do not seem particularly surprising here, the ways they are included in this Act are unique, create uncertainty, and in some cases go well beyond what exists in any other privacy law.  As a result, regulated entities seeking to comply with them will face difficult, costly, and disruptive implementation challenges (and with respect to the deletion right, the potential for catch-22 situations where full legal compliance may be impossible). These challenges, along with the Act’s private right of action, set up a significant risk of expensive legal claims and litigation.

Read More

Washington My Health My Data Act - Part 5: Consent Requirements

in , ,

By Mike Hintze

When it comes into effect, the Washington My Health My Data Act will impose strict consent requirements on a wide range of common data collection and processing activities. In essence, the Act requires affirmative (opt-in) consent for any collection, use, disclosure, or other processing of consumer health data beyond what is necessary to provide a consumer-requested product or service. For anything that could be considered a data “sale,” the authorization requirements are so onerous and risky that they, in effect, create a prohibition.

Read More

Washington My Health My Data Act - Part 4: Effective Dates

in , ,

By Mike Hintze

Yesterday the amended Senate version of the Washington My Health My Data Act was approved by the Washington State Legislature. Now that it is a near certainty the Act will become law in its current form, entities subject to the Act need to start preparing to comply. The key factor in determining deadlines for having compliance measures in place is the effective date of the Act. The Act purports to come into effect on March 31, 2024 (and for small businesses, three months later on June 30, 2024). However, contrary to stated legislative intent, and due to what one can only conclude is, at least in part, a drafting error, some of the key substantive provisions of the Act may come into effect much sooner than expected - as soon as July 2023. 

Read More

Washington My Health My Data Act - Part 3: The Scope of Entities and Consumers Captured by the Act

in , ,

By Mike Hintze

The Washington My Health My Data Act applies to “regulated entities” that collect or process “consumer health information” from “consumers.” Part two of this series addressed the definition of “consumer health data” and how that definition results in a scope of applicability that is far beyond what we might typically think of as sensitive health data. But the other two above-quoted defined terms – “regulated entity” and “consumer” also result in a very broad (and in some ways surprising) scope and impact. 

Read More