Health Law Highlights

2024 Privacy Compliance: Are You Ready For It?

From InfoLawGroup LLP, by Justine Young Gottshall:

  • New State Privacy Laws: In 2024, Texas, Oregon, Florida, and Montana will implement new privacy laws, requiring businesses to update their policies, intake forms, and responses, and obtain opt-in consent for sensitive data collection. Similar laws will take effect in Delaware, New Hampshire, New Jersey, and Tennessee in 2025.
  • Compliance with Existing State Privacy Laws: Companies should ensure compliance with Privacy Impact Assessments (PIAs), Data Processing Agreements, Universal Opt-Out mechanisms, Web Accessibility Compliance, and conduct annual biometric reviews, especially in areas involving online advertising, use of AI, and handling of sensitive data.
  • New Health Data Laws: Washington and Nevada will introduce laws affecting companies collecting health data, requiring comprehensive compliance measures and specific authorizations. Florida’s law will apply to limited businesses with specific revenue and operational criteria.
  • Machine Learning and AI Use: The FTC is increasing scrutiny on the use of personal data in AI tools. Companies should review vendor agreements, create internal policies, and ensure responsible use of data, particularly sensitive data.
  • Data Collection from Minors: New laws and regulations affecting data collection from minors are expected. Companies should ensure compliance with existing laws and prepare for upcoming ones in Connecticut, Utah, Louisiana, and Florida. The FTC is also proposing updates to the COPPA Rule.