Protected Health Information

Our colleague Brian G. Cesaratto at Epstein Becker Green has a post on the Technology Employment Law Blog that will be of interest to our readers in the financial services industry: “Washington State Considers Comprehensive Data Privacy Act to Protect Personal Information.” Following is an excerpt:

Washington State is considering sweeping legislation (SB 5376) to govern the security and privacy of personal data similar to the requirements of the European Union’s General Data Protection Regulation (“GDPR”). Under the proposed legislation, Washington residents will gain comprehensive rights in their personal data. Residents will have the right, subject to certain exceptions, to request that data errors be corrected, to withdraw consent to continued processing and to deletion of their data. Residents may require an organization to confirm whether it is processing their personal information and to receive a copy of their personal data in electronic form.

Covered organizations will be required to provide consumers with a conspicuous privacy notice disclosing the categories of personal data collected or shared with third parties and the consumers’ rights to control use of their personal data. Significantly, covered businesses must conduct documented risk assessments to identify the personal data to be collected and weigh the risks in collection and mitigation of those risks through privacy and cybersecurity safeguards. …

Read the full post here.