January 28th marks Data Privacy Day which commemorates the signing of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.  This international treaty is the first of its kind to address privacy and data protection.

Strong privacy and cybersecurity safeguards are paramount to the success of companies and the consumers they serve.  These issues are so critical they took center stage at the annual Consumer Technology Association’s Consumer Electronics Show (CES) held earlier this month where tech companies of all sizes promoted their “privacy first” products and services.

Today we, Epstein Becker Green (EBG), are reminded about our commitment to support clients strengthen their privacy and cybersecurity programs.  EBG continues to help countless clients to navigate complex federal, state and international laws governing personally identifiable information (PII) and protected health information (PHI).

In that spirit of Data Privacy Day, we are sharing three key areas to watch in 2020:

  1. States are Aggressively Legislating around Privacy and Cybersecurity

Legislation at the state level is just beginning.  Leading the charge on January 1, 2020, the California Consumer Privacy Act (CCPA) went into effect.  Other landmark legislation including the New York Stop Hacks and Improve Electronic Data Security Act (SHIELD) Act and Nevada’s privacy bill (SB-220) are also in effect.  Many other states are actively considering legislation as well.  Specifically, we recommend watching Washington State’s efforts to pass the Washington Privacy Act (SB-6281).  We anticipate other states will model their legislation based on experiences with these early state laws.

  1. Federal Legislation is Needed to Fill Large Gaps in Privacy Regulation

Rapidly changing consumer sentiment about privacy coupled with aggressive state legislation is putting pressure on the U.S. Congress to pass an overarching privacy law to unify an otherwise fragmented privacy rules.  Nearly a dozen federal bills have already been proposed going into the 2020 Congressional year, with more expected to follow.  We recommend considering these possibility disruptive federal legislation efforts when updating privacy and cybersecurity programs moving forward.

  1. Privacy Laws are Increasingly Putting Consumers in Control of their Data

Trends in state and federal laws are increasingly empowering individuals with rights to transparency and control over how their data is collected, used and shared.  In particular, the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC) appear poised to finalize proposed rules regarding the secure access, exchange, and use of electronic health information.  To be positioned for these changes, we recommend that entities take stock of what data they collect, where it is stored, and how to build mechanisms to respond to data exchange requests in a timely manner.

As we continue into 2020, remember that compliance in these areas is a marathon, not a sprint.  An ounce of prevention equals a pound of cure.

Back to Health Law Advisor Blog

Search This Blog

Blog Editors


Related Services



Jump to Page


Sign up to receive an email notification when new Health Law Advisor posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.