In the absence of a comprehensive federal data privacy law, state legislators continue to add to the often-contradictory array of laws aimed at protecting the security and privacy of their residents’ data. Very recently, Washington State’s My Health My Data Act was signed into law by Governor Jay Inslee in late April, Florida lawmakers passed Senate Bill 262 in early May, and the Tennessee Information Protection Act was signed into law earlier this month as well. While preparing this update, Montana’s enacted its Consumer Data Privacy Act on May 19th, which we will address in subsequent guidance due to its recency. These newly enacted state laws build upon the growing patchwork of laws enacted in California, Connecticut, Colorado, Virginia, and Utah, all of which we previously discussed here and here. Yet, among these state laws there is significant variety, including inconsistencies as to whether the laws allow for private rights of action, and whether the laws provide affirmative defenses and other incentives based on compliance with relevant best practices.
Blog Editors
Recent Updates
- NYDFS Cybersecurity Crackdown: New Requirements Now in Force, and "Covered Entities" Include HMOs, CCRCs—Are You Compliant?
- The Case for Regular Legal Maintenance: A Litigation Readiness Mindset for Modern Health Care Organizations
- The Rising Threats of Multi-Modal and Agentic AI in Cyber Attacks
- State Insurance Department Statements Scrutinize MA and MedSupp Unfair Trade Practices
- DOJ Subpoena Seeks Health Information of Hospital Patients Receiving Gender-Affirming Care: Will Judge Grant Motion to Quash?