Hashed & Salted | A Privacy and Data Security Update
Welcome to the health care issue of Hashed & Salted!
With the recent focus on the use of health data, we decided to focus this issue on exploring recent legislative and enforcement developments around privacy and data security in connection with sensitive health and health care-related data.
In our first article, associate Eric Cook discusses the “Health Regulatory Triangle” of the Health Insurance Portability and Accountability Act (HIPAA), the Federal Trade Commission (FTC) and state privacy regulations. We also include a resource for comparing recently enacted health data-related state privacy laws in Nevada, Washington and Connecticut, and a Health Data Decision Tree to help determine what laws might apply.
In our second article, associate Bianca Lewis explores the privacy and ethical issues at the intersection of health data and artificial intelligence (AI). And our special team member spotlight for this issue is Melis Ulusel, a second-year law student at The George Washington University Law School who interned this past summer with both Loeb & Loeb and the Future of Privacy Forum through the Federal Communications Bar Association’s Diversity Pipeline Program. Melis earned her Bachelor of Laws degree in Istanbul, Turkey, and practiced law at a boutique firm for four years before coming to D.C. She talks about her experiences with privacy and data protection on an international scale, what fascinates her, what she hopes for in the field of biometrics and facial recognition, and how she became a published author in her home country.
In This Newsletter:
- Understanding the Health Regulatory Triangle through Pixels—HIPAA, FTC’s Breach Notification Rule and State Privacy Regulations
- Navigating Health Data Privacy in AI—Balancing Ethics and Innovation
- Team Member Spotlight: Melis Ulusel
- Events Spotlight
- Featured Loeb Quick Takes
- In Case You Missed It
Understanding the Health Regulatory Triangle through Pixels—HIPAA, FTC’s Breach Notification Rule and State Privacy Regulations
The use of online tracking technologies such as pixels, software developer kits (SDKs) and cookies to better understand users’ behavior on health-related business’s websites and mobile applications was intended to be a simple endeavor; however, the recent deluge of class-action lawsuits, as well as federal and state privacy enforcement and regulations is certainly complicating many of these businesses’ efforts to reach their consumers online. Where many businesses may have originally taken the wait-and-see approach on the developing privacy landscape in this area, this approach is no longer tenable for businesses that collect personal information that qualifies as sensitive health data.
Read more here.
In the ever-evolving health care landscape, the integration of artificial intelligence (AI) has emerged as a transformative force with the potential to revolutionize patient care, diagnosis, treatment and medical research. AI’s ability to swiftly analyze vast amounts of health-related data promises enhanced medical outcomes, cost efficiency and improved patient experiences. Yet, as AI’s presence in health care grows, it brings a web of legal considerations. In this article, we unpack the term “AI” and outline some specific considerations for AI methods, outline the web of privacy laws that will apply when certain forms of health data are used to power AI solutions and close with a checklist lawyers can use to help guide their legal product reviews.
Read more here.
How did you develop your area of focus?
My introduction to privacy law began during a moot court experience focused on the European Court of Justice’s precedent regarding the right to be forgotten—an experience that left me genuinely intrigued. Luckily, the first couple of years of my legal practice coincided with the emergence of new data protection laws, both in Europe and Turkey. I had the pleasure of assisting many of our firm’s clients in evaluating and restructuring their data processing practices and systems. Coming to the U.S., I knew privacy law was an area to watch here as well, especially with the recent enactment of state privacy laws. This past summer’s experience truly exceeded my expectations. I was fortunate to witness firsthand the dynamic advancements in privacy law from a policy perspective at the Future of Privacy Forum and, later, from a private practice viewpoint at Loeb & Loeb.
What’s exciting you/grabbing your attention right now?
Over the summer, I had the pleasure of delving into the fascinating field of biometrics. It is exhilarating to think about how we currently have the technology to develop very sophisticated facial recognition systems. Amid the excitement, I am hopeful that privacy and civil liberties will be kept a priority as we embrace this innovation. I’m looking forward to closely following the evolving legal landscape, particularly with the EU AI Act, and observing how states like Illinois adapt to this transformative technology.
What’s one thing most people would be surprised to know about you?
I happen to be a published author on Turkish privacy law! I collaborated with a co-worker at my old firm and compiled decisions from the Turkish Data Protection Authority, similar to a casebook. Our managing associate played a crucial role in editing and publishing, which made it a product of great teamwork. As proud as I am of this accomplishment, it is unfortunate that the book is available only in Turkish.
2023 ANA Masters of Advertising Law Conference, Nov. 15 – 17, Orlando, Florida. Loeb is proud to sponsor the 2023 ANA Masters of Advertising Law Conference, where Advanced Media and Technology Deputy Chair Melanie Howard; Privacy, Security & Data Innovations Chair Jessica Lee; and associate Ryan Martin will be presenting “AI Unveiled: Decoding Its Impacts on Advertising, Privacy, IP and Ethical Challenges” on the main stage Nov. 16. For more information, including how to register, please visit the event website.
Privacy + Security Forum, Fall Academy, Nov. 8 – 10, Washington. Loeb is proud to sponsor the Privacy + Security Forum, Fall Academy, where Privacy, Security & Data Innovations Chair Jessica Lee and associate Eric Cook will be speaking on the panel “Navigating the Intersection of Health Data, AI and Privacy Law: Current Trends and Legal Implications” on Nov. 9. For more information, including how to register, please visit the event website.
Global Data Protection 2023, Oct. 18, San Francisco. Partner Harry Valetk chaired and gave the opening remarks at PLI’s Global Data Protection 2023 program. For more information, please visit the event website.
- California Strikes Again! The Delete Act is Here to Stay
- Cybercriminals Now Touting Criminal Artificial Intelligence
- Firing on All Cylinders: the CPPA Turns its Attention to the Privacy Practices of Connected Vehicles
Asia Data Protection Series: An Overview of the Data Protection Landscape in Asia. In this first issue of our Asia Data Protection Series, we provide an overview of the key data protection and privacy laws of some of the important jurisdictions in Asia.
Sign up for our Hashed & Salted newsletter by creating an account and selecting Privacy, Security & Data Innovation as your area of interest here.