Photo of Akua Asare-Konadu

Before enrolling in law school, Akua worked as a legislative assistant to Washington State Senator Rebecca Saldana. She has also worked as a session aide, a legislative fellow, a state senate and federal house intern, and a regional field director for a U.S. Senate campaign.

As of July 18, 2023, Oregon has joined 11 other states to pass a comprehensive consumer privacy law. The Oregon Consumer Privacy Act requires various disclosures around the collection and processing of personal data, provides consumers with rights to their data, and imposes obligations on controllers and processors, including honoring global opt-out signals. This Update

On June 6, 2023, Florida Governor Ron DeSantis signed Senate Bill 262 into law. SB 262 is a departure from the comprehensive privacy laws enacted by other states for a variety of reasons, including its (1) ban on government-directed moderation of social media, (2) restrictions on online interactions with minors (somewhat akin to the California Age-Appropriate Design Code), and (3) establishment of a “digital bill of rights” that creates general consumer privacy rights similar in many respects to those adopted in other states but, unlike them, Florida’s are narrowly applicable. Governor DeSantis has not shied away from saying the new law is directly aimed at “Big Tech,” and the targeted application of certain aspects of the law reflects that goal.

The ban on government-directed moderation took effect on July 1, 2023, with the protections for minors and digital bill of rights provisions set to take effect on July 1, 2024.Continue Reading Florida Enacts “Digital Bill of Rights” Combining Narrowly Applicable “Comprehensive” Privacy Provisions and More Broadly Applicable Restrictions on Children’s Privacy and Social Media Restrictions

This Update is the third installment of the ongoing series covering Washington state’s new My Health My Data Act. The original impetus for the act was the protection of reproductive rights, and it was signed into law alongside several other pieces of legislation focused on providing abortion and gender-affirming protections. However, because of the broad

As detailed in Part 1 of this ongoing series, Washington Governor Jay Inslee signed the state’s My Health My Data Act into law on April 27, 2023. The act is a first-of-its-kind law that creates new privacy protections relating to the collection, sharing, and selling of “consumer health data.” Most of the provisions of the

Overview

2022 has been relatively quiet as it relates to state updates to breach notification laws, but Maryland made significant alterations to its general data breach notification law. Additionally, several other states made more minor changes, and the federal government issued or proposed several new data security and breach reporting requirements for certain types of

New cybersecurity developments and observations, including those relating to U.S. Department of Labor review of cybersecurity issues, warrant prompt consideration by plan fiduciaries, including those plans covered by HIPAA.

The following update includes recommendations to help ERISA retirement and health and welfare plan sponsors and responsible fiduciaries protect benefit plans and participants against cybersecurity risks

Companies doing business in the United States should start preparing for the Utah Consumer Privacy Act, which was signed into law on March 24, 2022, and will go into effect on December 31, 2023. The law is more business-friendly than existing omnibus state privacy laws, in that it generally provides fewer consumer rights and company

On Friday, January 28, the world celebrated its 16th Data Protection/Privacy Day. As the privacy community capped off a week of programming and gazed into the future of potential data privacy enforcement [1], the celebrations were quickly overshadowed by California Attorney General Rob Bonta, who announced that his office was targeting businesses operating loyalty programs for potential enforcement actions. According to Bonta, his office issued “notices to business[es] that operate loyalty programs and use personal information in violation of California’s data privacy law.” [2] Accordingly, it is expected that a plethora of businesses may soon receive notices of noncompliance. Once a business receives a notice of noncompliance, that business will have 30 days to cure or fix the alleged violation before an enforcement action is initiated. Enforcement actions may result in penalties of up to $7,500 per violation, which can quickly accrue to significant amounts.
Continue Reading Data Privacy Day Surprise Enforcement for Loyalty Programs

As the use of facial recognition and other biometric technology expands, so too has litigation under the Illinois Biometric Information Privacy Act (BIPA). Nearly 2,000 cases have been filed, the vast majority of them in Illinois. Late last year, the Illinois First District Appellate Court issued two key decisions.
Continue Reading Illinois Biometric Information Privacy Act: Litigation Update

Certain California-licensed healthcare facilities are now subject to additional breach reporting obligations pursuant to regulations (Regulations)[1] issued by the California Department of Public Health (Department) on July 1, 2021. These Regulations modify California Health and Safety Code section 1280.15 (section 1280.15) and impose requirements on healthcare facilities (as defined below) regarding what information must