Consumer privacy advocates cheered as Maine House members Tuesday passed a comprehensive privacy bill with Maryland-like data minimization rules and other strict requirements. Meanwhile, Alabama’s comprehensive privacy bill could hit the House floor as soon as next week after clearing the body’s Commerce Committee on Tuesday.
Health Privacy and HIPAA
Privacy Daily follows regulatory changes to and enforcement of the federal Health Insurance Portability and Accountability Act (HIPAA). The law governs how health care providers, insurers and other covered entities handle protected health information and imposes safeguards to prevent unauthorized access or disclosure. We also track new health privacy laws in the states including the Washington My Health My Data Act and a similar bill passed in New York state. Coverage includes significant HIPAA violations, enforcement actions and trends that shape how health data is collected, shared and secured.
New Mexico comprehensive privacy legislation cleared its first Senate committee by a narrow and partisan 5-4 margin on Wednesday. Prior to the Health Committee vote, Republicans and many industry lobbyists condemned the proposed Community and Health Information Safety and Privacy Act (Chispa) as too different from 20 other states’ consumer privacy laws, including because SB-53 contains a broad opt-in mechanism and a private right of action that would allow individuals to sue.
While the GDPR generally bans the collection and use of sensitive personal data, such data can often be processed for scientific research purposes, excluding health applications, if CNIL has been consulted in advance, the French watchdog said Wednesday.
The California Privacy Protection Agency will seek to illuminate how California Consumer Privacy Act (CCPA) rights work in the employment context through an upcoming rulemaking, CalPrivacy Executive Director Tom Kemp said in a keynote at compliance vendor Privado’s Bridge Summit event Wednesday. The agency plans to discuss a timeline for comments on that and other potential rulemakings at the CalPrivacy Board’s Feb. 27 meeting, he said.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
French watchdog CNIL's 2026-2028 work program aims to deepen its understanding of business models related to personal data and to better measure the effect of its decisions, including more economic analysis of the impact of the GDPR, it said Monday.
French watchdog CNIL fined France Travail, an administrative body that links job seekers with recruiters, 5 million euros ($6 million) for failing to keep users' data safe, it said Thursday. Separately, Italian DPA Garante announced fines against companies for illegal data processing and failure to keep an email account private.
New Zealand Privacy Commissioner Michael Webster published the terms of reference for his probe of the Manage My Health data breach Wednesday, saying he plans to complete the first stage by the end of April (see 2601210009).
Connecticut and Massachusetts attorneys general fined a Massachusetts-based ambulance billing vendor Wednesday for failing to protect sensitive patient information, leading to a 2022 data breach that impacted almost 350,000 residents across the two states.
A sweeping Washington state AI bill cleared a key House committee on Tuesday. At a recorded meeting, the House Technology Committee voted 8-5 to clear HB-2157, which is modeled on a 2025 Virginia bill vetoed by then-Gov. Glenn Youngkin (R). Democrats supported the bill while Republicans opposed it.