Susan Mack authored an article for the Association of Corporate Counsel North Florida’s May 2020 Newsletter, titled “But My Company’s in Florida! Why Should I Be Concerned with the California Consumer Privacy Act?.”

In this piece, Susan examines why Florida-based businesses should pay attention to the California Consumer Privacy Act (CCPA). Any touches with California consumers can “likely result in your company buying, gathering, renting, receiving, or even merely accessing California consumer personal information, these scenarios may well bring your company under the scope of the CCPA,” says Susan.

 On Friday, May 8, the Federal Trade Commission released a request for public comment on the Health Breach Notification Rule. This Rule, which went into effect in 2009, mandates the disclosure of data breaches by vendors that handle personal health data but are not covered by the Health Insurance Portability and Accountability Act.
  
  Opportunity for Public Comments
  
  The Agency is seeking comment on a variety of issues, including:
  
  Whether the Rule has resulted in under or over-notification
  
  Whether the Rule’s definitions should be modified to reflect legal, economic, and technological changes


  
  Whether the timing requirements and methods for reporting a breach should be altered
  
  The implications for enforcement raised by direct-to-consumer technologies
  
  Whether and how the Rule should address developments in healthcare products and services related to COVID-19
  
  The FTC will accept comments on these questions for 90 days once the Rule review notice is published in the Federal Register.
  
  What does the current Rule require?
  
  As currently written, the Rule requires covered companies to notify the FTC within 10 days after discovering a breach if more than 500 people are affected, and within 60 days if fewer individuals are affected.
  
  To date, the Rule has not garnered much attention, with no enforcement actions over the past decade, and only two companies notifying the FTC about breaches affecting more than 500 people.
  
  While the request for comment is part of the Agency’s standard review process, it comes at a time when telehealth services are growing, and more technologies are being used to treat patients from afar, including virtual assistants and health apps.
  
  Our Privacy, Cybersecurity and Data Management Team will continue to monitor the latest telehealth developments and provide insights as we continue to monitor the ever-changing, ever-shifting legal landscape on this particular topic.