Skip to main content

Regulatory Update: FL and TX Pass Comprehensive Consumer Data Privacy Bills, WA Signs ‘My Health My Data Act’ — May 2023 Newsletter

Regulatory Update: FL and TX Pass Comprehensive Consumer Data Privacy Bills, WA Signs ‘My Health My Data Act’ — May 2023 Newsletter

DeleteMe

May 31, 2023

Reading time: 3 minutes

In the first two weeks of May:


Florida, Texas and Washington All Pass Consumer Privacy Bills

The Washington law is particularly notable. It includes broad definitions of covered entities and sensitive data types, as well as a strong private right of action. The combination of these features may make it the most significant new privacy law in the country. 

Washington State now joins Iowa, Indiana, and Tennessee, who have all signed new privacy legislation into law this year. California, Colorado, Connecticut, Utah, and Virginia have passed similar laws in the past few years. The Montana legislature also passed a comprehensive privacy law in April.

Our take: 

Washington’s My Health, My Data Act is likely to be a significant source of concern for many companies. The Act is similar to Illinois’ Biometric Information Privacy Act (BIPA), which has led to billions of dollars lost in class action settlements over the last few years, but imposes more operationally challenging obligations and has fewer limitations on applicability. 


Cybersecurity Update: Municipal Agencies, Healthcare Networks Under Fire

Cybersecurity researchers are pointing to a growing trend of ransomware attackers targeting municipalities. Since the beginning of 2023, there have been major disruptions in Oakland, CA, Dallas, TX, and Washington, DC, as well as smaller cities like Lowell, MA, and the suburbs of Detroit, MI. This month also saw attacks on the Federal Department of Transportation and the DC Metro system, highlighting growing cyber risks to public infrastructure.

The healthcare sector has also become the exclusive target of some well-resourced ransomware groups like CLOP and LockBit. Attacks in this sector peaked at a record high in April. A recent breach of PharMerica, a pharmacy services provider, is one of the largest this year so far, exposing the data of over six million patients.

Our Take: 

With large ransomware payouts in decline, Russian cyber gangs appear to be dividing efforts between “disruption for disruption’s sake” and exfiltrating the most lucrative, sellable data. The public sector is ideal for the former and the healthcare industry for the latter.


Workforce Surveillance Receiving Greater Federal Scrutiny

The White House Office of Science and Technology Policy released a public request for information on employer use of workforce monitoring technologies. This is usually an early indication of forthcoming policy proposals.

Recent research indicates that even though pandemic-driven remote work opportunities have decreased, the use of employee surveillance tools has grown since 2021. The types of technologies used have also become more invasive.

Our Take

Few new state privacy laws (other than the CCPA) have included employee data protections so far. Still, it’s possible that workforce surveillance – like Children’s  Data, Health Data, and Location Data – may become an area where the FTC applies broader interpretations of its own regulatory mandate in the near future. 


Check Out Our Latest Blog Posts


DeleteMe in the News

  • Check out our running log of DeleteMe in the news in 2023.
SHARE THIS ARTICLE
DeleteMe was created in 2010 when we realized the difficulty of navigating privacy issues in today’s interconnected and digital world. Our mission is to provide everyone with the power to control t…
DeleteMe was created in 2010 when we realized the difficulty of navigating privacy issues in today’s interconnected and digital world. Our mission is to provide everyone with the power to control t…
How does DeleteMe privacy protection work?
  1. Employees, Executives, and Board Members complete a quick signup
  2. DeleteMe scans for exposed personal information
    Opt-out and removal requests begin
  3. Initial privacy report shared and ongoing reporting initiated
  4. DeleteMe provides continuous privacy protection and service all year
Your employees’ personal data is on the web for the taking.

DeleteMe is built for organizations that want to decrease their risk from vulnerabilities ranging from executive threats to cybersecurity risks.

Want more privacy
news?

Join Incognito, our monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.

Is employee personal data creating risk for your business?

DeleteMe provides business solutions for the enterprise, public orgs and public interest groups.

Is employee personal data creating risk for your business?

DeleteMe provides business solutions for the enterprise, public orgs and public interest groups.

Related Posts

10 Ways to Reboot Your Privacy at Work

When personal data is out there on the open web it can lead to privacy and security incidents at work that open you—and your company—up to risk. Fo…
DeleteMe
October 3, 2022

Our 2022 Cybersecurity Excellence Award Speech: How We Started, Where We’re Going

We are excited to announce that DeleteMe was recognized (twice!) with 2022 Cybersecurity Excellence Awards, an annual competition honoring ind…
DeleteMe
February 10, 2022

The Time is Now to Limit Russian Hacker Access to Publicly Available PII

Although the launch of ContiLeaks and the information revealed there didn’t slow the Russian Hacker gang down, it did provide everyone here a…
Will Simonds
March 10, 2022