Key Takeaways | Navigating State Privacy Law Applicability for Healthcare and Financial Services Organizations - McDermott Will & Emery

Key Takeaways | Navigating State Privacy Law Applicability for Healthcare and Financial Services Organizations


During this webinar, McDermott Partners Elliot Golding and Amy Pimentel discussed state privacy law applicability to health, life sciences and financial services companies, as well as compliance requirements and enforcement risks. They also shared benchmarking and practical recommendations for designing and implementing privacy compliance programs.

Top takeaways included:

  1. This likely affects you: Most health and financial services companies have data that is NOT exempt from new state privacy laws (particularly in California, Colorado and Washington). That data includes certain online “cookie” data, marketing data, California employee and business contact data, and data collected outside the scope of the primary service offerings.
  2. The risks are real: State privacy laws have already been enforced against health and financial services companies. The Federal Trade Commission (FTC) and Office for Civil Rights (OCR) have also enforced laws related to online data.
  3. Next steps: All health and financial services companies should identify which data is subject to these laws and update their compliance programs. Although health and financial companies can leverage existing Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA) programs, they likely must supplement by updating privacy notices and contract terms, obtaining opt-in consent honoring new privacy rights and implementing new governance processes (such as training and documenting privacy impact assessments).
  4. Reach out with questions: McDermott has extensive experience working with health and financial companies to operationalize these requirements, and we have developed templates, guidance, playbooks and other tailored materials specifically for health and financial companies.

Contact Elliot, Amy or your regular McDermott lawyer to discuss how we can help.

View key takeaways from and recordings of other webinars in our New State Privacy Laws Series:

Dig Deeper

Cambridge, United Kingdom / Speaking Engagements / July 1-3, 2024

Privacy Laws & Business | 37th International Conference

Chicago, IL / Speaking Engagements / May 14, 2024

Modern Healthcare Digital Health Summit: Patients and Trust

Nashville, TN / McDermott Event / May 17, 2024

Value-Based Care Symposium 2024

Nashville, TN / McDermott Event / May 15-16, 2024

Physician Practice Management and ASC Symposium 2024

Washington, DC / / May 8-10, 2024

2024 Privacy + Security Spring Academy

Washington, DC / Speaking Engagements / April 14 – 16, 2024

ACEP Leadership & Advocacy Conference 2024

Get In Touch