- This event has passed.
CPRA Law + Tech Series: Session 2
February 25 @ 12:00 pm – 1:15 pm
Co-Hosted by: California Lawyers Association Privacy Law Section and the Future of Privacy Forum
Session 2: Sensitive Data: Health Conditions, Demographics, and Inferences
Join us on Friday, February 25th, from 12:00-1:15PM Pacific Time, for an exploration of what makes certain kinds of consumer data “sensitive” – and how to identify such data and think about new regulations that limit its collection and use.
This session will begin with a brief presentation on the definitions of “sensitive data” under existing legal regimes (CPRA, VCDPA, and CPA), with a specific discussion of the legal parameters of non-HIPAA and non-CMIA consumer health data.
As an example of sensitive data, we will explore real-world examples of how consumer health information is collected and used in different commercial settings, from a technical and business perspective, including:
- Consumer services that directly collect and use high-risk or clearly sensitive data that is not covered by HIPAA or other sectoral privacy laws (for example, direct-to-consumer blood sample analysis);
- Mobile app data involving fitness, wellness, or wearable device information (such as steps and heart rate) that may be considered sensitive or not, depending on the context and uses;
- Information that may appear sensitive on its face, but may not be used for the purposes of inferring sensitive information (such as the URL of a website, name of an app, or search engine query in the context of providing basic functionality or services); as well as the opposite: information that may appear non-sensitive on its face (such as a person’s shopping habits) that may nonetheless, over time or in combination with other information, lead to sensitive inferences.
In this session, we’ll be joined by guest experts:
Robert D. Tookoian, Of Counsel, Fennemore Craig, PC
Kate Black, Partner, Hintze Law
Charlyn L. Ho, Partner, Perkins Coie