Since the early 2000s, there has been a steady increase in the amount of government activity that has directly affected healthcare stakeholders. Prior to this time-period, companies could afford to focus only on differentiating their products from their competitors. Now companies are finding that during their strategic planning meetings, they must account for how state and federal government activity may impact their bottom line. In addition to having a Government Affairs staff, these same companies are starting to realize the importance of having established a relationship with a lobbyist. The question is how do you find the right lobbyist for your organization? 

First you want to make sure the lobbyist has experience. To be a good lobbyist there is no magic number of how many years you have worked within the political system. However; many lobbyists have worked an average of six months in the legislature as an aide to a legislator or on the other side of the spectrum, many legislators have left the legislature to work as a lobbyist. These individuals have an insider’s perspective into how the legislature works such as when a bill filing deadline date is and whether or not a bill can be introduced due to if a state is in an emergency session where the rules for introducing legislation is different from regular session. 

Second the lobbyist should have a minimum number of contacts in the legislature. Whether it is in Congress or on the state level, the lobbyist should be able to have a go to legislator that can get a bill introduced quickly. However; the most successful lobbyist will not be limited to one party. Having contacts on both sides of the aisle will allow the lobbyist the opportunity to bring any bill at any time regardless of what political party has the majority.   

Third the best lobbyist should be strategic. He or she should be able to know when a good time to introduce legislation is. The lobbyist should know what legislator to target as the bill sponsor. This is important because the bill sponsor will be the champion for your particular bill from start to finish. The lobbyist will need to educate the bill sponsor on the nuances of the bill so that the sponsor will be educated enough to be able to respond to technical questions during a hearing or when the sponsor is in caucus meetings; explaining to their respective party about why your bill should be voted on. The lobbyists should be able to pick and choose what committee will be best for your bill to go into, who to use as strategic allies for your legislation and be intuitive enough on when to negotiate and when not to.   

Next it is important for your lobbyist to know the industry and to have foresight. You need to be comfortable knowing that your lobbyist understands your industry because if not, how can you be sure that your lobbyist is communicating the correct outcome for you? The lobbyist should be skilled enough to draft a bill that solves your problem without having to continuously ask you how something works. Additionally, while many lobbyists only focus on the legislature, the best lobbyists will think long-term to determine if a regulatory body will be involved once your bill passes. If so a lobbyist should be able to guide you through the regulatory process without leaving you to fend for yourself after a bill has passed. 

Finally, as with any other professional, you need to be aware of the reputation your lobbyist has. Do they take the time to make sure their clients understand everything that is happening? Does the lobbyist prepare the client and relevant legislators ahead of time for crucial hearings? Does the lobbyist make everything easy to understand? Does the lobbyist dress appropriately for meetings and do they have the needed respect from the legislature? Does the lobbyist closely follow the bill from start to finish or are they overloaded with too many clients? These are important issues to talk with your prospective lobbyist about before entering into a contractual relationship. 

While there are other nuances to the lobbying relationship, these should be enough for you to think about as your organization considers whether to engage a lobbyist. Lobbyist should no longer be considered a luxury item. The best lobbyist are quickly becoming essential parts of today’s corporate environment for the value they bring to their clients in either advancing their interests through legislation, or being available to respond to legislative targeting that has been on the rise. You know you have picked the right lobbyist when you can breathe a sigh of relief knowing that they have your back.  

Lanton Law is a national boutique law and government affairs firm that closely monitors legislative, regulatory and legal developments for our clients. We help stakeholders understand what’s at issue so that we can help our valued clients achieve their priorities. Contact us to learn about how either our legal or lobbying services can help you attain your goals.

Snapchat’s parent company is defending against a class-action lawsuit in the U.S. District Court for the Northern District of Illinois brought by two platform users identified as Adrian Coss and Maribel Ocampo. 

The lawsuit alleges that the platform violates the Illinois Biometrics Information Privacy Act by failing to provide users with the required disclosures under the act while collecting, storing and sharing users’ unique facial features and voices. 

The Illinois Biometric Information Privacy Act enacted in 2008 was an important first step in developing policy on biometrics. According to the law, a private entity possessing biometric information accessible to the public must have a retention schedule and policy for permanently destroying biometric information. Additionally, there are restrictions on how a private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information. Most importantly, this law requires obtaining written consent prior to collecting biometric information as the law provides a private right of action for anyone injured under the Act. 

Lanton Law’s technology practice, which includes biometrics and privacy issues, has been monitoring the Illinois Biometric Information Privacy Act for some time. We have posted several blogs addressing this issue as companies continue to evolve biometrics into their business models. 

Lanton Law is a national healthcare and life science boutique law and government affairs firm that closely monitors legislative, regulatory and legal developments for our clients. Our healthcare practice can help stakeholders understand what’s at issue so that we can help our valued clients reach their goals. Contact us to learn about how either our legal or lobbying services can help you attain your priorities.   

Lanton Law’s publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without prior written consent of us. To request reprint permission for any of our publications, please use our “Let’s Chat” form, which can be found on our website at www.lantonlaw.com. The mailing of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship.

Senator Creem and Senator Lesser have introduced S.46 titled “An Act Establishing the Massachusetts Information Privacy Act.” The bill can be found here. The Act applies to Massachusetts businesses that earn $10,000 or more annual revenue through 300 or more transactions or that process or maintain the personal information of 10,000 or more unique individuals during the course of a calendar year. The bill has protections on the collection of biometric or location information and seeks to prevent companies from discriminating based on consumer personal information. The MA Information Privacy Commission would also be created by this proposal to oversee this bill’s regulatory scheme. 

This bill mirrors the efforts unleashed by the landmark General Data Protection Regulation (GDPR) in Europe which has been followed by efforts in California. Massachusetts did have a predecessor to S.46 in 2019 which stalled in the legislature.

The bill is currently in the Advanced Information Technology, the Internet and Cybersecurity Committee.  If you are a technology, healthcare or commerce stakeholder then this is something to keep a watch on.  

Lanton Law is a national healthcare & technology law and government affairs firm. Our technology practice has been monitoring privacy developments nationwide. If you are a commerce, technology or healthcare/life science stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

On October 6th, California Governor Newsom (D-CA) signed SB 41 titled Privacy: genetic testing companies. The bill can be viewed here. Below are the highlights of the bill:

This bill would establish the Genetic Information Privacy Act, which would require a direct-to-consumer genetic testing company, as defined, to provide a consumer with certain information regarding the company’s policies and procedures for the collection, use, maintenance, and disclosure, as applicable, of genetic data, and to obtain a consumer’s express consent for collection, use, or disclosure of the consumer’s genetic data, as specified.

This bill would require a direct-to-consumer genetic testing company to honor a consumer’s revocation of consent in accordance with certain procedures, and to destroy a consumer’s biological sample within 30 days of revocation of consent. The bill would further require a direct-to-consumer genetic testing company to implement and maintain reasonable security procedures and practices to protect a consumer’s genetic data against unauthorized access, destruction, use, modification, or disclosure, and develop procedures and practices to enable a consumer to access their genetic data, and to delete their account and genetic data, as specified. The bill would exclude from its provisions the California Newborn Screening Program, specific tests, and certain information, providers, entities, and activities subject to specified state and federal laws.

This bill would provide that the act does not reduce a direct-to-consumer genetic testing company’s duties, obligations, requirements, or standards under any applicable state and federal law for the protection of privacy and security and would further provide, if a conflict exists between the act and any other law, that the provisions of the law that afford the greatest protection for the right of privacy for consumers shall control.

This bill would impose civil penalties for a violation of those provisions, as specified. The bill would require actions for relief pursuant to these provisions to be prosecuted exclusively by the Attorney General, a district attorney, county counsel, city attorney, or city prosecutor, as specified, in the name of the people of the State of California upon their own complaint or upon the complaint of a board, officer, person, corporation, or association or upon a complaint by a person who has suffered injury in fact and has lost money or property as a result of the violation of the act. Because the bill would require local officials to perform additional duties, the bill would impose a state-mandated local program.

Lanton Law is a national boutique law and lobbying firm that focuses on healthcare/life sciences and technology. 

If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

According to the press release, Illumina announced that it has “acquired GRAIL, a healthcare company focused on life-saving early detection of multiple cancers, but will hold GRAIL as a separate company during the European Commission's ongoing regulatory review. 

Illumina, the global leader in DNA sequencing, first announced its intention to acquire GRAIL nearly a year ago, reuniting Illumina with GRAIL four years after it was spun off. GRAIL's Galleri blood test detects 50 different cancers before they are symptomatic. Illumina's acquisition of GRAIL will accelerate access and adoption of this life-saving test worldwide.”  

This acquisition has been announced despite the fact that it faces a legal challenge from the FTC as well as European antitrust scrutiny. 

Here are the reasons Illumnia gave for the deal according to the press release:

• The deal will save lives. Cancer kills around 10 million people annually worldwide and 600,000 people in the US alone. Cancers responsible for nearly 71% of cancer deaths have no recommended early detection screening, and most cancers are detected when chances of survival are lower. Illumina feels there is a moral obligation to have the deal decided by a thoughtful and full review by the EU regulators and the US courts. This can only be done if Illumina acquires GRAIL now. Otherwise, the company is locked into a situation where the deal terms will expire before there is a chance for full review; the clock will just run out.

• Right now, the Galleri test is available but costs $950 because it is not covered by insurance. Reuniting the two companies is the fastest way to make the test broadly available and affordable. Illumina's expertise in market development and access has resulted in coverage of genomic testing for over 1 billion people around the world already. This experience will help lead to coverage and reimbursement for the Galleri test.

• GRAIL and Illumina have a long history. Illumina formed GRAIL and spun it out in 2016. GRAIL's first employees were part of Illumina, which still owns 12 percent of the company. GRAIL and Illumina are not competitors—this is a vertical acquisition.

• Based on past experience, when Illumina enters a market, the market expands. When Illumina entered the non-invasive prenatal testing space, prices dropped, reimbursement expanded, the number of providers increased, and more expectant parents had access to testing.

• Illumina's acquisition of GRAIL is driven by the belief that this test should be available to as many people as possible as quickly as possible. From fighting the COVID-19 pandemic to matching cancer patients to therapies, Illumina's mandate is to save lives and transform healthcare. The first COVID-19 viral sequence was on an Illumina machine and now genomic surveillance has emerged as a critical tool in the global fight against the pandemic, with over 70 countries now using Illumina platforms for COVID-19 variant tracking.

Lanton Law is a national boutique law and lobbying firm that focuses on healthcare/life sciences and technology. 

If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

U.S. Senator Gillibrand (D-NY) issued a press release announcing the Data Protection Act of 2021, which would create the DPA, an independent federal agency whose goal is to protect Americans’ data, instill privacy safeguards and work to ensure that there is transparency in data sharing practices. 

There have been some changes to this proposed legislation since last year’s version of the bill. These changes include:

• Supervision of Data Aggregators: Grants the DPA authority to review Big Tech mergers involving a large data aggregator, or any merger that proposes the transfer of personal data of 50,000 or more individuals.

• Office of Civil Rights: Establishes the DPA Office of Civil Rights to advance data justice and protect individuals from discrimination. 

• Enforcement Powers: Improves DPA enforcement powers to oversee the use of high-risk data practices and to penalize, examine, and propose remedies to the social, ethical, and economic impacts of data collection.

• Penalties and Fines: Prohibits data aggregators from committing any unlawful, unfair, deceptive, abusive, or discriminatory data practices; and allows for penalties and fines to be levied if violated, including triple penalties for violations against children.

• Defines Key Terms for Transparency: Provides Key Definitions for Privacy Harm, Data Aggregators, and High-Risk Data Practice, among other key terms.

According to the release “The DPA would be an executive agency. The director would be appointed by the president and confirmed by the Senate, serves a 5-year term, and must have knowledge of technology, protection of personal data, civil rights, and law. The agency may investigate, subpoena for testimony or documents, and issue civil investigative demands. It may prescribe rules and issue orders and guidance as is necessary to carry out federal privacy laws. The authority of state agencies and state attorneys general are preserved in the Act. The DPA would have three core missions:

1. Give Americans control and protection over their own data by authorizing the DPA to create and enforce data protection rules. 

2. Maintain the most innovative, successful tech sector in the world by ensuring fair competition within the digital marketplace. 

3. Prepare the American government for the digital age.”

Lanton Law’s technology practice has been monitoring privacy developments nationwide. If you are a banking/finance, technology or healthcare/life science stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

On February 26, 2021 in the United States District Court Northern District of California, the Court found that Facebook was ordered to pay $650 million. This issue derived from the underlying lawsuit alleging whether the collection of an individual's biometric data in violation of the Illinois Biometric Information Privacy Act is sufficient to establish Article III standing. As a result of this dispute, the company’s automatic facial recognition tagging features are now an opt-in feature instead of being an opt-out choice. 

The Illinois Biometric Information Privacy Act enacted in 2008 was an important first step in developing policy on biometrics. According to the law, a private entity possessing biometric information accessible to the public must have a retention schedule and policy for permanently destroying biometric information. Additionally, there are restrictions on how a private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information. Most importantly, this law requires obtaining written consent prior to collecting biometric information as the law provides a private right of action for anyone injured under the Act. 

Lanton Law’s technology practice which includes biometrics and privacy issues, has been monitoring the Illinois Biometric Information Privacy Act for some time. We have posted several blogs addressing this issue as companies continue to evolve biometrics into the business models. As 2021 unfolds we confidently believe that legislative and regulatory oversight will increase leading to more litigation that fine tunes points left unanswered about this emerging field. 

We at Lanton Law can help. Our legal and policy tools can help offer your organization a clear path forward to navigate what will be changing policies for technology stakeholders. Contact us today to discuss your options.   

The New York State legislature has introduced Assembly Bill 27, which seeks to make New York the fourth state to enact a biometric privacy law. If successful it will be the second state that will allow consumers a private right of action to see companies for improper data handling. 

New York is definitely taking its cue from Illinois, as that state became the first to require businesses to collect biometric data to provide notice and obtain the owner’s written consent prior to using this information. We have written about the Illinois Information Privacy Act or (BIPA) in a previous post. 

The New York proposal seeks to do the following: 

Establishes the biometric privacy act; requires private entities in possession of biometric identifiers or biometric information to develop a written policy establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within three years of the individual's last interaction with the private entity, whichever occurs first. 

New York has enacted facial recognition laws in the past. In December 2020 Governor Cuomo released a press statement where he signed A6787-D/S5140-B into law that suspended “the use of facial recognition technology and other kinds of biometric technology in schools, directing a study of whether its use is appropriate in schools and issuing recommendations. The legislation places a moratorium on schools purchasing and using biometric identifying technology until at least July 1, 2022 or until the report is completed and the State Education Commissioner authorizes its use, whichever occurs later. It applies to both public and private schools in New York State.” 

Proposed Assembly Bill 27 shows that New York will continue to press forward in this area and will likely inspire other states. If you are a biometric, Health IT/digital health or technology stakeholder, your interests will be impacted.    

Lanton Law is a national boutique law and lobbying firm that focuses on healthcare/life sciences and technology. Contact us today to learn about your organization’s options to prepare for additional regulatory oversight.

New York has introduced Assembly Bill 27. According to the proposed bill, AB 27 seeks “to establish the biometric privacy act; requires private entities in possession of biometric identifiers or biometric information to develop a written policy establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within three years of the individual's last interaction with the private entity, whichever occurs first.”  

Currently, the Illinois Biometric Information Privacy Act, commonly known as BIPA, is the only state with a biometric privacy statute that provides for a similar private right of action. We have been writing in previous posts about how state policies have been taking shape regarding this subject. 

We expect this and other technology questions to be debated in various state houses throughout 2021. It is imperative for interested stakeholders to be prepared for what new potential legislation requires. Contact Lanton Law to discuss your lobbying and legal strategies.