GDPR and US States General Privacy Laws Deskbook

Page 8 - GDPR and US States General Privacy Laws Deskbook

P. 8

CONTENTS
24-15-2-12 “De-identified data” ................................................................................................................................................................................. 197
24-15-2-13 “Health care provider” . ............................................................................................................................................................................ 197
24-15-2-14 “Health record” . ......................................................................................................................................................................................... 197
24-15-2-15 “HIPAA” . ...................................................................................................................................................................................................... 197
24-15-2-16 “Identified or identifiable individual” . ................................................................................................................................................... 198
24-15-2-17 “Institution of higher education” . .......................................................................................................................................................... 198
24-15-2-18 “Nonprofit organization” . ........................................................................................................................................................................ 198
24-15-2-19 “Personal data” . ......................................................................................................................................................................................... 198
24-15-2-20 “Precise geolocation data” . ..................................................................................................................................................................... 198
24-15-2-21 “Processing” ............................................................................................................................................................................................... 198
24-15-2-22 “Processor” . ................................................................................................................................................................................................ 198
24-15-2-23 “Profiling” . ................................................................................................................................................................................................... 199
24-15-2-24 “Protected health information” ............................................................................................................................................................. 199
24-15-2-25 “Pseudonymous data” . ............................................................................................................................................................................. 199
24-15-2-26 “Publicly available information” . ............................................................................................................................................................ 199
24-15-2-27 “Sale of personal data” ............................................................................................................................................................................ 199
24-15-2-28 “Sensitive data” ......................................................................................................................................................................................... 200
24-15-2-29 “State agency” ........................................................................................................................................................................................... 200
24-15-2-30 “Targeted advertising” ............................................................................................................................................................................. 200
24-15-2-31 “Third party” .............................................................................................................................................................................................. 200
24-15-2-32 “Trade secret” ............................................................................................................................................................................................ 201
24-15-3-1 Requesting access, correction, and deletion of personal data.......................................................................................................... 201
24-15-4-1 Collection; processing; security. ............................................................................................................................................................... 202
24-15-4-2 Void and unenforceable provisions . ........................................................................................................................................................ 203
24-15-4-3 Clear and accessible privacy notice requirements .............................................................................................................................. 203
24-15-4-4 Disclosure and opt-out requirements .................................................................................................................................................... 203
24-15-4-5 Means to exercise rights ........................................................................................................................................................................... 203
24-15-4-6 Sample privacy notices and disclosures . ................................................................................................................................................ 204
24-15-5-1 Meeting obligations. .................................................................................................................................................................................... 204
24-15-5-2 Contractual requirements for controllers and processors . ................................................................................................................ 204
24-15-5-3 Contextual determination of controller or processor status . ............................................................................................................ 205
24-15-6-1 Assessment requirements for personal data processing. .................................................................................................................... 205
24-15-6-2 Confidentiality and attorney general access to data protection impact assessments ................................................................ 206
24-15-7-1 De-identified data handling and consumer request compliance requirements. ............................................................................ 206
24-15-7-2 Exemption of pseudonymous data from consumer rights and controller responsibilities ......................................................... 206
24-15-7-3 Reasonable oversight; compliance . ......................................................................................................................................................... 207
24-15-8-1 Exceptions to controller and processor obligations . ........................................................................................................................... 207
24-15-8-2 Obligations and requirements . ................................................................................................................................................................. 208
24-15-8-3 Exemptions; violation evidentiary privilege . ......................................................................................................................................... 208
24-15-8-4 Liability exemption for controllers and processors disclosing personal data to third parties ................................................... 208
24-15-8-5 Application with federal law . .................................................................................................................................................................... 208
24-15-8-6 Trade secrets ................................................................................................................................................................................................ 209
24-15-8-7 Purpose limitations; data protection measures; exemption ............................................................................................................. 209
24-15-9-1 Attorney general; civil investigative demand . ....................................................................................................................................... 209
24-15-10-1 Attorney general; exclusive authority .................................................................................................................................................. 209
24-15-10-2 Enforcement and penalties for violations ........................................................................................................................................... 209
8 | General Privacy Laws Deskbook: US State Laws and GDPR

6 7 8 9 10