In 2024, Washington and Nevada introduced new data privacy laws, part of a growing trend among states in response to the Trump administration’s push to reduce federal regulations, according to attorney Melissa Crespo of Morrison Foerster. These new laws, such as Washington’s My Health My Data Act and Nevada’s SB370, specifically target consumer health data that is not covered by HIPAA.
Crespo believes that more states will follow suit in 2025 as they seek to address gaps left by potential reductions in federal oversight. Specifically, state legislatures may focus on enhancing privacy protections for certain types of health information, such as reproductive health data, which could be at risk under the new administration.
The attorney emphasizes the importance of monitoring both federal and state-level developments in data privacy and cybersecurity regulations. She notes that state initiatives may be particularly crucial in light of the administration’s push for regulatory rollbacks.
Looking ahead to 2025, Crespo highlights several key trends and issues to watch in the realm of data privacy and cybersecurity. She also discusses the Federal Trade Commission’s top priorities for regulating and enforcing health data privacy, as well as potential changes in HIPAA audits and enforcement under the new administration.
Crespo, a partner at Morrison Foerster specializing in privacy and data security law, works with clients to address complex compliance and security challenges, especially in the healthcare sector. She provides guidance on navigating laws related to the collection and use of medical and health information, including HIPAA compliance.
As the landscape of data privacy and cybersecurity continues to evolve, states like Washington and Nevada are taking proactive steps to protect consumer health data. With ongoing developments at both the state and federal levels, experts like Melissa Crespo will play a vital role in helping organizations navigate the complex regulatory environment and ensure compliance with evolving privacy laws.