New Hampshire’s New Law is on the Books -
2023 was a record-breaking year, with legislators in Delaware, Indiana, Iowa, Montana, Oregon, Tennessee and Texas passing comprehensive data privacy laws, joining California,...more
4/15/2024
/ Consumer Rights Directive ,
Controlled Substances Act ,
Data Collection ,
Fines ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Penalties ,
Personal Data ,
Private Right of Action ,
State Privacy Laws
Does your business collect or use fingerprints? Do your building access points use retina, finger, or palm scans? Does your security office use facial recognition technology to identify repeated trespassers? Do your phone...more
7/7/2023
/ Appeals ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Consent ,
Data Collection ,
Data Privacy ,
Data Security ,
Deceptive Intent ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Fingerprints ,
FTC Act ,
Personal Data ,
Personally Identifiable Information
Blaming a "data retention glitch," Microsoft has agreed to pay the Federal Trade Commission $20 million to settle allegations that the company's Xbox gaming system has illegally collected personal information from children...more
6/8/2023
/ COPPA ,
Corporate Counsel ,
Data Collection ,
Data Retention ,
Federal Trade Commission (FTC) ,
Microsoft ,
Minors ,
Personal Information ,
Regulatory Violations ,
Settlement ,
Xbox
I hear this frequently: "We've moved everything to the cloud, so our security is good." Maybe yes, maybe no. Cloud applications operate on a "shared responsibility" model, which means that the cloud provider will have a...more
The Volunteer State became the eighth state to enact a comprehensive data privacy law after Gov. Bill Lee (R) signed the Tennessee Information Protection Act (“TIPA”) into law yesterday, May 11.
Tennessee joins a growing...more
5/12/2023
/ California Consumer Privacy Act (CCPA) ,
Controlled Substances Act ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Fair Credit Reporting Act (FCRA) ,
Farm Credit Administration ,
Fines ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
Nonprofits ,
Opt-Outs ,
Penalties ,
Personal Information ,
Private Right of Action ,
State Privacy Laws ,
Tennessee
The so-called “HR exemption” taking employee and applicant personal information out of the control of the California Consumer Privacy Act (CCPA) is about to come to an end. Employers who are “businesses” for purposes of the...more
10/18/2022
/ Anti-Retaliation Provisions ,
Audits ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Data Collection ,
Data Mapping ,
Data Retention ,
Exemptions ,
Opt-Outs ,
Personal Information ,
Policies and Procedures ,
Privacy Notice Rule ,
Right to Delete ,
Right To Know ,
Sensitive Personal Information
If you’ve relied on the temporary “exemption” for employee/applicant and business-to-business (B2B) personal information under the California Consumer Privacy Act (CCPA), those exemptions will expire on January 1, 2023. The...more
In the spring of 2018 and in the wake of the Facebook-Cambridge Analytica data scandal, tech CEOs Tim Cook of Apple and Mark Zuckerberg of Meta (fka “Facebook”) initiated a contentious and public debate over the ethics of...more
To note the one year anniversary of the California Consumer Privacy Act (CCPA) enforcement date, California Attorney General Rob Banta held a press conference on July 19, 2021 to share key information about enforcement...more
Colorado has now joined California and Virginia to become the third US state to pass a comprehensive data privacy legislation when Governor Jared Polis signed the Colorado Privacy Act (the “CPA”) into law on July 8, 2021. The...more
As we’ve written here and here, New York City’s Biometric Identifier Information Law (the “NYC Law”) is now in force, effective Friday, July 9th. The NYC Law requires that places of entertainment, retail stores and food and...more
As previewed in Mintz’s earlier post, New York City’s Biometric Identifier Information Law (the “NYC Law”) is now in force, effective Friday, July 9th. The NYC Law requires that places of entertainment, retail stores and...more
At the close of Connecticut’s 2021 legislative session, a pair of data protection/cybersecurity related bills made their way to Governor Ned Lamont’s desk, while a CCPA-like omnibus privacy law falling one floor vote short. ...more
2021 could be another record year for new and pending privacy legislation, including laws either banning outright or placing limits on the use of technology involving biometric information. Just this year, Portland, Oregon...more
The Mintz Privacy & Cybersecurity Blog will be providing regular updates of notable pending US state privacy laws. Following our similar previous updates, the most recent of which may be found here, this update checks in on...more
In a previous update, we provided a comprehensive round-up of several notable pending US state privacy laws. We are checking-in on the progression of some of those laws in this further update. The next installment will...more
On Tuesday, Virginia Governor Ralph Northam signed the Consumer Data Protection Act (“CDPA”) into law, making Virginia the second U.S. state after California to pass a comprehensive data privacy law. Those familiar with the...more
We summarized Virginia’s Consumer Data Protection Act (CDPA) in advance of its passage by the legislature and it now awaits Governor Ralph Northam’s signature. This will make Virginia the second state (behind California)...more
While we continue to await comprehensive US federal privacy legislation, and following California’s lead with its California Consumer Privacy Act of 2018 (CCPA), individual states are stepping up to the plate. Based on what...more
January 28 is known worldwide as “Data Privacy Day” or “Data Protection Day,” and it’s a good opportunity to remind everyone of some privacy basics – particularly as people are still working remotely and threats to...more
As businesses continue to work on compliance with the California Consumer Privacy Act (CCPA) and the multiple versions of regulations issued by the Attorney General’s Office, Attorney General Becerra has issued yet another...more
12/15/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Opt-Outs ,
Personal Information ,
Proposed Regulation ,
Public Comment ,
Rulemaking Process ,
State Attorneys General
Earlier this week, the California Department of Justice unexpectedly released a third set of proposed modifications to the CCPA regulations. This move took place only two months after the California Attorney General’s Office...more
10/14/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Information Governance ,
Office of Administrative Law ,
Opt-Outs ,
Personal Information ,
Privacy Policy ,
State Attorneys General
California Governor Gavin Newsom has signed Assembly Bill 1281 to extend the California Consumer Privacy Act (CCPA) “exemptions” for business-to-business (B2B) and employee personal information. The exemption was headed for a...more
10/2/2020
/ B2B Transactions ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Cybersecurity ,
Data Collection ,
Employee Privacy Rights ,
Governor Newsom ,
Governor Vetoes ,
Online Safety for Children ,
Parental Consent ,
Social Media
2020 “back to school” has a whole new meaning in the age of COVID-19. Now, it is finally time for companies to take compliance with the California Consumer Privacy Act (“CCPA”) off the back burner and implement policies and...more
The California Legislature has passed AB-1281 over to the Governor’s desk, approving the continuation of an exemption for personal information collected in the employment context and certain information collected in the...more