In the first half of 2024, seven new states—Kentucky, Maryland, Minnesota, Nebraska, New Hampshire, New Jersey, and Rhode Island—all enacted their takes on comprehensive privacy laws, bringing the total number of states with...more
On June 20, 2024, the United States District Court for the Northern District of Texas ordered the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) to vacate its guidance that had restricted...more
6/26/2024
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Popular ,
Texas ,
Web Tracking
New Requirements Include Identifying Specific Third Parties to Whom Businesses Disclose Data and Consent for Targeted Advertising to Teens -
Texas, Oregon, and Delaware are the latest states to join the growing landscape...more
7/24/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Delaware ,
Opt-Outs ,
Oregon ,
Personal Information ,
Privacy Laws ,
State Privacy Laws ,
Texas
In a shocking turn of events, a Superior Court for the County of Sacramento issued a ruling on June 30, 2023, enjoining the enforcement of the California Privacy Protection Agency’s (the “Agency’s”) California Privacy Rights...more
On July 1, 2023, the Colorado Privacy Act (ColoPA) and Connecticut Data Privacy Act (CTDPA) will go into effect, joining California and Virginia, whose data privacy laws are already in effect. Notably, while the California...more
6/29/2023
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Colorado ,
Connecticut ,
Consent ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws
In the absence of meaningful progress from the U.S. Congress on passing a federal comprehensive privacy law, state legislatures have been busy this year passing their own solutions and adding to the complexity of U.S. privacy...more
On April 27, 2023, Washington State Governor Jay Inslee signed a far-reaching health privacy law entitled the “My Health My Data Act” (the Act), which extends protections to consumer health data collected by entities not...more
On March 28, 2023, Iowa Governor Kim Reynolds signed “An Act Relating to Consumer Data Protection” (SF 262) (ICDPA), making Iowa the sixth U.S. state to enact a comprehensive consumer privacy law following California,...more
On January 27, 2023, the Colorado Attorney General’s (Colorado AG) office released the third version of its proposed draft rules (third draft) for the Colorado Privacy Act (ColoPA) based on public comments it received on...more
Connecticut became the fifth U.S. state to enact a comprehensive consumer privacy law following California, Virginia, Colorado, and Utah. On May 10, 2022, Connecticut Governor Ned Lamont signed "An Act Concerning Personal...more
Utah is poised to become the fourth state to enact comprehensive consumer privacy legislation, following California, Virginia, and Colorado. Earlier this month, Utah's legislature passed the Utah Consumer Privacy Act (S.B....more
Colorado may soon enter the national stage for its new privacy legislation. On June 8, 2021, Colorado's legislature passed the Colorado Privacy Act (SB21-190) (ColoPA). The bill was recently sent to the Colorado governor's...more
Apple recently announced that app developers must check a series of yes/no boxes that will generate a "nutrition label"-style summary of the app's privacy practices. This new summary, formally called "App Privacy," will be...more
The U.S. Court of Appeals for the Eleventh Circuit recently released its highly anticipated decision in the long-running case pitting the now-defunct medical laboratory LabMD against the Federal Trade Commission (FTC),...more
On December 12, 2017, the Federal Trade Commission (FTC) held a workshop to examine consumer injury in the context of privacy and data security. The motivation for the workshop, according to Acting FTC Chairman Maureen...more
The U.S. District Court for the Northern District of California recently issued a mixed ruling on D-Link Systems’ motion to dismiss in FTC v. D-Link Sys., Inc. D-Link sells routers and Internet protocol (IP) cameras that it...more
Organizations in the United States that certify to the U.S.-EU Safe Harbor Framework to transfer and receive personal data about residents of the European Union must annually reaffirm to the U.S. Department of Commerce that...more