On April 17, 2024, Nebraska’s governor signed Legislative Bill 1074, which establishes a consumer data privacy law for the state. Nebraska’s law takes effect January 1, 2025. To Whom does the law apply? The law applies to...more
On May 9, 2024, Governor Wes Moore signed the Maryland Online Data Privacy Act (MODPA), making Maryland the seventeenth state to enact a comprehensive data privacy law. While similar in certain respects to most Virginia Model...more
With new comprehensive privacy laws in Texas and Oregon going into effect on Monday, July 1, we invited enforcers from the Texas and Oregon Attorneys General Offices – Tyler Bridegan and Kristen Hilton – to join our Wiley...more
Keypoint: While the act does not include many provisions found in the more recent consumer data privacy laws, it would expand privacy notice obligations in one significant way although the applicability and scope of that...more
The recent Federal Trade Commission (FTC) amendment adds a new security breach reporting requirement to the Gramm–Leach–Bliley Act (GLBA) Safeguards Rule. The Safeguards Rule is a regulatory framework that mandates financial...more
On May 14, the FTC published a business blog post announcing the Safeguards Rule, an amendment to the GLBA, is in effect as of May 13. The Safeguards Rule applies to financial institutions subject to the FTC’s jurisdiction...more
On April 4, Governor Andy Beshear signed the Kentucky Consumer Data Protection Act (KCDPA), making Kentucky the fifteenth state to enact a comprehensive data privacy law. Set to go into effect on January 1, 2026, the KCDPA...more
Keypoint: The Minnesota bill contains several unique requirements and provisions, including a novel right to question the result of a profiling decision, privacy policy provisions that increase interoperability with existing...more
Orrick Partner Beth McGinn joins RegFi co-hosts Jerry Buckley and Sasha Leonhardt for our second episode focused on the proposed American Privacy Rights Act and its potential impact on the financial services industry. Beth...more
Welcome to Wiley’s update on recent developments and what’s next in consumer protection at the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC). In this newsletter, we analyze recent regulatory...more
Businesses have only a short window remaining to ensure compliance with three new privacy laws. Effective July 1, three new comprehensive state data privacy laws come into effect – the Tennessee Information Protection Act...more
On April 4, 2024, Kentucky joined the rapidly growing number of states adopting a comprehensive data privacy law, when Governor Andy Beshear signed, the Kentucky Consumer Data Protection Act ("Kentucky CDPA"). The law will...more
2023 was a record-breaking year, with legislators in Delaware, Indiana, Iowa, Montana, Oregon, Tennessee and Texas passing comprehensive data privacy laws, joining California, Colorado, Connecticut, Utah and Virginia. Already...more
With the Kentucky governor recently signing into law that state’s privacy law the US now has 16 states with “comprehensive” privacy laws. This newest one will go into effect on January 1, 2026 – the same day as Indiana. It...more
New Hampshire’s New Law is on the Books - 2023 was a record-breaking year, with legislators in Delaware, Indiana, Iowa, Montana, Oregon, Tennessee and Texas passing comprehensive data privacy laws, joining California,...more
Enforcement of Washington’s My Health My Data Act (MHMDA or the Act) starts now. Passed by the Washington state legislature last year and designed broadly to protect “consumer health data,” the Act is one part of a larger...more
The Georgia Senate voted to pass the Georgia Consumer Privacy Protection Act (SB 473) on Feb. 27th. Although the bill is similar to many other comprehensive state privacy laws, there are some notable distinctions....more
The early weeks of 2024 have seen continued activity on the state comprehensive privacy law front. Since our last update, at least 11 new comprehensive privacy bills have been proposed. In particular, Georgia, Hawaii,...more
With the first month of 2024 now behind us, it is time for organizations to start seriously considering key comprehensive state data privacy compliance obligations for 2024. In total, seven states passed data privacy laws...more
Throughout much of 2023, businesses found themselves in a challenging position as they continued to grapple with defending against Illinois Biometric Information Privacy (BIPA) class action lawsuits. The year began on a...more
Comprehensive consumer privacy protections have arrived in the Garden State and appear to be coming soon to the Granite State. With Governor Phil Murphy's signing of Senate Bill 332 on January 17th, New Jersey became the...more
On October 10, 2023, California Gov. Gavin Newsom signed into law Senate Bill 362, also known as the Delete Act, allowing California residents to have their personal information deleted by all registered data brokers...more
The California Privacy Protection Agency (CPPA) released initial draft regulations for cybersecurity audits (which have since been amended) and risk assessments late this summer. The agency’s board of directors addressed the...more
Under an amendment to the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA) announced on October 27, 2023, the Federal Trade Commission (FTC) will require a broad range of nonbank financial institutions to notify the...more