Two state privacy laws that pose unique applicability concerns went into effect July 1, 2024: the Oregon Consumer Privacy Act (the “OCPA”) and the Texas Data Privacy and Security Act (the “TDPSA”). Generally following the...more
The United States is on track to see a record number of data breaches in 2023 and state regulators are paying attention. The swift action required by victim companies includes containment and elimination of the threat, and...more
In 2023, new consumer privacy laws will be effective in California, Colorado, Connecticut, Utah, Virginia. Other laws from the states of Delaware, Indiana, Iowa, Montana, Tennessee, Oregon, and Texas were signed this year and...more
Last fall, we provided an update on the state of the regulations promulgated under the California Consumer Privacy Act (CCPA). At the time, we identified key gaps in the current regulations, specifically the lack of guidance...more
Washington state recently enacted the My Health, My Data Act (House Bill 1155) (the “MHMD Act”), which aggressively requires all entities that collect, share, or sell consumer health data in Washington to comply with very...more
Iowa Joins the Consumer Privacy Party -
On March 28, 2023, Governor Kim Reynolds signed a new Iowa consumer privacy statute to be effective January 1, 2025, the Iowa Consumer Data Protection Act, joining California,...more
In 2023, new consumer privacy laws will be effective in California, Colorado, Connecticut, Utah, and Virginia. These laws will come online throughout the year as follows...more
The California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA”) has had some major developments over the summer. On July 8, 2022, the California Privacy Protection Agency (California’s privacy...more
Already considered among the most rigorous cybersecurity requirements for financial services companies, the existing New York Department of Financial Services (“NY DFS”) Cybersecurity Regulation (the “Regulation”) set the...more
U.S. authorities have increased warnings of threats to critical infrastructure from Russian sources and have laid the groundwork for 72-hour reporting requirements for critical infrastructure organizations. At the end of...more
Addressing the evolving landscape of privacy laws will be at the top of the list of New Year’s resolutions for those doing business in the U.S. Businesses will need to assess and address changes in California privacy law, and...more
In 2023, new consumer privacy laws will be effective in Colorado, Virginia, and California. Of these, the Colorado Privacy Act (SB 21-190 , the “CPA”) is the latest to be enacted. Effective July 1, 2023, the CPA shares many...more
“Reasonable Security” is a term that is becoming more important due to the continued increase in ransomware incidents over the past few years, which the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) has...more
The passage of the California Privacy Rights Act (“CPRA”) on November 3, 2020 will result in increased litigation and enforcement actions for companies doing business in California. Indeed, only months after the California...more
Having set a new standard for privacy in the United States with the California Consumer Privacy Act of 2018 (the “CCPA”), California has again raised the bar for consumer privacy with the California Privacy Rights Act (the...more