The vast majority of commentary and public advice concerning data breaches surround, deservedly, the breach itself. This focus is only natural; it is the breach itself that requires victims to bring enormous resources to bear...more
With the onslaught of new privacy, AI and cyber legislation coupled with promises for enforcement and class action litigation, running a well-functioning and flexible privacy and cyber program is increasingly a critical...more
1/29/2025
/ Consumer Privacy Rights ,
Cookies ,
Cyber Incident Reporting ,
Data Breach ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Privacy Laws ,
Risk Management ,
Security and Privacy Controls ,
Sensitive Personal Information ,
State Privacy Laws
On December 6, 2024, the Colorado Attorney General’s Office notified the public that it adopted the updated Colorado Privacy Act (CPA) Rules, as a follow-up to the amendments to the CPA made earlier in the year (collectively,...more
1/10/2025
/ Biometric Information ,
Compliance ,
Consent ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Employee Privacy Rights ,
Employee Rights ,
Privacy Laws ,
Regulatory Requirements ,
State Privacy Laws
This article is the first in a series that will address privacy concerns for insurance carriers, agents and brokers. The insurance industry is uniquely situated at the confluence of multiple data privacy regimes....more
10/30/2024
/ Bank Holding Company Act ,
Captive Insurance Company ,
Data Privacy ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Insurance Agents ,
Insurance Brokers ,
Insurance Industry ,
NAIC ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Privacy Notice Rule ,
Sensitive Personal Information
Last year was a pivotal one for data privacy, as privacy received substantial attention from many regulators, including the Federal Trade Commission (“FTC”). Looking back at the FTC’s 2023 enforcement actions, statements and...more
On April 27, 2023, the Washington State governor signed into law the My Health My Data Act or the MHMDA. In spite of the onerous and at times confusing requirements of the MHMDA, the Washington Attorney General (AG) has only...more
1/30/2024
/ Compliance ,
Consent ,
Data Collection ,
Data Privacy ,
Data Subject Access Requests ,
Effective Date ,
Notice Requirements ,
Penalties ,
Personal Information ,
PHI ,
Privacy Laws ,
State Privacy Laws
With the onslaught of new privacy legislation and cyber threats coupled with upticks in enforcement, running a well-functioning and flexible privacy program is now, more than ever, a critical component of an organization’s...more
1/5/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
EU ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Personally Identifiable Information ,
Privacy Laws ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Sensitive Personal Information ,
State Privacy Laws ,
Targeted Digital Advertising
On October 10, 2023, California Governor Gavin Newsom signed SB 362 into law. The “Delete Act” is intended to bridge a gap in consumer privacy rights – whereas the California Privacy Rights Act (the CPRA) grants consumers the...more
On June 16, 2023, Nevada Governor Joe Lombardo signed SB 370 into law. This new law is a consumer health data bill that is similar in many ways to Washington’s My Health My Data Act (MHMDA). SB 370, like most provisions of...more
To date, US non-profit organizations have enjoyed an exemption from the state omnibus privacy laws. That’s about to change. Unlike the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA),...more
The Federal Trade Commission (“FTC”) has issued a policy statement addressing biometric technologies in a signal of enforcement actions to come: It states: “In light of the evolving technologies and risks to consumers, the...more
5/26/2023
/ Biometric Information ,
Data Collection ,
Data Privacy ,
Data Security ,
Enforcement ,
Enforcement Actions ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Policies and Procedures ,
Policy Statement ,
Risk Assessment ,
Unfair or Deceptive Trade Practices
On April 27, 2023, the Washington state governor signed into law the My Health My Data Act, also known as the MHMDA. The majority of the law’s provisions will take effect on March 31, 2024, providing companies with one...more
On January 1, 2023, the California Privacy Rights Act of 2020, which amended the existing California Consumer Privacy Act (collectively, the “CPRA”) and Virginia’s Consumer Data Protection Act (“VCDPA”) went into effect....more
The concept of Sensitive Personal Information (SPI) has made its way into new and emerging US privacy laws. The usual challenges associated with a novel privacy obligation certainly apply to Sensitive Personal Information,...more
2023 will be yet another dynamic year for data privacy regulation. In addition to the data privacy laws in Virginia, Colorado, Utah, and Connecticut going into force this year, businesses also have to contend with the fact...more
The American Data Privacy and Protection Act (“ADPPA”) has been working its way through Congress with notable bipartisan support. After a July 20th markup session in the House Committee on Energy & Commerce amending the bill,...more
By now, it is generally known that comprehensive privacy laws include requirements to allow consumers to opt-out of the sale of the their personal information, including personal information collected through the use of...more
9/19/2022
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Covered Entities ,
Data Controller ,
Data Privacy ,
Data Selling ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Search Engines ,
State Privacy Laws ,
Targeted Digital Advertising
Do Companies have a cure period for alleged violations under the California Privacy Rights Act (“CPRA”)?
No, the CPRA eliminates the thirty (30) day cure period originally permitted under the California Consumer Privacy...more
Unless the California legislature acts soon, the scope of information subject to the California Privacy Rights Act (“CPRA”) will include all employee or human resource-related personal information on January 1, 2023. To date,...more
6/15/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Data Privacy ,
Data Subjects Rights ,
Employee Privacy Rights ,
Employer Liability Issues ,
Employer Responsibilities ,
Exemptions ,
Human Resources Professionals ,
Personal Data ,
Personnel Records ,
Risk Management
In short, no. It is not necessary to use both the new SCCs and the new Article 28 clauses at the same time....more
Session Replay Software is a type of software typically utilized by businesses with consumer-facing websites. These businesses are typically very interested in making their website more interactive and responsive to consumer...more
Colorado recently introduced a new privacy bill, the Colorado Privacy Act (CPA). The CPA has certain similarities with the well-known California Consumer Privacy Act (CCPA) and Virginia’s Consumer Data Protection Act (VCDPA)....more
On November 3, 2020, Californians voted to pass Proposition 24, expanding and modifying the California Consumer Privacy Act (“CCPA”), which came into force on January 1, 2020. The new California Privacy Rights Act (“CPRA”)...more
On November 3, 2020, Californians voted to pass Proposition 24, expanding and modifying the California Consumer Privacy Act (“CCPA”), which came into force on January 1, 2020. The new California Privacy Rights Act (“CPRA”),...more
To help identify trends in privacy representations, BCLP reviewed the websites and privacy notices of Fortune 500 companies identified as primarily engaged in the banking and financial service sectors.
The following...more
2/28/2020
/ Adtech ,
Banks ,
Behavioral Advertising ,
California Consumer Privacy Act (CCPA) ,
Cookies ,
Data Privacy ,
Data-Sharing ,
Financial Services Industry ,
Opt-In ,
Right to Delete ,
Surveys