The California Privacy Protection Agency (CPPA) has issued its first Order of Decision to American Honda Motor Co. in an enforcement action under the California Consumer Privacy Act (CPPA). Although the investigation arose...more
Please visit here to visit our Mintz Matrix page with the latest edition of the Mintz Matrix, which is a 50-state resource we have maintained since 2009 to break down and summarize requirements of U.S. state data breach...more
3/3/2025
/ Compliance ,
Corporate Counsel ,
Data Breach ,
Data Privacy ,
Data Protection ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
Privacy Laws ,
Risk Management ,
State Attorneys General ,
State Privacy Laws
2024 was a busy year for state consumer data privacy laws in the United States. Seven states enacted comprehensive data privacy statutes throughout the year, and laws enacted in 2023 went into effect in Montana, Florida,...more
1/3/2025
/ Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Protection ,
Enforcement ,
Notice Requirements ,
Opt-Outs ,
Penalties ,
Personal Data ,
Personally Identifiable Information ,
State Privacy Laws
To round out this year’s series on new state consumer privacy laws, we are covering the statute passed by Kentucky earlier this year. Please also keep your eye out for our 2024 round-up article that will be published soon, as...more
1/2/2025
/ Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Enforcement ,
Exemptions ,
Minor Children ,
Opt-Outs ,
Penalties ,
Personal Data ,
PHI ,
Popular ,
State Privacy Laws
We are moving westward this week from Iowa to Nebraska in our series of articles providing in-depth summaries of state consumer privacy laws taking effect across the nation.
Nebraska Governor Jim Pillen (R) signed the...more
11/27/2024
/ Consumer Privacy Rights ,
Covered Entities ,
Data Privacy ,
Data Protection ,
Enforcement ,
Fair Credit Reporting Act (FCRA) ,
Fines ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Penalties ,
Personal Data ,
Privacy Laws ,
Security and Privacy Controls
Iowa is next up in our series of articles providing in-depth summaries of state consumer privacy laws taking effect across the nation.
On March 28, 2023, Iowa Governor Kim Reynolds (R) signed into law Senate File 262...more
11/20/2024
/ Consumer Privacy Rights ,
COPPA ,
Covered Entities ,
Data Collection ,
Data Privacy ,
Data Processors ,
Enforcement ,
Fines ,
Gramm-Leach-Blilely Act ,
New Legislation ,
Opt-In ,
Penalties ,
Personal Data ,
Privacy Laws
Comprehensive consumer privacy laws continue to hit the desks of governors in states across the country, with nineteen state laws now on the books. Since we wrote our 2023 Round-Up on State Consumer Data Privacy Laws article...more
10/30/2024
/ Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Minor Children ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Right of Access ,
Sensitive Personal Information ,
State Privacy Laws ,
Targeted Digital Advertising
2023 was a record-breaking year, with legislators in Delaware, Indiana, Iowa, Montana, Oregon, Tennessee and Texas passing comprehensive data privacy laws, joining California, Colorado, Connecticut, Utah and Virginia. Already...more
4/16/2024
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Exemptions ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Jersey ,
New Legislation ,
Opt-Outs ,
Personal Data ,
Personal Information ,
Private Right of Action ,
Reporting Requirements ,
State Privacy Laws
If you are in the consumer health space, you have (or at least we hope you have...) figured out by now that there are health-related privacy and security laws and regulations that apply to your business. The Federal Trade...more
Texas has joined the growing list of states enacting comprehensive consumer data privacy laws. On June 18, 2023, Governor Abbott (R) signed H.B.4, otherwise known as the Texas Data Privacy and Security Act (“TDPSA”). The...more
Does your business collect or use fingerprints? Do your building access points use retina, finger, or palm scans? Does your security office use facial recognition technology to identify repeated trespassers? Do your phone...more
7/7/2023
/ Appeals ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Consent ,
Data Collection ,
Data Privacy ,
Data Security ,
Deceptive Intent ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Fingerprints ,
FTC Act ,
Personal Data ,
Personally Identifiable Information
Florida has joined the growing list of states enacting comprehensive privacy laws. Governor Ron DeSantis (R) signed the Florida Digital Bill of Rights (“FDBR”) into law on June 6th. How does it compare?...more
6/12/2023
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Corporate Counsel ,
Data Privacy ,
FERPA ,
Financial Institutions ,
Fines ,
Florida ,
Governor DeSantis ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Penalties ,
Personal Data ,
Privacy Laws ,
Private Right of Action ,
Search Engines
Our May Madness series is getting you caught up on comprehensive privacy legislation passing state legislatures across the nation. In April, governors signed legislation in Tennessee and Indiana, and this month ahead of...more
The Volunteer State became the eighth state to enact a comprehensive data privacy law after Gov. Bill Lee (R) signed the Tennessee Information Protection Act (“TIPA”) into law yesterday, May 11.
Tennessee joins a growing...more
5/12/2023
/ California Consumer Privacy Act (CCPA) ,
Controlled Substances Act ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Fair Credit Reporting Act (FCRA) ,
Farm Credit Administration ,
Fines ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
Nonprofits ,
Opt-Outs ,
Penalties ,
Personal Information ,
Private Right of Action ,
State Privacy Laws ,
Tennessee
Indiana's New Law is on the Books -
Last month, three more state legislatures passed comprehensive data privacy laws. Just this week, Indiana’s governor signed one of them - the Indiana Consumer Data Privacy Act (“ICDPA’) -...more
5/4/2023
/ Cybersecurity ,
Data Privacy ,
Fair Credit Reporting Act (FCRA) ,
Fines ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Nonprofits ,
Penalties ,
Personal Data ,
Personal Information ,
Private Right of Action ,
Public Utility ,
State Privacy Laws
Issuing California Consumer Privacy Act (CCPA) warning letters is becoming an annual Data Privacy Day observance for California Attorney General Rob Banta. This year, the letters went to owners and operations of mobile...more
The Federal Trade Commission (“FTC”) announced on Monday that it is settling a case against Drizly and its CEO stemming from a 2020 data breach that impacted roughly 2.5 million consumers. The proposed order not only...more
10/31/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Hackers ,
Identity Theft ,
Personal Data ,
Popular ,
Securities and Exchange Commission (SEC) ,
Settlement
In the spring of 2018 and in the wake of the Facebook-Cambridge Analytica data scandal, tech CEOs Tim Cook of Apple and Mark Zuckerberg of Meta (fka “Facebook”) initiated a contentious and public debate over the ethics of...more
The new California privacy regulatory body, the California Privacy Protection Agency (CPPA), has loudly voiced its opposition to the proposed federal American Data Privacy and Protection Act (ADPPA). The bottom line for...more
Privacy law 101 includes a simple but important basic concept that organizations may only use personal information they collect for what they say they will, and how they say they will. According to the Federal Trade...more
On April 28, 2022, the Connecticut legislature took the final step to become very close to passing comprehensive consumer privacy legislation as the Connecticut House of Representatives voted 144-5 in favor of Senate Bill 6,...more
5/4/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CDPA ,
Connecticut ,
COPPA ,
Data Privacy ,
Data Security ,
Enforcement ,
Fair Credit Reporting Act (FCRA) ,
FERPA ,
Governor Lamont ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Private Right of Action ,
Proposed Legislation ,
State Privacy Laws
Facebook’s parent company Meta has agreed to settle one of the longest-running data privacy lawsuits in the country for $90 million. This dispute, originally filed in 2012 in a total of 21 related cases, alleged that Facebook...more
Data Privacy Week kicked off with a major message for US publicly-traded companies: the Securities and Exchange Commission will be looking at cybersecurity. SEC Chairman Gary Gensler said in a speech to a virtual securities...more
As public companies embark on the year-end reporting process, they will need to consider, and in some cases take steps to address, a number of significant developments and issues. As in past years, Mintz has prepared a...more
1/19/2022
/ Annual Meeting ,
Coronavirus/COVID-19 ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Disclosure Requirements ,
Enforcement ,
Environmental Social & Governance (ESG) ,
Executive Compensation ,
Fiscal Year ,
Nasdaq ,
New Legislation ,
NYSE ,
Popular ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Shareholder Meetings
There is a pattern here. Long holiday weekends make for ransomware attacks and data breaches. It is well-known that malicious actors take advantage of understaffed IT resources on holidays. In fact, it’s become such a common...more
9/3/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
FBI ,
Hackers ,
Holidays ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Ransomware ,
Risk Management