On February 10, 2025, a Washington state resident filed a lawsuit on behalf of herself and similarly situated individuals against Amazon under the Washington My Health My Data Act (MHMD). This is the first lawsuit brought...more
2/24/2025
/ Biometric Information ,
Class Action ,
Consent ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Collection ,
Data Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Privacy Laws ,
State Privacy Laws
Over 5,000 privacy professionals from around the world gathered in Washington, D.C. this month for the International Association of Privacy Professionals’ Global Privacy Summit 2024. The conference focused on debating the...more
On July 10, 2023, the European Commission formally approved the EU-U.S. Data Privacy Framework (“DPF"). You can view our brief video discussion about the DPF or read our initial update.
Companies that maintained their...more
The Federal Trade Commission (FTC) has continued to ramp up its investigation and enforcement efforts in 2022 to address unfair or deceptive acts or practices in the privacy, cybersecurity and consumer protection space. With...more
To help your company get its United States (U.S.) state privacy compliance program on the right track in 2022, Orrick's Cyber' Privacy & Data Innovation Group has analyzed the differences between key topics for the California...more
3/15/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Personal Information ,
State Privacy Laws
The California Privacy Rights Act (CPRA) became law on December 16, 2020, and amended the California Consumer Privacy Act (CCPA). When the CPRA becomes fully operative on January 1, 2023, these important changes, among...more
Across the United States (U.S.), 2021 was a busy year for legislative and regulatory-related consumer privacy developments. Our roundup captures some of the major updates that occurred in states throughout the year. We will...more
The Federal Trade Commission ("FTC") recently announced its intent to "vigorously" enforce its 2009 Health Breach Notification Rule (the "Rule") via a policy statement that sheds light on the Rule's scope. The policy...more
9/24/2021
/ Application Programming Interface (APIs) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
Mobile Health Apps ,
Personally Identifiable Information ,
Popular
Colorado is the third U.S. state to enact comprehensive consumer data privacy legislation with the passage of the Colorado Privacy Act (CPA) on July 7, 2021. The CPA will go into effect July 1, 2023, joining the California...more
Following in the footsteps of the California Consumer Privacy Act (CCPA), the Commonwealth of Virginia has become the second U.S. state to enact comprehensive consumer data protection legislation. ...more
3/4/2021
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
General Data Protection Regulation (GDPR) ,
Information Governance ,
New Legislation ,
Personal Data ,
Regulatory Reform ,
State and Local Government
How can your business prepare for The California Privacy Rights Act (CPRA) ramp-up in 2021? The CPRA is scheduled to become effective in January 2023. Preparations will occur over the next two years, including establishing...more
On December 10, 2020, California Attorney General Xavier Becerra (California AG) released a fourth set of proposed modifications to the California Consumer Privacy Act (CCPA) regulations that went into effect on August 14,...more
On May 4, 2020, Californians for Consumer Privacy announced that it submitted over 900,000 signatures to qualify the California Privacy Rights Act of 2020 (“CPRA”) for California’s November 2020 ballot. With the California...more
5/22/2020
/ Ballots ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Rulemaking Process ,
State and Local Government
On March 11, 2020, the California Attorney General, Xavier Becerra, (“California AG”) released a second set of modifications to the proposed regulations pursuant to the California Consumer Privacy Act of 2018 (“CCPA”). These...more
3/26/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Employee Benefits ,
Opt-In ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General ,
Statutory Interpretation
On February 7 and again on February 10, 2020, the California Attorney General Xavier Becerra released an updated draft of proposed regulations pursuant to the California Consumer Privacy Act of 2018 (“CCPA”). The updated...more
2/14/2020
/ Anti-Discrimination Policies ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Regulatory Agenda ,
Regulatory Requirements ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
Happy New Year! At long last, the California Consumer Privacy Act of 2018 (“CCPA”) went into effect yesterday, January 1, 2020. For those who have not yet heard, the CCPA establishes a comprehensive legal framework to govern...more
1/3/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Deletion ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Opt-In ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Right to Delete ,
State and Local Government
With the January 1, 2020 effective date of the California Consumer Privacy Act (the “CCPA”) rapidly approaching, all eyes have been on the California legislature’s consideration of a robust suite of amendments that would...more
10/21/2019
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Customer-Loyalty Programs ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Employee Privacy Rights ,
New Amendments ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government ,
State Data Breach Notification Statutes
On October 10, 2019, the California Attorney General added to the complexity of the California Consumer Privacy Act of 2018 (“CCPA”) by releasing long-awaited proposed regulations that provide guidance on various elements of...more
10/16/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Digital Service Providers ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Public Comment ,
Right to Delete ,
Rulemaking Process ,
State and Local Government
With the January 1, 2020 effective date of the California Consumer Privacy Act (the “CCPA”) rapidly approaching, all eyes have been on the California legislature’s consideration of a robust suite of amendments that would...more
9/18/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Exemptions ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Amendments ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government
In 2018, the California legislature made headlines with its game-changing data protection law: the California Consumer Privacy Act of 2018. ...more
3/19/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Legislation ,
State and Local Government
Yesterday, German federal and state (Länder) data protection authorities ("DPAs") issued a Position Paper following the recent Court of Justice of the European Union ("CJEU") ruling that struck down the EU-US Safe Harbor...more
10/27/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Cloud Computing ,
Cybersecurity ,
Data Privacy ,
Data Protection Authority ,
European Commission ,
European Court of Justice (ECJ) ,
Germany ,
International Data Transfers ,
Personal Data ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
US-EU Safe Harbor Framework
Personal data is a valuable corporate asset. At times, the personal information collected from customers (such as email address, mailing address, phone number, etc.) can be a company’s most valuable asset. Unfortunately,...more
10/20/2015
/ Bankruptcy Code ,
Chapter 11 ,
Commercial Bankruptcy ,
Customer Lists ,
Cyber Attacks ,
Cyber Crimes ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Digital Assets ,
Disney ,
Enforcement Actions ,
Facebook ,
Federal Trade Commission (FTC) ,
Google ,
Hackers ,
MySpace ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy ,
RadioShack ,
Sale of Assets ,
Snapchat ,
WhatsApp
Earlier this month, privacy and security professionals from around the globe gathered for “Privacy. Security. Risk. 2015”—the second joint conference between the International Association of Privacy Professionals and the...more
10/15/2015
/ Big Data ,
Cloud Computing ,
Compliance ,
Covered Entities ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Department of Health and Human Services (HHS) ,
Dropbox ,
Edward Snowden ,
Enforcement Actions ,
Ethics ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
FCC ,
Federal Trade Commission (FTC) ,
Google ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
International Data Transfers ,
Internet of Things ,
Ireland ,
Microsoft ,
National Security ,
National Security Agency (NSA) ,
OCR ,
Personal Data ,
Popular ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II ,
Security Risk Assessments ,
US-EU Safe Harbor Framework