This legislative session has been marked by the continuing growth of the nation’s patchwork of state comprehensive privacy laws, and the weeks since our last update have been no exception. April saw state legislatures in...more
On April 25, 2023 four federal agencies—the Consumer Financial Protection Bureau (CFPB), the Federal Trade Commission (FTC), the United States Department of Justice (DOJ), and the U.S. Equal Employment Opportunity Commission...more
5/2/2023
/ Algorithms ,
Anti-Discrimination Policies ,
Artificial Intelligence ,
Automation Systems ,
Bias ,
Consumer Financial Protection Bureau (CFPB) ,
Department of Justice (DOJ) ,
Equal Employment Opportunity Commission (EEOC) ,
Federal Trade Commission (FTC) ,
Hiring & Firing ,
Job Applicants ,
Joint Statements ,
Machine Learning
On Friday, April 21, the Montana and Tennessee state legislatures approved comprehensive privacy law proposals. In Montana, the state senate passed an amended version of the Montana Consumer Data Privacy Act (SB 384) in a...more
The use of generative artificial intelligence (“AI”) by businesses and consumers over the past several months has increased dramatically—driven in large part by the enormous visibility of ChatGPT as a new AI device, improved...more
On Monday, April 17, the Washington House passed an amended version of the My Health My Data Act (HB 1155) (the “Act”), a bill that would impose sweeping new requirements on the collection, processing, and sale of consumer...more
On Tuesday, April 11, the Indiana House passed Senate Bill No. 5, a comprehensive state privacy law similar to the ones that are already in effect in California, Colorado, Virginia, Utah and Connecticut. This bill previously...more
The past two weeks have seen continued progress on proposed comprehensive privacy legislation across multiple states. Most notably, on March 28, Iowa Governor Kim Reynolds signed SF 262 into law, officially making Iowa the...more
On Wednesday, March 15, the Consumer Financial Protection Bureau (CFPB) announced an inquiry into data brokers, issuing a “Request for Information Regarding Data Brokers and Other Business Practices Involving the Collection...more
On March 15, 2023, the Securities and Exchange Commission (SEC) announced proposed changes to Regulation S-P (“Reg S-P”) that would impose new cybersecurity incident response requirements on broker-dealers, investment...more
The state comprehensive privacy law legislative process has officially kicked into high gear. Of course, the primary development since our last update is Iowa’s passage of SF 262, which positions Iowa to become the sixth...more
On Wednesday, March 15, the Colorado Attorney General’s Office announced the finalization of the Colorado Privacy Act Rules (“Rules”). The Rules implement the Colorado Privacy Act (CPA), a comprehensive privacy law enacted in...more
On Wednesday, March 15, the Iowa House passed Senate File 262 (SF 262), a comprehensive state privacy law similar to the ones that are already in effect in five US states. The bill had previously passed the Senate on March 6,...more
On March 9, 2023, the Securities and Exchange Commission (SEC) reached a settlement with Blackbaud – a client relationship management (CRM) service provider for nonprofits – over allegations that Blackbaud (i) made materially...more
On Friday, March 3, 2023, the California Privacy Protection Agency (CPPA) held a public board meeting. Though the meeting focused primarily on the Agency’s budget and various administrative issues (e.g., subcommittee...more
3/13/2023
/ Administrative Review ,
Audits ,
Board Meetings ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Proposed Legislation ,
Public Comment ,
Risk Assessment ,
Rulemaking Process
On February 27, 2023, the Chairman of the House Financial Services Committee Patrick McHenry (NC-10) introduced the Data Privacy Act of 2023 (the Bill), which would amend the Gramm-Leach-Bliley Act (GLBA) to “modernize[]...more
Since our last update, comprehensive privacy law proposals have continued to emerge and progress through state legislatures. Most notably, five bills have now passed a legislative chamber, with Hawaii’s Consumer Data...more
On Thursday, March 2, the FTC announced an enforcement action against BetterHelp, Inc., an online mental health counseling service, relating to claims that the company’s collection and use of consumer health data were unfair...more
3/8/2023
/ Advertising ,
Data Breach ,
Data Privacy ,
Enforcement Actions ,
Enforcement Authority ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
LGBTQ ,
Mental Health ,
Pharmacies ,
Section 5 ,
Settlement ,
Telehealth ,
Unfair or Deceptive Trade Practices
On March 1st, the Innovation, Data, & Commerce Subcommittee of the House Energy and Commerce Committee subcommittee held a hearing titled “Promoting U.S. Innovation & Individual Liberty through a National Standard for Data...more
On February 27, the Federal Trade Commission (FTC) released a blog post advising companies to monitor their claims regarding their use of artificial intelligence (or AI). ...more
In addition to the numerous comprehensive privacy laws that have been proposed in at least 20 states thus far in 2023, legislative trends demonstrate an emerging focus on regulations that address specific types of...more
Since the start of the 2023 legislative session, at least 15 biometric privacy law proposals have emerged across 11 states (including Arizona, Hawaii, Maryland, Massachusetts, Minnesota, Mississippi, Missouri, New York,...more
On February 17, 2023, the Illinois Supreme Court held in a 4-3 split opinion that claims under the state’s Biometric Information Privacy Act (BIPA) accrue each time there is a biometric collection or transmission constituting...more
On February 17, 2023, the state attorneys general of Pennsylvania and Ohio reached a settlement with Ohio-based DNA Diagnostics Center (“DDC”) for a 2021 data breach that affected 2.1 million individuals nationwide and...more
2/23/2023
/ Clinical Laboratories ,
Cybersecurity ,
Data Breach ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Laboratories ,
Material Misstatements ,
PHI ,
Settlement ,
State Attorneys General ,
Statutory Violations
The past two weeks have seen continued developments in the state comprehensive privacy legislative landscape. Maryland, Minnesota, and Texas have entered the fray with new proposals, bringing the total number of states that...more
2/15/2023
/ Biometric Information ,
Consumer Privacy Rights ,
COPPA ,
Data Privacy ,
Fair Credit Reporting Act (FCRA) ,
FERPA ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Personal Information ,
Privacy Laws ,
Proposed Legislation ,
State Privacy Laws
On February 2, 2023, the Illinois Supreme Court held in a unanimous opinion that individuals have five years after an alleged violation to bring claims under the state’s Biometric Information Privacy Act (BIPA). This ruling...more