On March 11, the Kentucky Senate passed the Kentucky Consumer Data Protection Act (KCDPA or the “Act”) (House Bill 15) by a unanimous 35-0 vote. Upon House concurrence and the governor’s signature, the Act would become the...more
One of the main risks that a company faces after a data breach is a potential lawsuit. Plaintiffs often will allege creative statutory and common law theories of harm after they learn that their personal information has been...more
3/15/2024
/ Article III ,
Corporate Counsel ,
Damages ,
Data Breach ,
Emotional Distress Damages ,
Future Harm ,
Hackers ,
Imminent Harm ,
Intent ,
Personal Information ,
Public Disclosure ,
Sensitive Personal Information ,
Standing ,
TransUnion
This post is part of a series of articles we are doing on 2023 data protection litigation trends.
While the California Consumer Privacy Act (CCPA) is most known for its onerous privacy compliance obligations, the law also...more
3/4/2024
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Breach ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Personal Information ,
Private Right of Action ,
Right To Cure ,
Security and Privacy Controls ,
State Attorneys General ,
Statutory Damages ,
U-Haul ,
Wells Fargo
On February 21, the California Attorney General (“AG”) announced a settlement with DoorDash, an online food delivery service, to resolve allegations that the company violated the California Consumer Privacy Act (CCPA) and...more
3/1/2024
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
CalOPPA ,
Civil Monetary Penalty ,
Compliance ,
Consumer Privacy Rights ,
Data Selling ,
Data-Sharing ,
DoorDash ,
Enforcement Actions ,
Enforcement Priorities ,
Personal Information ,
Sephora ,
State Attorneys General ,
Statutory Violations ,
Stipulated Judgment ,
Third-Party
The early weeks of 2024 have seen continued activity on the state comprehensive privacy law front. Since our last update, at least 11 new comprehensive privacy bills have been proposed. In particular, Georgia, Hawaii,...more
2/23/2024
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
COPPA ,
Data Controller ,
Data Privacy ,
FERPA ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Information ,
Privacy Laws ,
Proposed Legislation ,
State Legislatures ,
State Privacy Laws
On February 1, the Federal Trade Commission (FTC or “the Commission”) announced that it had reached a settlement with Blackbaud, a software company, resolving claims related to a 2020 data breach that resulted in the...more
2/23/2024
/ Consent Agreements ,
Cybersecurity ,
Data Breach ,
Data Retention ,
Data Security ,
Encryption ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Internal Data Controls ,
Misleading Statements ,
Personal Information ,
Popular ,
Securities and Exchange Commission (SEC) ,
Settlement ,
Third-Party Service Provider
Following a busy 2023 in which seven states enacted comprehensive privacy laws, we entered this year expecting additional activity on this front across state legislatures. The opening weeks of 2024 have not disappointed. Most...more
On December 20, the Federal Trade Commission (FTC or “the Commission”) published a notice of proposed rulemaking (NPRM) proposing amendments to the Children’s Online Privacy Protection Rule (the “COPPA Rule” or the “Rule”)....more
1/15/2024
/ Biometric Information ,
COPPA ,
Data Security ,
Enforcement Actions ,
Exceptions ,
Federal Trade Commission (FTC) ,
Microsoft ,
Notice Requirements ,
NPRM ,
Online Platforms ,
Parental Consent ,
Personal Information ,
Proposed Amendments ,
Public Schools ,
Safe Harbors ,
Websites
In advance of the California Privacy Protection Agency’s (CPPA) December 8 Board meeting, the Agency has published new draft automated decisionmaking technology (ADMT) regulations, as well as revisions to draft regulations on...more
12/1/2023
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Machine Learning ,
Notice Requirements ,
Opt-Outs ,
Personal Information ,
Right of Access ,
Risk Assessment
Governor Gavin Newsom in California recently signed several bills into law that may have a significant impact on your company’s privacy compliance obligations. These new laws amend and build on existing California privacy...more
The Massachusetts Gaming Commission recently approved regulations to ensure data privacy and security for sports betters in the Commonwealth. On August 8, 2023, the commissioners approved 205 CMR 257, Sports Wagering Data...more
On July 14, the California Privacy Protection Agency (CPPA or the “Board”) hosted a meeting to discuss key issues. Notably, the Board’s New CPRA Rules Subcommittee (“the Subcommittee”) previewed three areas of forthcoming...more
8/9/2023
/ Advisory Board ,
Artificial Intelligence ,
Audits ,
Automation Systems ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Machine Learning ,
Personal Data ,
Personal Information ,
Proposed Regulation ,
Risk Assessment
Over the past year, the Federal Trade Commission (FTC) has emerged as a leading actor in the health privacy enforcement space, spearheading enforcement actions, policy statements, and regulatory changes all aimed at...more
8/7/2023
/ Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Authority ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Personal Information ,
PHI ,
Privacy Laws
On June 5th, the Federal Trade Commission (FTC) announced a settlement with Microsoft over alleged violations of the Children’s Online Privacy Protection Act (COPPA) for its data practices involving its Xbox live product. ...more
6/21/2023
/ Amazon ,
Compliance ,
COPPA ,
Data Collection ,
Data Retention ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Microsoft ,
Minors ,
Parental Consent ,
Personal Information ,
Popular ,
Xbox
On February 27, 2023, the Chairman of the House Financial Services Committee Patrick McHenry (NC-10) introduced the Data Privacy Act of 2023 (the Bill), which would amend the Gramm-Leach-Bliley Act (GLBA) to “modernize[]...more
In addition to the numerous comprehensive privacy laws that have been proposed in at least 20 states thus far in 2023, legislative trends demonstrate an emerging focus on regulations that address specific types of...more
The past two weeks have seen continued developments in the state comprehensive privacy legislative landscape. Maryland, Minnesota, and Texas have entered the fray with new proposals, bringing the total number of states that...more
2/15/2023
/ Biometric Information ,
Consumer Privacy Rights ,
COPPA ,
Data Privacy ,
Fair Credit Reporting Act (FCRA) ,
FERPA ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Personal Information ,
Privacy Laws ,
Proposed Legislation ,
State Privacy Laws
On July 7, 2022, the Consumer Financial Protection Bureau (“CFPB”) issued an advisory opinion, “Permissible Purposes for Furnishing, Using, and Obtaining Consumer Reports” (the “Opinion”) to outline certain privacy...more
On June 15, 2022, Senator Elizabeth Warren introduced Senate Bill S.4408, Health and Location Data Privacy Act of 2022 (the “Bill”). The Bill, co-sponsored with Senators Ron Wyden, Patty Murray, Sheldon Whitehouse, and Bernie...more
In the latest of a flurry of FTC actions, the agency recently announced that it had entered into a consent order with CafePress, an online customized merchandise platform, over allegations that it failed to secure consumers’...more
3/22/2022
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
NIST ,
Personal Information ,
Popular ,
Unfair or Deceptive Trade Practices
Last week, two bills were proposed in Congress aimed at improving consumer privacy protection. These proposals focus on specific areas of privacy law – health data that falls outside of HIPAA and do-not-track signals....more
Will 2022 be the year for a national privacy law? We are seeing new federal proposals, ongoing negotiations about key issues such as a private right of action and state pre-emption, and new activity at the state level. There...more
12/29/2021
/ Biden Administration ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Privacy ,
Disparate Impact ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Legislative Agendas ,
Notice Requirements ,
Personal Data ,
Personal Information ,
State Privacy Laws
On October 27, 2021, the Federal Trade Commission (FTC) announced a newly updated rule under the Gramm-Leach-Bliley Act (GLBA) intended to require financial institutions to strengthen their data security safeguards to protect...more
11/1/2021
/ Cybersecurity ,
Data Protection ,
Federal Trade Commission (FTC) ,
Final Rules ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Personal Information ,
Risk Assessment ,
Safeguards Rule ,
Security Risk Assessments ,
Third-Party Service Provider
Despite its antecedents in one of the most widely cited law review articles of all time from more than 130 years ago, modern United States privacy law is roughly twenty years old. Even though still in its relative infancy,...more
7/8/2021
/ Big Data ,
California Consumer Privacy Act (CCPA) ,
Data Breach ,
Data Privacy ,
Data Security ,
Enforcement ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Personal Information ,
Preemption ,
Privacy Laws ,
Private Right of Action ,
Sensitive Personal Information ,
State Privacy Laws
While still in its relative infancy, privacy law has quickly become a turbulent teenager, with constant change around the world.
At a minimum, 2021 will require meaningful efforts to implement the changes of 2020, with a...more
1/5/2021
/ Biden Administration ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Security ,
Enforcement ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Legislative Agendas ,
Personal Information ,
Privacy Laws ,
Private Right of Action ,
Ransomware ,
Schrems I & Schrems II ,
State Attorneys General ,
State Privacy Laws