Latest Posts › State Privacy Laws

Share:

Montana Amends Law to Cover Collection and Use of Neural Data

Montana recently revised its Genetic Information Privacy Act to address neural data. The law went into effect in 2023, and applies to both entities that offer genetic testing services as well as entities that use genetic...more

Virginia Will Add to Patchwork of Laws Governing Social Media and Children (For Now?) 

Virginia’s governor recently signed into law a bill that amends the Virginia Consumer Data Protection Act. As revised, the law will include specific provisions impacting children’s use of social media. Unless contested, the...more

New Era of Collaboration? States Team Up to Coordinate on Privacy Laws

The California Privacy Protection Agency announced this month that it, along with six other states, will be forming a new group called the “Consortium of Privacy Regulators.” (The other states are Colorado, Connecticut,...more

Insurance Cybersecurity Certifications: An (Updated) State Roundup

Over half of US states require annual compliance certifications from insurance providers. While the filing time frames for this year draw to a close, companies may want to keep them in mind not only for next year, but as a...more

Arkansas’ Kids Social Media Law: Another One Bites the Dust

Arkansas’ second attempt at regulating minor’s access to social media – in the form of the Social Media Safety Act (SB 689) – has again been struck down as unconstitutional. The court permanently enjoined the state from...more

US State AI Legislation: Virginia Vetoes, Colorado (Re)Considers, and Texas Transforms

The Virginia law, like the Colorado Act, would have imposed various obligations on companies involved in the creation or deployment of high-risk AI systems that influence significant decisions about individuals in areas such...more

Utah Pioneers App Store Age Limits

Utah’s governor recently signed the first law which puts age restrictions on app downloads. The law (the App Store Accountability Act, SB 142), was signed yesterday (Wednesday, April 26, 2025). We anticipate that the law may...more

Oregon’s Privacy Law: Six Month Update, With Six Months to End of Cure Period

Oregon’s Attorney General released a new report this month, summarizing the outcomes since Oregon’s “comprehensive” privacy law took effect six months ago. A six-month report isn’t new: Connecticut released a six month report...more

Oregon’s AI Guidance: Old Laws in Scope for New AI

The Oregon AG’s Office, along with the state’s Department of Justice, issued guidance late last year on how state laws apply to the ways businesses use AI. The guidance may be two months old, but the cautions are still...more

New Jersey Updates Discrimination Law: New Rules for AI Fairness

The New Jersey AG and the Division on Civil Rights’ new guidance on algorithmic discrimination explains how AI tools might be used in ways that violate the New Jersey Law Against Discrimination. The law applies to employers...more

New Year, Old Tradition: CPPA Focuses on Unregistered Data Brokers

The California privacy regulator recently settled with a data broker (Key Marketing Advantage LLC) that it alleged had violated the state’s data broker law. Under the Delete Act, data brokers must, among other things,...more

California’s Kids’ Social Media Law Wrangling Continues, and Maryland Too!

The Ninth Circuit continued the pause on California’s SB 976 (Protecting Our Kids from Social Media Addiction Act) as of late January 2025. The law was signed by Governor Newsom in September 2024, and challenged by NetChoice...more

Sheppard Mullin’s 2024 Eye on Privacy Year in Review

It is hard to believe that another year is upon us! As we have done in years past (including 2023, 2022, 2021, 2020, 2019 and 2018), we have created a comprehensive resource of all our www.eyeonprivacy.com posts from 2024. As...more

Colorado Rolls Out Updated Privacy Rules Ahead of 2025 CPA Amendments

The Colorado AG’s office adopted draft amendments to the Colorado Privacy Act rules last month. The adopted draft reflected input from the public to AG’s September 2024 version and addresses three key issues. First, on...more

New Year, New Protections for New York Artists and AI-Generated Replicas

New York has a new AI-related law which took effect January 1. The law regulates creation and use of digital replicas of an individual’s voice or likeness and is similar to those in California and Tennessee....more

New York Modifies Data Breach Law Heading Into 2025

As 2024 came to a close, New York Gov. Hochul signed two bills (A8872A and S2376B) amending New York’s data breach law. The modifications change both what constitutes personal information under the law, as well as modifying...more

Coming to a State Near You: 5 State Privacy Laws Take Effect in January 2025

Are you ready for the next set of US state privacy laws going into effect? Delaware, Iowa, Nebraska, and New Hampshire are effective January 1, and New Jersey’s law go into effect two weeks later (January 15)....more

California’s Privacy Regulator Had a Busy November, Data Broker Edition: What Does It Mean for Businesses?

In the fifth in our series of California developments, we turn to data broker obligations. There are two of note. First, the California privacy agency is moving forward Delete Act regulations it proposed earlier this year....more

California’s Privacy Regulator Had a Busy November, Cybersecurity Audits and Insurance Edition: What Does It Mean for Businesses?

In the fourth in our series of new CCPA regulations from California, we look at both cybersecurity audit obligations as well as the impact of the CCPA on the insurance industry. Cybersecurity Audits The proposed rules address...more

California’s Privacy Regulator Had a Busy November, Risk Assessment Edition: What Does It Mean for Businesses?

In the third in our series of new CCPA regulations from California, we look at obligations for conducting risk assessments under CCPA. CCPA had called on the California agency to promulgate rules to address such assessments,...more

California’s Privacy Regulator Had a Busy November, Automated Decisionmaking Edition: What Does It Mean for Businesses?

In the second in our series of new CCPA regulations from California, we look at proposed rules for use of automated decisionmaking technology. As a reminder, CCPA discusses these technologies in relation to profiling, namely...more

California’s Privacy Regulator Had a Busy November: What Does It Mean for Businesses?

The California Privacy Protection Agency released proposed CCPA rules for a variety of topics in November, as well as announcing an investigative sweep for compliance with the Delete Act. Topics include the following, which...more

New York AG Settles EnforcemENT Action with ENT

The New York Attorney General’s Office recently settled with Albany ENT & Allergy Services over claims that the healthcare provider failed to protect over 200,000 consumers’ private health information. The claims stem from...more

#StatusUpdate on Social Media, Apps, and Children’s Privacy

Regulations impacting children’s use of social media continues to be a space in motion the past few months. There have been developments at both the state level, as well as with the FTC. And there is no sign of slowing down....more

The Privacy and Data Security Impact of California’s Recent AI Bills

The dust is beginning to settle from the raft of AI-related bills Governor Newsom signed last month in California. (See for example, our post about neural data.) Most of the provisions will not go into effect for another few...more

93 Results
 / 
View per page
Page: of 4

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide