Nebraska’s governor has now signed into law the state’s “comprehensive” privacy law making it the fourth one this year, and the 17th overall. It will take effect on January 1, 2025 – the same day as Delaware, Iowa, and New...more
4/26/2024
/ Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
New Regulations ,
Opt-Outs ,
Personal Data ,
Personal Information ,
Popular ,
Privacy Laws ,
State Privacy Laws
Utah, among other privacy laws it has enacted or modified recently, has also modified its breach notification law. This follows last year’s changes to the law, which among other things codified the state’s Cyber Center....more
4/22/2024
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Security ,
Notification Requirements ,
Privacy Laws ,
Reporting Requirements ,
State Privacy Laws
With the Kentucky governor recently signing into law that state’s privacy law the US now has 16 states with “comprehensive” privacy laws. This newest one will go into effect on January 1, 2026 – the same day as Indiana. It...more
New Hampshire’s governor has signed into law the second state comprehensive privacy law of 2024. The law takes effect on January 1, 2025 – the same day as Iowa and Delaware (with New Jersey going into effect two weeks later)....more
ARTIFICIAL INTELLIGENCE -
What is the Privacy Impact of the White House AI Order for Businesses? Posted November 28, 2023
Biden’s sweeping AI Executive Order sought to have artificial intelligence used in accordance...more
2/7/2024
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Healthcare ,
Legislative Agendas ,
New Legislation ,
New Regulations ,
Online Safety for Children ,
Privacy Acts ,
Privacy Laws ,
State and Local Government ,
State Privacy Laws
New Jersey’s governor has signed into law the first US state comprehensive privacy law of 2024. It will go into effect January 16, 2025. For those keeping score, that puts New Jersey after Florida, Oregon, Texas (all July 1,...more
From the expansion of “general privacy” laws in US states and concerns over cross-border data transfers, to global focus on artificial intelligence, surveillance and dark patterns, 2023 was a busy year. Our privacy team...more
As we begin the new year, many are wondering whether the growing list of US state privacy laws apply to them, and if so, what steps they should take to address them. For companies that gather information from consumers,...more
The FTC is beginning 2024 with a bang. Just a few short days after announcing a settlement with lead-generation company Response Tree, the FTC has announced another decision. In this latest announcement, the FTC has described...more
In anticipation of July 1, 2024, requirements to allow consumers the ability to use “universal opt out mechanisms” in certain circumstances, Colorado has posted its “universal opt out shortlist.” The list is indeed short....more
Both Texas and Oregon recently adopted rules that will, among other things, implement a registry required by both states’ data broker laws. The Texas law went into effect September 1, 2023, and the Oregon law will go into...more
12/27/2023
/ Data Brokers ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Sellers ,
New Legislation ,
Oregon ,
Privacy Laws ,
Registration Requirement ,
State and Local Government ,
State Privacy Laws
The CPPA, the California regulatory body charged with enforcing CCPA, recently released draft regulations for use of automated decisionmaking technology. The draft comes under the law’s requirements for the agency to issue...more
12/21/2023
/ Automated Decision Systems (ADS) ,
California ,
California Privacy Protection Agency (CPPA) ,
New Regulations ,
Personal Information ,
Privacy Laws ,
Proposed Regulation ,
Proposed Rules ,
State Privacy Laws ,
Technology Sector ,
Tracking Systems
Among the various requirements under US state comprehensive privacy laws, those that relate to loyalty programs may be some of the most confusing. Only three states — California, Colorado and Florida — regulate these...more
The CPPA, the California regulatory body charged with enforcing CCPA, has now issued draft regulations on risk assessments and cybersecurity audits. The draft was released ahead of a public board meeting to discuss those...more
After some delay, Delaware’s governor has at last signed into law the thirteenth state comprehensive privacy law. This is the seventh law passed in 2023, joining Iowa, Indiana, Tennessee, Montana, Florida, and Oregon. The law...more
It’s been a busy summer for US state privacy laws, and companies now need to keep track of a growing list of requirements from these laws. These include many we have written about in the past, including notice, vendor...more
Texas has joined Arkansas and Utah as the third state to impose requirements on social media accounts for those under 18. Namely, with the Securing Children Online through Parental Empowerment Act (“SCOPE Act”), Texas will...more
Financial services companies beware: the new state privacy laws exemption are not uniform. To recap, there are privacy laws in 12 states: California, Colorado, Connecticut, Florida, Indiana, Iowa, Montana, Oregon, Tennessee,...more
The enforcement division of the California Privacy Protection Agency (CPPA) recently announced it intends to review the privacy practices of connected vehicles. The driving force behind the review is the technologies in...more
Iowa recently became the fifth state to offer businesses a safe harbor if they have a written cybersecurity program. Others are Connecticut (October 1, 2021), Ohio (effective November 2, 2018), Oregon (effective January 1,...more
As more and more states are enacting privacy laws, organizations in the health care industry may be wondering what the impact these laws will have on them. At this point, there are privacy laws in 12 states, with one more...more
Oregon’s governor has now signed into law the state’s comprehensive privacy law. Meaning, there are now 12 states with these laws, six of which were passed just this year (others passed in 2023 were Iowa, Indiana, Tennessee,...more
7/24/2023
/ Consumer Privacy Rights ,
Covered Entities ,
Data Protection Acts ,
Enforcement Actions ,
Financial Institutions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Legislative Agendas ,
New Legislation ,
Oregon ,
Personal Data ,
Personal Information ,
State and Local Government ,
State Privacy Laws
A California court recently issued a ruling delaying the CPPA’s ability to enforce the most recent CCPA regulations until March 29, 2024. This does not delay enforcement of the CCPA statute or existing regulations....more
When thinking about privacy notice obligations, companies often -incorrectly- leap to the wording in their privacy policies. The new comprehensive state privacy laws are a reminder that notice obligations are a bit broader...more
7/7/2023
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Legislative Agendas ,
New Legislation ,
Personal Data ,
Privacy Acts ,
Privacy Laws ,
Privacy Policy ,
Regulatory Requirements ,
State and Local Government ,
State Legislatures ,
State Privacy Laws
With a little less than a week before the next US state “comprehensive” privacy laws (Colorado and Connecticut) go into effect, many are reviewing existing practices. One that keeps coming up is the concept of “profiling.” As...more
6/27/2023
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
New Legislation ,
Personal Data ,
Privacy Acts ,
Privacy Laws ,
State and Local Government ,
State Legislatures ,
State Privacy Laws