Looking forward to 2025, more U.S. states are in line to pass omnibus data protection laws, enforcement of U.S. state data protection laws is likely to increase, and “sensitive data” concepts will similarly grow and take...more
The Net Neutrality rules aimed to protect open, free, and fast Internet for all, while opponents questioned federal agency authority and worried the rules stymied investment and innovation....more
The Colorado Department of Law adopted new regulations governing the collection and use of biometric identifiers and information about those under the age of 18 and put in place a new mechanism through which businesses can...more
Pursuant to President Biden’s March Executive Order, the DOJ has proposed new rules limiting the transfer of certain categories of data to “countries of concern” or “covered persons”....more
12/13/2024
/ China ,
Covered Person ,
Covered Transactions ,
Data Security ,
Department of Justice (DOJ) ,
International Data Transfers ,
Personal Data ,
Proposed Rules ,
Russia ,
Sensitive Personal Information ,
Venezuela
The amendments clarify that a plaintiff is only entitled to liquidated damages for up to one violation per person. Businesses had previously faced steep settlements or damage awards into the billions of dollars....more
The Colorado Privacy Act already required prior consent for sensitive personal data, with the amendment now setting forth requirements for purchasing and retaining biometric data.
The Colorado state legislature recently...more
As the development and use of AI continues to grow, the potential for security and safety incidents harming organizations and the public increases. Updated reporting and tracking processes for AI security and safety incidents...more
5/14/2024
/ Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Security ,
Executive Orders ,
Machine Learning ,
National Security Agency (NSA) ,
NIST ,
Proposed Legislation
2023 saw a dramatic increase in states passing omnibus data protection laws. As the mid-point of 2024 arrives, effective dates also arrive.
On July 1, 2024, the number of US states with broad, omnibus data protection laws...more
Like Texas’s data protection law, Nebraska’s does not contain a minimum revenue threshold or a minimum number of consumers whose personal data needs to be processed prior to the law applying....more
Kentucky joins the growing trend of U.S. state data protection laws with well over a dozen now in place across the country.
Last year proved to be a huge year in U.S. state data protection law, ending with 13 U.S. states...more
In its first ever enforcement advisory, the CPPA highlighted the key concept of data minimization—specifically focusing on excessive data collected when consumers make requests pursuant to their data privacy rights under the...more
The American Privacy Rights Act of 2024 would establish a national, comprehensive data protection law unifying US businesses under one standard, preempting the well over a dozen U.S. states with laws already in effect. ...more
4/9/2024
/ Consumer Privacy Rights ,
Corporate Counsel ,
Covered Entities ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Preemption ,
Privacy Laws ,
Private Right of Action ,
Proposed Legislation ,
State Privacy Laws
Nevada’s new consumer health data law—like Washington’s My Health My Data Act—implements strict—and separate—consent requirements for the collection and sharing of an individual’s health data, with few exceptions.
March...more
Washington’s My Health My Data Act implements strict—and separate—consent requirements for the collection and sharing of an individual’s health data, with few exceptions.
As of March 31, 2024 the Washington My Health My...more
4/2/2024
/ Compliance ,
Compliance Dates ,
Consent ,
Consumer Privacy Rights ,
Genetic Testing ,
Health Care Providers ,
Mental Health ,
Notice Requirements ,
Personal Information ,
PHI ,
Privacy Laws ,
Reproductive Healthcare Issues ,
Sensitive Personal Information ,
State Privacy Laws
The amended version of the bill—which itself amends Colorado’s Privacy Act—now heads for final passage and governor signature.
The Colorado state legislature is close to final passage of the “Act Concerning Protection the...more
The newly promulgated measures increase the threshold of data triggering security assessments and contract requirements while leaving room for Chinese authorities to heavily restrict cross-border data transfers.
In...more
4/1/2024
/ China ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Free Trade Zone ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
New Regulations ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Regulatory Requirements ,
Risk Assessment ,
Security Risk Assessments ,
Sensitive Personal Information ,
Standard Contractual Clauses
President Biden issued an Executive Order last month calling on the DOJ and relevant government agencies to tighten regulations on bulk data transfers to “countries of concern.” In late February, President Biden issued...more
3/22/2024
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
Executive Orders ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Regulatory Requirements
New Hampshire joins New Jersey as the second state passing a data protection law in 2024. New Hampshire is the 15th overall US state to do so.
Last year proved to be a huge year in U.S. state data protection law, ending...more
New Jersey continues the 2023 trend into 2024 of U.S. states quickly passing similar, omnibus data protection laws, becoming the 14th such state to do so.
Last year proved to be a huge year in U.S. state data protection...more
Last year proved to be a big year in data protection with U.S. state data protection laws popping up across the country, the FTC updating its guidance and regulations on everything from data breaches and biometric...more
1/18/2024
/ Adtech ,
Artificial Intelligence ,
Biden Administration ,
Biometric Information ,
Breach Notification Rule ,
California Privacy Protection Agency (CPPA) ,
COPPA ,
Data Breach ,
Data Protection ,
EU ,
Executive Orders ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
India ,
Minors ,
Opt-Outs ,
Personal Data ,
Popular ,
Privacy Laws ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws ,
UK ,
Website Design ,
Websites
Utah became the fourth U.S. state to pass an omnibus data protection law when the Utah Consumer Privacy Act was signed into law March 24, 2022.
As the page turns to a new year, a new U.S. state data protection law will...more
The amended rule requires financial institutions to notify the FTC within 30 days of discovery of a security breach involving information of at least 500 consumers. ...more
Global Privacy Controls, vendor management, sensitive personal information, and the use of Ad Tech; new U.S. state data protection laws introduce twists to traditional notions of American data protection law.
In the U.S.,...more
11/17/2023
/ Adtech ,
Audits ,
Consent ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Personal Data ,
Privacy Laws ,
Recordkeeping Requirements ,
Sensitive Personal Information ,
State Privacy Laws ,
Third-Party Service Provider
This year has proven to be a turning point in the U.S. data protection law landscape with California’s amended data protection law coming into effect and Colorado’s, Connecticut’s, and Virginia’s data protection laws joining...more
A recently passed law in Connecticut adds in specific protections on sub-sets of consumer health data, creates new rights related to social media, and clarifies requirements related to children’s data....more