Latest Publications

Share:

California Court Delays Enforcement of CPRA Regulations; as Enforcement on Originally Passed Statute Begins

The updated California data protection law itself is now in effect and enforceable as of July 1, 2023; however, enforcement of the regulations—which clarify key provisions of the law—is delayed. Just before full...more

Recent Dental Benefit Provider Data Breach Highlights Legal Risks and Need for Proactive Mitigation

Data Breaches risk legal consequences—both from state and federal governments and consumers, as well as reputational harm. Last month, MCNA—a dental benefit provider—provided notice of a data breach that exposed the...more

Reminder: One Month Until Colorado and Connecticut Data Protection Laws take Effect; California Enforcement Poised to Begin.

Enacted in 2022, the laws in Colorado and Connecticut will now join California’s and Virginia’s laws in placing broad obligations and requirements on businesses’ data collection and use practices. This year has seen a...more

FTC Implements Broad Definition of Biometric Information; Increases Focus on Data Protection Impact Assessments

While States like Illinois, Texas, and Washington focused on opt-in consent; the FTC is focused on clear and conspicuous disclosures and accounting and planning for foreseeable harms related to the collection of biometric...more

Montana and Tennessee Join the Fray Enacting Omnibus Data Protection Laws as U.S. State Data Protections Pick Up Pace

Montana and Tennessee are the latest states to pass data protection laws under a “controller” and “processor” model as 2023 is proving to be a year of Privacy and Security overhaul. With 2023 showing no signs of slowing...more

Indiana Becomes Seventh U.S. State to Enact an Omnibus Data Protection Law

Indiana continues the 2023 trend of Midwest States enacting data protection laws under a “controller” and “processor” model. On April 13, 2023 the Indiana state legislature passed the Indiana Consumer Data Protection Law...more

Utah Ushers in New Age of U.S. State Regulations on Social Media Companies; Passes Law Requiring Parental Consent

U.S. states are moving to also regulate social media as social media laws—such as Utah’s which requires prior parental consent for those under the age of 18—in addition more broadly regulating data protection and personal...more

Iowa Set to Become Sixth U.S. State to Enact an Omnibus Data Protection Law While Federal Legislation Stagnates

Like recent new U.S. state data protection laws, the Iowa law creates a “controller” and “processor” regime modeled more so after EU law than the first U.S. state data protection law in California—the CCPA. On March 15,...more

The UK Moves to Reform the UK GDPR Aims to be Both Business Friendly and Adequate in the Eyes of the EU

While the reform is a long way away from a certainty, it represents a departure of the UK from the EU’s strict adherence and adoption of the General Data Protection Regulation which came into effect in 2018. Earlier this...more

Privacy Points 2023: Contractual Provisions Required as New State Laws Regulate the Sharing and Processing of Personal Information...

The ability to verify compliance with applicable law, notice and opt-out requirements for subcontractors, and flowing through data minimization principles are key requirements under new US state data protection laws. As...more

Privacy Points 2023: New State Laws Introduce New Audit and Internal Review Requirements for Personal Information Collection and...

Some states will affirmatively require annual audits of a business’s data collection and processing practices and—in some cases—to submit those audits to state regulators. With new US state data protection laws taking...more

Privacy Points 2023: California and Colorado Will Soon Require Acceptance and Adherence to Universal Opt-Out Mechanisms

As Colorado and other US states join California in putting broad data protection laws and regulations in place, the ability for consumers to “opt-out” of certain collection and processing activities also expands—including a...more

Privacy Points 2023: Different Sensitive Personal Information Rights & Requirements Emerge in New US State Data Protection Laws

Colorado Connecticut, and Virginia landed on requiring opt-in, prior consent before a business can collect sensitive personal information; while California and Utah landed on different forms of opt-out rights that allow...more

California and Virginia Data Protection Laws Now in Effect; Three More States to Follow in 2023

As the calendar turns to a new year, the United States data protection law will also make a turn towards more states implementing and enforcing new data protection laws impacting a business’s collection, use, and disclosure...more

EU Officially Adopts Digital Markets Act to Target Anti-Competitive Behavior in the Online Marketspace

The Digital Markets Act aims to complement the enforcement of competition law to ensure that markets where “Gatekeepers” are present—including online search engines, online social networking, video sharing platform services,...more

First Ever BIPA Trial Results in a $228 million Judgement Against Railway Company that Relied on Third Party Vendor to Collect...

The judgement, which came down last week, exemplifies the risk of biometric information collection in Illinois and the risk that can result from relying solely on third party vendors. On October 12, 2022, a jury found...more

As China Cross-Border Data Transfer Security Assessment Requirement Comes Into Effect, New Guidelines Posted for Security...

The new guidelines provide insight into how businesses can submit applications to the CAC in order to obtain approval via the CAC security assessment cross-border data transfer requirement. As of September 2022, all...more

President Biden Enacts New Executive Order On EU-US Data Flow Agreement; EU Adequacy Decision Forthcoming

The Executive Order hopes to address what had been shortcomings in the previous Safe Harbor and Privacy Shield programs that were struck down by EU courts in 2015 and 2020 respectively. On October 7, 2022, President...more

REMINDER: New UK Cross-Border Data Transfer Mechanisms Now in Effect.

Moving forward, businesses will need to use the updated Data Transfer Agreement or Data Transfer Addendum for any relationship or contract that contemplates the cross-border transfer of UK personal data. As of September...more

REMINDER: New UK Cross-Border Data Transfer Mechanisms Now in Effect.

Moving forward, businesses will need to use the updated Data Transfer Agreement or Data Transfer Addendum for any relationship or contract that contemplates the cross-border transfer of UK personal data. As of September...more

Incoming Data Protection Laws May Affect Your Business

In 2023, a number of state data protection laws will be coming into effect and a number of entities who previously were not subject to data security and data privacy obligations will soon be within the scope of these laws....more

Reminder: California Employee Personal Data In-Scope of California Data Protection Law Effective Jan. 1, 2023

The Employee Data Exemptions that existed in the original CCPA will no longer be effective in 2023 as the scope of the data protection law expands under the CPRA. In November 2020, California residents voted to adopt the...more

First Civil Penalties Under the CCPA Through $1.2 Million Settlement For Cookie “Sale” Violations

The enforcement marks a step-up in scrutiny and enforcement as new amendments to the CCPA are set to come into force Jan. 1, 2023 and as enforcement moves from the CA Attorney General to the new California Privacy Protection...more

New California Law Requires Enhanced Privacy By Default And Design For Users Under The Age of 18

The bill, still awaiting likely signature from Gov. Newsom, will go into effect July 1, 2024 and apply to any business offering online services or products to children. The California Age-Appropriate Design Code Act...more

The Cookie Crumbles? EU Advocacy Group Files 226 Complaints Alleging Cookie Consent Violations

Specifically, the group is alleging that websites are commonly using deceptive cookie banners that do not adhere to the GDPR’s express consent requirements. In early August, the European Union data protection advocacy...more

69 Results
 / 
View per page
Page: of 3

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide