Montana’s amendments also remove the cure period for alleged violations beginning in October, provide prescriptive methods through which businesses have to provide consumers with targeted advertising opt out rights, and...more
Looking forward to 2025, more U.S. states are in line to pass omnibus data protection laws, enforcement of U.S. state data protection laws is likely to increase, and “sensitive data” concepts will similarly grow and take...more
The Colorado Department of Law adopted new regulations governing the collection and use of biometric identifiers and information about those under the age of 18 and put in place a new mechanism through which businesses can...more
Pursuant to President Biden’s March Executive Order, the DOJ has proposed new rules limiting the transfer of certain categories of data to “countries of concern” or “covered persons”....more
12/13/2024
/ China ,
Covered Person ,
Covered Transactions ,
Data Security ,
Department of Justice (DOJ) ,
International Data Transfers ,
Personal Data ,
Proposed Rules ,
Russia ,
Sensitive Personal Information ,
Venezuela
The Colorado Privacy Act already required prior consent for sensitive personal data, with the amendment now setting forth requirements for purchasing and retaining biometric data.
The Colorado state legislature recently...more
2023 saw a dramatic increase in states passing omnibus data protection laws. As the mid-point of 2024 arrives, effective dates also arrive.
On July 1, 2024, the number of US states with broad, omnibus data protection laws...more
Kentucky joins the growing trend of U.S. state data protection laws with well over a dozen now in place across the country.
Last year proved to be a huge year in U.S. state data protection law, ending with 13 U.S. states...more
President Biden issued an Executive Order last month calling on the DOJ and relevant government agencies to tighten regulations on bulk data transfers to “countries of concern.” In late February, President Biden issued...more
3/22/2024
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
Executive Orders ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Regulatory Requirements
New Jersey continues the 2023 trend into 2024 of U.S. states quickly passing similar, omnibus data protection laws, becoming the 14th such state to do so.
Last year proved to be a huge year in U.S. state data protection...more
Last year proved to be a big year in data protection with U.S. state data protection laws popping up across the country, the FTC updating its guidance and regulations on everything from data breaches and biometric...more
1/18/2024
/ Adtech ,
Artificial Intelligence ,
Biden Administration ,
Biometric Information ,
Breach Notification Rule ,
California Privacy Protection Agency (CPPA) ,
COPPA ,
Data Breach ,
Data Protection ,
EU ,
Executive Orders ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
India ,
Minors ,
Opt-Outs ,
Personal Data ,
Popular ,
Privacy Laws ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws ,
UK ,
Website Design ,
Websites
Global Privacy Controls, vendor management, sensitive personal information, and the use of Ad Tech; new U.S. state data protection laws introduce twists to traditional notions of American data protection law.
In the U.S.,...more
11/17/2023
/ Adtech ,
Audits ,
Consent ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Personal Data ,
Privacy Laws ,
Recordkeeping Requirements ,
Sensitive Personal Information ,
State Privacy Laws ,
Third-Party Service Provider
The updated California data protection law itself is now in effect and enforceable as of July 1, 2023; however, enforcement of the regulations—which clarify key provisions of the law—is delayed.
Just before full...more
Enacted in 2022, the laws in Colorado and Connecticut will now join California’s and Virginia’s laws in placing broad obligations and requirements on businesses’ data collection and use practices.
This year has seen a...more
Montana and Tennessee are the latest states to pass data protection laws under a “controller” and “processor” model as 2023 is proving to be a year of Privacy and Security overhaul.
With 2023 showing no signs of slowing...more
Indiana continues the 2023 trend of Midwest States enacting data protection laws under a “controller” and “processor” model.
On April 13, 2023 the Indiana state legislature passed the Indiana Consumer Data Protection Law...more
Like recent new U.S. state data protection laws, the Iowa law creates a “controller” and “processor” regime modeled more so after EU law than the first U.S. state data protection law in California—the CCPA.
On March 15,...more
As Colorado and other US states join California in putting broad data protection laws and regulations in place, the ability for consumers to “opt-out” of certain collection and processing activities also expands—including a...more
Colorado Connecticut, and Virginia landed on requiring opt-in, prior consent before a business can collect sensitive personal information; while California and Utah landed on different forms of opt-out rights that allow...more
The new guidelines provide insight into how businesses can submit applications to the CAC in order to obtain approval via the CAC security assessment cross-border data transfer requirement.
As of September 2022, all...more
10/19/2022
/ China ,
Compliance ,
Cross-Border ,
Cybersecurity ,
Data Security ,
International Data Transfers ,
New Guidance ,
Personal Data ,
Personal Information Protection Law (PIPL) ,
Registration Requirement ,
Security Risk Assessments
The Executive Order hopes to address what had been shortcomings in the previous Safe Harbor and Privacy Shield programs that were struck down by EU courts in 2015 and 2020 respectively.
On October 7, 2022, President...more
10/11/2022
/ Biden Administration ,
Data Privacy ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
Executive Orders ,
FISA ,
Foreign Intellgence ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Intelligence Agencies ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance
Moving forward, businesses will need to use the updated Data Transfer Agreement or Data Transfer Addendum for any relationship or contract that contemplates the cross-border transfer of UK personal data.
As of September...more
Moving forward, businesses will need to use the updated Data Transfer Agreement or Data Transfer Addendum for any relationship or contract that contemplates the cross-border transfer of UK personal data.
As of September...more
The Employee Data Exemptions that existed in the original CCPA will no longer be effective in 2023 as the scope of the data protection law expands under the CPRA.
In November 2020, California residents voted to adopt the...more
9/9/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Data Collection ,
Data Privacy ,
Effective Date ,
Employee Privacy Rights ,
Employer Liability Issues ,
Exemptions ,
Personal Data ,
Personal Information
Beginning next summer, business that meet certain thresholds must comply with the Connecticut law, including several - now common place - individual privacy rights and a requirement to obtain opt-in consent before processing...more
While the announcement is short on details, once in place, U.S.-based. entities will be able to use the new agreement to comply with the GDPR’s cross-border data transfer requirements.
On March 25, the U.S. and E.U....more
4/6/2022
/ Biden Administration ,
Court of Justice of the European Union (CJEU) ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Intergovernmental Agreements ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses