Kentucky joins the growing trend of U.S. state data protection laws with well over a dozen now in place across the country.
Last year proved to be a huge year in U.S. state data protection law, ending with 13 U.S. states...more
Washington’s My Health My Data Act implements strict—and separate—consent requirements for the collection and sharing of an individual’s health data, with few exceptions.
As of March 31, 2024 the Washington My Health My...more
4/2/2024
/ Compliance ,
Compliance Dates ,
Consent ,
Consumer Privacy Rights ,
Genetic Testing ,
Health Care Providers ,
Mental Health ,
Notice Requirements ,
Personal Information ,
PHI ,
Privacy Laws ,
Reproductive Healthcare Issues ,
Sensitive Personal Information ,
State Privacy Laws
The newly promulgated measures increase the threshold of data triggering security assessments and contract requirements while leaving room for Chinese authorities to heavily restrict cross-border data transfers.
In...more
4/1/2024
/ China ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Free Trade Zone ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
New Regulations ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Regulatory Requirements ,
Risk Assessment ,
Security Risk Assessments ,
Sensitive Personal Information ,
Standard Contractual Clauses
The ability to verify compliance with applicable law, notice and opt-out requirements for subcontractors, and flowing through data minimization principles are key requirements under new US state data protection laws.
As...more
Some states will affirmatively require annual audits of a business’s data collection and processing practices and—in some cases—to submit those audits to state regulators.
With new US state data protection laws taking...more
2/7/2023
/ Audits ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
Personal Information ,
Privacy Laws ,
State Privacy Laws ,
Subcontractors ,
Third-Party Service Provider
Colorado Connecticut, and Virginia landed on requiring opt-in, prior consent before a business can collect sensitive personal information; while California and Utah landed on different forms of opt-out rights that allow...more
The Employee Data Exemptions that existed in the original CCPA will no longer be effective in 2023 as the scope of the data protection law expands under the CPRA.
In November 2020, California residents voted to adopt the...more
9/9/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Data Collection ,
Data Privacy ,
Effective Date ,
Employee Privacy Rights ,
Employer Liability Issues ,
Exemptions ,
Personal Data ,
Personal Information
The enforcement marks a step-up in scrutiny and enforcement as new amendments to the CCPA are set to come into force Jan. 1, 2023 and as enforcement moves from the CA Attorney General to the new California Privacy Protection...more
The amended law comes into effect in April and covers new categories of personal information, including personal-related information and sensitive personal information.
In June 2021, Japan enacted an amendment to its privacy...more
The brief FTC note indicates the agency will look to combat poor security practices, protect against the misuse of personal information, and discrimination arising from algorithmic decision-making.
Last month, the...more
1/21/2022
/ Algorithms ,
Congressional Committees ,
Consent ,
Data Security ,
Federal Trade Commission (FTC) ,
Personal Data ,
Personal Information ,
Privacy Concerns ,
Proposed Rules ,
Rulemaking Process ,
Unfair or Deceptive Trade Practices