The Swiss Federal Council has added the U.S. to the list of countries with an adequate level of data protection. Effective September 15, 2024, U.S. organizations that certify to the Swiss–U.S. Data Privacy Framework (DPF) can...more
On June 25, 2024, Rhode Island became the 20th state to enact a comprehensive consumer data protection law, the Rhode Island Data Transparency and Privacy Protection Act (“RIDTPPA”). The state joins Kentucky, Maryland,...more
8/13/2024
/ Consent ,
Consumer Privacy Rights ,
Data Controller ,
Enforcement ,
Geolocation ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Rhode Island ,
State Attorneys General ,
State Privacy Laws
On May 24, 2024, Minnesota’s governor signed an omnibus bill, HF4757 which included the new Consumer Data Privacy Act. The state joins Kentucky, Minnesota, Nebraska, New Hampshire, New Jersey, and Rhode Island in passing...more
In 2020, Daniel Anderl, the son of Federal Judge Esther Salas, was shot and killed by a man targeting the judge. It is believed the man found the judge’s home address online. In reaction to the murder, New Jersey enacted...more
Maryland’s governor recently signed the Maryland Online Data Privacy Act of 2024 (MODPA), making Maryland one of six states—along with Kentucky, Nebraska, New Hampshire, New Jersey, and Rhode Island—to pass a comprehensive...more
In what is being called the American Privacy Rights Act (Act), some are suggesting this could be the one! For many years, Congress has been unable to come together to craft a national privacy law. There have been several...more
The California Privacy Protection Agency (CPPA) issued its first enforcement advisory concerning the California Consumer Privacy Act (CCPA). In Enforcement Advisory No. 2024-01, the CPPA tackles a foundational principle –...more
On January 16, 2024, New Jersey’s Governor signed Senate Bill (SB) 332, which establishes a consumer data privacy law for the state. New Jersey becomes the 13th state to pass a consumer data consumer privacy law. The law...more
Cross Border Transfers of Data.
UK Data Transfers. The UK government has published a U.S. “adequacy decision” which permits U.S. organizations that have certified to the EU-US Data Privacy Framework (DPF) and UK Extension...more
11/6/2023
/ California Consumer Privacy Act (CCPA) ,
Canada ,
Cross-Border ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
EU ,
Federal Trade Commission (FTC) ,
Form 10-K ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
Personal Information Protection Law (PIPL) ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws ,
UK
As Cybersecurity Awareness Month wraps up, it’s worth mentioning that employee security awareness training is an ongoing process. Employee error remains a significant contributing factor in data breaches. According to the...more
There are numerous cybersecurity regulations and requirements for businesses to worry about but they may not be considering their cybersecurity regulations under privacy statutes. California was at the forefront of privacy...more
This year, Indiana joined several other states to pass a comprehensive consumer privacy law, that becomes operative on January 1, 2026. Like other consumer privacy laws, Indiana’s law requires businesses to establish...more
Effective July 10, 2023, the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) replaced the invalidated EU-U.S. Privacy Shield framework (“Privacy Shield”). Participating U.S. organizations can now receive personal data...more
10/2/2023
/ Data Privacy ,
DPA ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Privacy Framework ,
Swiss Privacy Shield ,
UK
Though enforcement of the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act (CCPA) has been paused for now, the State of California is not resting when it comes to compliance with the...more
June 9th marked the deadline for financial institutions, including certain non-banking institutions that collect or maintain sensitive customer information (e.g., car dealerships), to implement a comprehensive information...more
6/15/2023
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Breach Notification Rule ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Protection ,
Employee Training ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
International Data Transfers ,
Personal Information ,
Solicitation
As we round the corner into the second quarter of 2023, the following enforcement dates for new or amended state data protection laws are quickly approaching.
•The New York City Local Law 144, Automated Employment Decision...more
On March 28, 2023, Iowa’s Governor signed Iowa’s new statute relating to consumer data protection. Iowa joins California, Colorado, Connecticut, Utah, and Virginia in the ever-growing patchwork of consumer privacy laws across...more
On March 15, 2023, the Iowa legislature unanimously passed Senate File 262, the Consumer Privacy Act, which relates to consumer data and privacy protection. Once signed by Iowa’s governor, the statute will become operative on...more
While the California Privacy Protection Agency (CPPA) only recently approved revised amended regulations pertaining to the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), it is already on...more
After a significant delay, on February 3, 2023, the California Privacy Protection Agency (CPPA) unanimously approved amended regulations. The new regulations have not yet gone into effect as they must first be approved by the...more
To celebrate Data Privacy Day, we present our top ten data privacy and cybersecurity predictions for 2023.
1. Healthcare and Medical Data Security and Tracking-
The healthcare industry has been facing increased scrutiny...more
1/27/2023
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Employee Monitoring ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Popular ,
State Privacy Laws
The Colorado Privacy Act (CPA), effective July 1, 2023, provides expansive protections to the personal data of Colorado residents acting in an individual or household context (a “consumer”). Similar to the California Consumer...more
On December 16, 2022, the California Privacy Protection Agency (CPPA) had its final meeting before the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act takes effect on January 1, 2023....more
In June 2022, the California Privacy Protection Agency (CPPA) Board first started discussions about revising the regulations previously released by the California Attorney General....more
On October 21 and 22, the California Privacy Protection Agency (CPPA) Board will meet to discuss possible action regarding the proposed regulations for the California Consumer Privacy Act (CCPA) and California Privacy Rights...more