Each of the 50 states has its own definition of what constitutes a reportable data breach. For some, it requires “unauthorized access” to personal information. For others, it requires “unauthorized acquisition.” And then,...more
7/25/2024
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Theft ,
Identity Theft ,
Personal Data ,
Personally Identifiable Information ,
Unauthorized Access
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
On March 6, 2024, New Hampshire Governor Chris Sununu signed Senate Bill 255 into law, making New Hampshire the 14th U.S. state to enact a comprehensive privacy law. The law, which becomes effective on January 1, 2025, is...more
Editor’s Note: In recent regulatory and enforcement developments, the White House announced a new executive order aimed at strengthening cybersecurity at U.S. ports, and another executive order was issued to protect sensitive...more
3/7/2024
/ Artificial Intelligence ,
Biden Administration ,
Consent Order ,
Consumer Financial Products ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Fair Credit Reporting Act (FCRA) ,
FCC ,
Financial Services Industry ,
Personal Data ,
Personally Identifiable Information ,
Robocalling ,
TCPA ,
UDAAP
In recent regulatory and enforcement developments, the California Privacy Protection Agency (CPPA) proposed a regulatory framework for automated decision-making technology (ADMT) and revisions to the California Consumer...more
2/7/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
COPPA ,
Cyber Attacks ,
Data Breach ,
Data Brokers ,
Data Protection ,
FCC ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Personal Data ,
Popular ,
Reporting Requirements ,
Robocalling ,
Social Media ,
State Attorneys General ,
Vulnerability Assessments ,
Website Owner Liability
On January 16, New Jersey Governor Phil Murphy signed S332 (the act), making New Jersey the first state in 2024 to enact a comprehensive privacy law. Several other states are currently considering similar comprehensive...more
1/26/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Technology ,
New Jersey ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Reform ,
State Data Privacy Laws
Following several years of investigating the common practices in the space, the Federal Trade Commission (FTC) reached its first settlement with a data broker over the alleged collection and sale of location information that...more
1/18/2024
/ Consumer Financial Protection Bureau (CFPB) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Brokers ,
Data Collection ,
Data Sellers ,
Data Selling ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
Geolocation ,
Location Data ,
Personal Data ,
Request For Information ,
Settlement
On October 10, Governor Newsom signed the Delete Act ( SB 362) into law, which amends California's current data broker law to impose extensive additional disclosure and registration requirements on data brokers, and to...more
10/20/2023
/ California ,
California Privacy Protection Agency (CPPA) ,
Consumer Reporting Agencies ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Deletion ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
New Legislation ,
Notice of Proposed Rulemaking (NOPR) ,
Personal Data ,
Personal Information ,
Personally Identifiable Information ,
Popular ,
Public Comment ,
Regulatory Reform
Editor’s Note: Texas, Oregon, and Delaware became the latest states to pass a comprehensive privacy bill, while the CPRA, Connecticut, and Colorado’s privacy laws came into force. In the litigation world, the FTC filed an...more
7/20/2023
/ California Privacy Rights Act (CPRA) ,
Data Breach ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
Personal Data ,
Popular ,
Securities and Exchange Commission (SEC) ,
Small Business ,
State Data Privacy Laws
Don't Hyperventilate. There are new United Kingdom (UK), European Union (EU), U.S., and global regulatory requirements that just went into effect or will be effective before or soon after year-end that will impact contracts...more
Editor’s Note: Connecticut became the fifth state in the nation to successfully pass a comprehensive privacy bill (now awaiting its governor’s signature), following California, Colorado, Utah, and Virginia. Meanwhile,...more
5/13/2022
/ Advisory Committee ,
Artificial Intelligence ,
Biometric Information Privacy Act ,
Class Action ,
Connecticut ,
Data Privacy ,
Digital Services ,
Electronically Stored Information ,
Employee Tracking ,
EU ,
False Claims Act (FCA) ,
GINA ,
Personal Data ,
State Privacy Laws ,
Stored Communications Act ,
U.S. Commerce Department
On April 28, the Connecticut House passed Senate Bill 6, an act concerning personal data privacy and online monitoring (SB 6 or Connecticut Act). The Senate unanimously passed SB 6 on April 20, and is now currently under...more
Introduction: Biometric Laws in 2022 -
In the first quarter of 2022 alone, no fewer than seven states have introduced biometric laws — California, Kentucky, Maine, Maryland, Massachusetts, Missouri, and New York — generally...more
On March 25, a huge sigh of relief was heard from businesses and organizations located throughout the United States and Europe after the U.S. and European Commission announced their agreement in principle on a new...more
On January 28, following the European Commission’s June 4, 2021 issuance of modified standard contractual clauses (SCCs), the United Kingdom’s (U.K.) secretary of state for digital, culture, media, and sport, presented the...more
On November 10, the United Kingdom (U.K.) Supreme Court issued a decision in Lloyd v. Google LLC, UKSC2019/0213 (Supreme Court of the United Kingdom), recognizing that the loss of control of personal data by consumers alone...more
Do you want a simple way to keep current on important privacy changes? Avoid sleepless nights wondering whether you missed a privacy speed bump or pothole between annual updates? Worry no longer. Troutman Pepper is pleased to...more
This July, the Uniform Law Commission (ULC) approved a final draft of the Uniform Personal Data Protection Act (UPDPA). The ULC is a nonpartisan group, which drafts model laws with the goal of widespread state adoption. One...more
In recent months, updated versions of the Data Protection Act of 2020 and the SAFE DATA Act have been reintroduced in the U.S. Senate. This post provides an overview of these updated privacy bills, both of which were...more
On July 7, Governor Jared Polis signed Colorado's comprehensive data privacy bill (SB 21-190) into law. The Colorado Privacy Act (CPA) will go into effect on January 1, 2023, making Colorado the third state to enact a...more
On June 8, the Colorado legislature passed the Colorado Privacy Act (CPA). Assuming Governor Jared Polis signs the bill into law within 30 days, as is expected, Colorado will become the third state in the United States to...more
For most of 2020, the world struggled with COVID-19 and its effects.
Earlier in the pandemic, we published a Law360 guest article offering privacy guidance to developers interested in creating contact-tracing...more
Enforcement of the California Consumer Privacy Act (CCPA) began July 1, 2020. Our privacy team at Troutman Pepper includes several attorneys who worked in an attorney general’s office. This privacy regulatory team has...more
7/17/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Sellers ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government