The Massachusetts’ Consumer Privacy in Commercial Transactions Act (the “Act”) limits companies’ ability to request and collect personal identification information (“PII”) that is not required for a transaction. The Act does...more
8/14/2024
/ CAN-SPAM Act ,
Data Collection ,
E-Commerce ,
Email ,
FTC Act ,
Internet Retailers ,
Marketing ,
Opt-Outs ,
Personal Data ,
Retailers ,
Song-Beverly Credit Card Act ,
UDAP ,
Unfair or Deceptive Trade Practices
We’re halfway through 2024. Are you wondering what you need to think about for your privacy program in the rest of 2024? At the federal level, at the time of this alert, the American Privacy Rights Act remains at the...more
California was the first US state with a comprehensive privacy law the California Consumer Privacy Act (“CCPA”), 4 more states followed with omnibus privacy laws effective this year and state legislatures passed 8 more this...more
10/11/2023
/ Advertising ,
Behavioral Advertising ,
Continuing Legal Education ,
Cookies ,
Data Privacy ,
Demand Letter ,
Events ,
Invasion of Privacy ,
Personal Data ,
Privacy Laws ,
Risk Mitigation ,
Targeted Digital Advertising ,
Web Tracking ,
Websites ,
Wiretapping
The Delaware Personal Data Privacy Act (DPDPA) takes effect January 1, 2025. Delaware generally followed the Connecticut model, but has some unique terms. We provide a non-exhaustive list of some of Delaware’s requirements...more
Florida and California join a growing minority of states enacting laws protecting a person’s genetic information (Nevada and Alaska also have laws). Florida’s new genetic privacy law, known as Protecting DNA Privacy Act, went...more
On March 2, 2021, Governor Northam made Virginia the second state in the U.S. to enact a comprehensive privacy law, Virginia's Consumer Data Protection Act (CDPA). We will follow-up with more discussion on how this impacts...more
If your company holds or collects data in the US, the UK and elsewhere in the EU, you should be mapping out how data flows through those jurisdictions in anticipation of the UK “crashing out” of the European Union in October,...more
Don’t wait to implement your California Consumer Privacy Act (CCPA) compliance as it could require changes to your operations. CCPA can apply to businesses even if they do not have offices or employees in California. It can...more
8/2/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Right to Delete
Five things schools, colleges and universities can do this summer to address data privacy and protect against cybersecurity threats.
Consider these five steps during your summer break to address the protection of...more
7/19/2019
/ Chief Information Security Officer (CISO) ,
Colleges ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Educational Institutions ,
Hackers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Universities ,
Vendor Contacts
Don’t wait to implement your California Consumer Privacy Act (CCPA) compliance. California’s new privacy law goes into effect January 1, 2020. Consumer lawsuits are expected to follow shortly after implementation. CCPA can...more
According to the highest court in the state, Georgia state government does not have an inherent obligation to protect citizens’ personal or sensitive data like social security numbers or status on the unemployment rolls. This...more
Privacy Shield participants must update their privacy notices by March 29, 2019 (if the UK crashes out of the EU then with no deal) to continue to rely on the Privacy Shield for UK to US transfers post-Brexit. Privacy Shield...more
3/19/2019
/ Corporate Counsel ,
Data Protection ,
Data Protection Authority ,
EU-US Privacy Shield ,
International Data Transfers ,
No-Deal Brexit ,
Personal Data ,
Privacy Policy ,
Swiss Privacy Shield ,
UK Brexit ,
Withdrawal Agreement
Canada now follows the US trend to require reporting of personal data exposures. Beginning November 1, 2018, a change in the law will require companies subject to Canada’s federal data protection laws to report data breaches...more
On June 28, 2018, California enacted the California Consumer Privacy Act of 2018 (“CCPA”). CCPA, unlike any other law, requires companies to honor specific privacy rights of California consumers granted under CCPA....more
7/3/2018
/ Consumer Protection Laws ,
Cybersecurity ,
Data Collection ,
Governor Brown ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Privacy Laws ,
Private Right of Action ,
Right to Be Forgotten ,
State and Local Government
The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It...more
5/3/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information
The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It...more
6 Months To Go The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees...more
11/30/2017
/ Contract Amendments ,
Cyber Policies ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection Officers (DPOs) ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Vendor Contacts ,
Written Agreements
7 Months To Go -
The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or...more
11/1/2017
/ Contract Amendments ,
Cyber Policies ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection Officers (DPOs) ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Vendor Contacts ,
Written Agreements
Follow our three-question flowchart to answer the question: “Does GDPR Apply to You?” If “Yes” then you may be required to designate a Data Protection Officer (“DPO”) by May 25, 2018, when the GDPR applies.
Follow our...more
U.S companies are expected to explain how consumers are being tracked across devices, so that the company knows a consumer accessing its website from smartphone, tablet, television, laptop or other devices. Until now, U.S....more