The California Consumer Privacy Act of 2018 (as amended, including by the California Privacy Rights Act, the “CCPA”) was drafted by a privacy rights activist, initially passed and later amended multiple times by the...more
The California Consumer Privacy Act of 2018 (as amended, including by the California Privacy Rights Act, the CCPA) was drafted by a privacy rights activist, initially passed and later amended multiple times by the California...more
Effective July 1, 2024, Texas will join California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, New Jersey, Oregon, Tennessee, Utah and Virginia, with a new, general consumer privacy statute the Texas Data...more
The United States is on track to see a record number of data breaches in 2023 and state regulators are paying attention. The swift action required by victim companies includes containment and elimination of the threat, and...more
On June 10, 2023 the European Commission (the “Commission”) issued an adequacy decision on the new EU-U.S. Data Privacy Framework (the “DPF”). The decision restored free transfer of data between the EU and U.S. after three...more
In 2023, new consumer privacy laws will be effective in California, Colorado, Connecticut, Utah, Virginia. Other laws from the states of Delaware, Indiana, Iowa, Montana, Tennessee, Oregon, and Texas were signed this year and...more
The California Privacy Rights Act of 2020 (“CPRA”), which voters approved in November 2020, expanded consumers’ protections under the California Consumer Privacy Act of 2018 (“CCPA”). While the CPRA introduced new consumer...more
As of January 1, 2023, the personal information of personnel (including job applicants, employees, officers, directors and contractors), and of business to business contacts, is subject to the California Consumer Privacy Act...more
Last fall, we provided an update on the state of the regulations promulgated under the California Consumer Privacy Act (CCPA). At the time, we identified key gaps in the current regulations, specifically the lack of guidance...more
Iowa Joins the Consumer Privacy Party -
On March 28, 2023, Governor Kim Reynolds signed a new Iowa consumer privacy statute to be effective January 1, 2025, the Iowa Consumer Data Protection Act, joining California,...more
In 2023, new consumer privacy laws will be effective in California, Colorado, Connecticut, Utah, and Virginia. These laws will come online throughout the year as follows...more
The California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA”) has had some major developments over the summer. On July 8, 2022, the California Privacy Protection Agency (California’s privacy...more
Already considered among the most rigorous cybersecurity requirements for financial services companies, the existing New York Department of Financial Services (“NY DFS”) Cybersecurity Regulation (the “Regulation”) set the...more
Key Takeaways:
CCPA exemptions set to expire on January 1, 2023, for the personal information of:
• “Personnel” (employees, job applicants, officers, directors, owners, medical staff members, and independent...more
Vermont Governor Scott signed the Vermont Insurance Data Security Law (available here) (the “VIDSL”), becoming the 22nd state to adopt a cybersecurity statute based on the National Association of Insurance Commissioners...more
U.S. authorities have increased warnings of threats to critical infrastructure from Russian sources and have laid the groundwork for 72-hour reporting requirements for critical infrastructure organizations. At the end of...more
Under the emerging regime of privacy laws in the U.S., businesses must prepare to assess the protection of certain information in view of proposed data processing activities, beginning with the new laws to be effective in...more
The New York Department of Financial Services (the “NY DFS”) has published three new FAQs that interpret certain requirements under its Cybersecurity Regulation (23 NYCRR 500, the “NY DFS Cyber Reg”) related to breaches by...more
Addressing the evolving landscape of privacy laws will be at the top of the list of New Year’s resolutions for those doing business in the U.S. Businesses will need to assess and address changes in California privacy law, and...more
In 2023, new consumer privacy laws will be effective in Colorado, Virginia, and California. Of these, the Colorado Privacy Act (SB 21-190 , the “CPA”) is the latest to be enacted. Effective July 1, 2023, the CPA shares many...more
“Reasonable Security” is a term that is becoming more important due to the continued increase in ransomware incidents over the past few years, which the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) has...more
Ransomware is dominating headlines and creating unimaginable headaches. Ransomware has been deployed against every industry sector, and against municipalities and other government agencies. The resulting disruptions and...more
As we have discussed in previous articles, through the California Consumer Privacy Act (CCPA), California has set new privacy standards, granted new consumer rights, and imposed new obligations on businesses. Although clearly...more
Having set a new standard for privacy in the United States with the California Consumer Privacy Act of 2018 (the “CCPA”), California has again raised the bar for consumer privacy with the California Privacy Rights Act (the...more
The CCPA became effective January 1, 2020. Some businesses prepared to meet the deadline, while others have become partially compliant but still have more to do. Some may not have begun. What should a business be doing at...more