The Governor of Colorado signed the Colorado Privacy Act (CPA) on July 7, 2021, making it the third state in the United States to enact broad consumer privacy legislation. Building on now-familiar concepts from the California...more
The California Privacy Rights Act (CPRA) will require businesses to update their privacy notices with additional disclosures and post website links that allow consumers to exercise their new rights under the CPRA. In this...more
As we have previously highlighted, the California Privacy Rights Act (CPRA) has created several new consumer rights that will require businesses to change existing California Consumer Privacy Act (CCPA) compliance programs. ...more
On February 4, the New York Department of Financial Services (NYDFS) released Insurance Circular Letter No. 2 (2021), a Cyber Insurance Risk Framework (Framework) for insurers that write cyber insurance....more
2/17/2021
/ Consumer Insurance Products ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
Insurance Regulations ,
NYDFS ,
Popular ,
Risk Management ,
State and Local Government
Virginia is on track to be the second U.S. state to enact comprehensive consumer privacy legislation. Both the Virginia House of Delegates and the Virginia Senate have passed nearly identical versions of the Consumer Data...more
2/10/2021
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
Risk Management ,
State and Local Government
On January 12, 2021, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) published a Notice of Proposed...more
1/13/2021
/ Cybersecurity ,
Data Breach ,
Data Protection ,
FDIC ,
Federal Breach Notification Standard ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
FRB ,
NPRM ,
OCC ,
Popular ,
Regulatory Requirements
The U.S. Department of Commerce (DOC), Department of Justice (DOJ), and the Office of the Director of National Intelligence (ODNI) jointly issued a White Paper containing information about privacy protections under U.S. law...more
9/29/2020
/ Court of Justice of the European Union (CJEU) ,
Data Management ,
Data Protection ,
Department of Justice (DOJ) ,
EU ,
FISA ,
International Data Transfers ,
National Security ,
ODNI ,
Personal Data ,
Risk Management ,
Schrems I & Schrems II ,
U.S. Commerce Department
On Friday, the California Attorney General issued the final implementing regulations for the California Consumer Privacy Act (CCPA). The final regulations—which had been under review by the California Office of Administrative...more
8/18/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Office of Administrative Law Judges (OALJ) ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Requirements ,
State and Local Government
It’s official. The California Privacy Rights Act (CPRA) has received enough valid signatures to appear on the November 2020 ballot. And if polling from late last year remains accurate, California voters are likely to approve...more
6/26/2020
/ Ballot Measures ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Legislative Agendas ,
Personally Identifiable Information ,
State and Local Government
On June 1, The California Attorney General (CA AG) submitted the final text of the CCPA regulations to the California Office of Administrative Law (OAL) for approval. ...more
6/2/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
On March 11, The California Attorney General (CA AG) released a second set of modifications to the proposed regulations implementing the California Consumer Privacy Act (CCPA)....more
3/13/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Digital Service Providers ,
Information Governance ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Right to Delete ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
On Friday, February 7, 2020, the California Attorney General (CA AG) released notice of changes to the California Consumer Privacy Act (CCPA) draft regulations. Initial draft regulations were published for public comment on...more
2/10/2020
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government
Washington State is already shaping up as a center of state privacy legislation for 2020.
Last year, SB 5376 (also known as the Washington Privacy Act, or WPA) gained significant traction in the legislature, passing the...more
1/14/2020
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Facial Recognition Technology ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Proposed Legislation ,
Right to Delete ,
State and Local Government
On October 17, 2019, the Hogan Lovells Privacy and Cybersecurity team discussed key elements of the California Attorney General’s proposed regulations implementing certain provisions of the California Consumer Privacy Act...more
11/5/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Deletion ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Opt-In ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Regulatory Agenda ,
Right to Delete ,
Rulemaking Process ,
State and Local Government
On October 22, the Interactive Advertising Bureau (IAB), a media and marketing industry trade group, released for public comment the California Consumer Privacy Act Compliance Framework for Publishers and Technology Companies...more
11/1/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cooperative Compliance Regime ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Sellers ,
Framework Agreement ,
Interactive Advertising Bureau ,
Internet ,
Online Advertisements ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Publishers ,
Targeted Digital Advertising ,
Technology Sector ,
Websites
On October 10, California Attorney General Xavier Becerra (CA AG) released proposed regulations to implement certain provisions of the California Consumer Privacy Act (CCPA). The CA AG also released a Notice of Proposed...more
10/14/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Information Sharing ,
Non-Discrimination Rules ,
NPRM ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
Since the California Consumer Privacy Act’s (CCPA) hasty passage in June last year and minor changes last September, the CCPA has vexed businesses working on compliance. Among many practical challenges, the CCPA often...more
9/25/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Legislative Agendas ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Agenda ,
Request For Information ,
Rulemaking Process ,
State and Local Government
The Federal Trade Commission (“FTC”) is requesting public comments on the Children’s Online Privacy Protection Rule (“COPPA Rule”). In particular, the FTC is seeking feedback on the effectiveness of its 2013 amendments to the...more
9/6/2019
/ Comment Period ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Public Comment ,
Regulatory Reform ,
Website Owner Liability ,
Websites
Nevada has a new privacy law. On May 29, Nevada Governor Steve Sisolak signed Senate Bill 220 (SB-220) into law, making Nevada the first state to join California in granting consumers the right to opt out of the sale of their...more
6/3/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Protection ,
Data-Sharing ,
New Legislation ,
Opt-Outs ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
State and Local Government
This is the ninth installment in Hogan Lovells’ series on the California Consumer Privacy Act.
The California Consumer Privacy Act of 2018 (“CCPA”) exempts information that is collected, processed, sold, or disclosed...more
12/10/2018
/ California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Exemptions ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Information Technology ,
Personally Identifiable Information ,
Privacy Rule
This is the eighth installment in Hogan Lovells’ series on the California Consumer Privacy Act.
In the digital age, data is everything. “Big Data” feeds countless business processes and offerings. Businesses rely on data...more
12/3/2018
/ Big Data ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Risk Mitigation
Late last month, California Governor Jerry Brown signed the first US Internet of Things (IoT) cybersecurity legislation: Senate Bill 327 and Assembly Bill 1906. ...more
10/18/2018
/ Connected Items ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Hackers ,
Information Technology ,
Internet of Things ,
Mobile Devices ,
New Legislation ,
Popular ,
Risk Management ,
Security Standards ,
State and Local Government
The U.S. Environmental Protection Agency was created in 1970 to safeguard the environment against pollutants. The tidal wave of environmental regulations that followed impacted every industry in the United States, especially...more
5/10/2018
/ Automated Transportation ,
Automotive Industry ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Storage ,
Data Use Policies ,
Drivers ,
General Data Protection Regulation (GDPR) ,
Manufacturers ,
Motor Vehicles ,
Personal Data ,
Popular ,
Smart Devices ,
Technology Sector
It’s been almost a year since the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) came into effect. Since that time, a series of key dates have marked the implementation of...more
2/28/2018
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
Insurance Industry ,
NYDFS ,
Popular ,
Risk Assessment ,
Risk Management ,
Vulnerability Assessments
On 1 August 2017, a bipartisan group of four U.S. senators (Steve Daines (R-MT), Cory Gardner (R-CO), Mark Warner (D-VA), and Ron Wyden (D-OR) introduced the Internet of Things (IoT) Cybersecurity Improvement Act of 2017....more
8/24/2017
/ Connected Items ,
Cybersecurity ,
Data Protection ,
Federal Contractors ,
Internet of Things ,
NIST ,
NTIA ,
OEM ,
Popular ,
Proposed Legislation ,
Risk Management