State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
Podcast - Who Owns Your DNA? Lessons Learned from 23andMe
The Privacy Insider Podcast Episode 13: Preserving Privacy and Social Connection with Christine Rosen of the American Enterprise Institute
A Blueprint for Efficient SRRs: Mastering Your Subject Rights Workflow
CFPB's Inquiry Into Payments Privacy — Payments Pros – The Payments Law Podcast
Bridging the Gap: How CivicReach is Revolutionizing Government Customer Service
The Privacy Insider Podcast Episode 11: Signal and Noise: The New Administration, Privacy, and Our Digital Rights with Cindy Cohn of Electronic Frontier Foundation
The Privacy Insider Podcast Episode 10: 2025 Privacy Predictions: Hold My Beer, 2024
2025 Privacy Law Preview: Be Prepared
"Monsters Inc." y el tratamiento de los datos
The American Privacy Right Act (APRA) explained
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
Navigating State Privacy Laws
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
Are You Ready to Comply With New State Data Privacy Laws?
Embracing Data Privacy to Drive Business Growth: On Record PR
Data Dividend: What is Personal Data Worth?
Data Revolution: How U.S. Privacy Laws Change the Way Data Should be Managed by Retail and Tech Industries
State AG Pulse | CT AG Reacts to Genetic Data Breach
Episode 293 -- Catching Up with California and Other State Privacy Laws
Twice a year, state attorneys general consumer protection staff gather to discuss consumer protection issues. Our state attorney general team was at the public sessions, attending and presenting on issues important to AGs. We...more
The California Privacy Protection Agency (“CPPA”) has made it abundantly clear: privacy compliance isn’t just about publishing the right disclosures – it’s about whether your systems actually work. On May 6, the agency fined...more
Businesses are constantly seeking innovative ways to improve their customers’ experiences. Originally published in Law360 - February 10, 2025....more
In a March 31, 2025 letter, the Chair of the FTC, Andrew Ferguson, wrote to the Acting U.S. Bankruptcy Trustee and set out the FTC’s expectations for the protection of consumer information held by 23andMe. As we noted...more
In 2024, state attorneys general (State AGs) focused on a broad variety of areas and industries including, in particular, emerging industries such as artificial intelligence (AI) and privacy and social media protections....more
With eight states rolling out new privacy laws in 2025 and many more already on the books, businesses have never faced a more fragmented regulatory landscape. These laws will expand consumer rights, impose stricter data...more
Recently, the Cyberspace Administration of China (CAC), which is the primary data regulator in China, published a newsletter about the government authorities’ enforcement of Apps and websites that violated personal data...more
In the two weeks before Inauguration, both the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC) released a flurry of rulemaking developments, policy announcements, and enforcement filings and...more
The Federal Trade Commission (FTC) issued a proposed settlement order against GoDaddy alleging that it “has failed to implement reasonable and appropriate security measures to protect and monitor its website-hosting...more
As we step into 2025, data privacy laws in the United States are evolving rapidly. With eight new state privacy laws taking effect, businesses face an increasingly complex web of compliance obligations—even in states without...more
In a groundbreaking enforcement action, Texas Attorney General Ken Paxton has filed a lawsuit against Allstate Corporation and its subsidiary Arity, alleging systematic violations of the Texas Data Privacy and Security Act...more
The NJ Data Privacy Act takes effect tomorrow. The New Jersey Data Privacy Act is set to take effect tomorrow, January 15. The NJDPA was signed into law by Gov. Phil Murphy (D) on January 16, 2024. The NJDPA is similar to...more
On January 13, 2025, Texas Attorney General’s Office filed its first lawsuit enforcing the Texas Data Privacy and Security Act (“TDPSA”). The law went into effect on July 1, 2024. The complaint also states claims under Texas’...more
Selected U.S. Privacy and Cyber Updates - New York AG Seeks Comments on Rulemaking for Minors’ Online Protection Laws - On August 1, 2024, New York Attorney General Letitia James issued two advanced notices of proposed...more
With the first quarter of 2024 in full swing, it is a good time for brands to revisit marketing compliance strategies to minimize the risk of potential class actions, regulatory enforcement actions, and competitor challenges....more
On February 1, 2024, the Connecticut Office of the Attorney General (“OAG”) issued a Report to the General Assembly’s General Law Committee (“Report”), summarizing the OAG’s enforcement efforts during six months since the...more
Oregon and Delaware have recently joined an increasing number of states enacting comprehensive privacy legislation intended to safeguard consumer[1] personal data by tightening regulation of businesses controlling and...more
Think only financial institutions have obligations to safeguard customer data? Think again. The FTC has taken several actions against non-financial institutions for data security practices in the last year. We’ll discuss FTC...more
On August 24, 2022, the California Attorney General announced its first enforcement action – including a fine for $1.2 million – under the California Consumer Protection Act (“CCPA”). The Attorney General brought its...more
In a busy couple of weeks for California privacy, regulatory priorities came into sharp focus when California Attorney General Rob Bonta (“Attorney General”) announced the first settlement of a California Consumer Privacy Act...more
On Wednesday, August 24, 2022, the California Attorney General released a public statement addressing its first enforcement action under the California Consumer Privacy Act (“CCPA”) against Sephora. The Attorney General...more
Keypoint: The Attorney General’s announcement of a $1.2 million penalty sends a “strong message” to companies to come into compliance. On August 24, 2022, California Attorney General Bonta announced the first public...more
Best Practices for the Virginia Consumer Data Protection Act - The Virginia Consumer Data Protection Act (VCDA) Working Group of the Joint Commission on Technology and Science released its final report on best practices...more
Utah’s governor recently signed into law SB 227, creating the Genetic Information Privacy Act (GIPA). The law, which is anticipated to go into effect in May, is aimed at protecting genetic data collected from...more
On March 2, 2021, Virginia enacted the Consumer Data Protection Act (“VCDPA”). The VCDPA will become effective January 1, 2023. The VCDPA shares its roots with the California Consumer Protection Act (“CCPA”) and the recently...more