What happens to sensitive personal information shared by consumers when the company collecting that information encounters financial distress? That exact issue is currently front and center in the Chapter 11 proceedings of...more
While uncertainty continued to loom over the CFPB, the states did not take a spring break. Instead, we saw an eye-popping settlement from NY DFS involving BSA/AML claims. And both republican and democratic AGs continued to...more
A new California investigative sweep into the location data industry focuses on whether businesses have violated state law relating to the consumers’ right to limit how their personal information – including their geolocation...more
A recent board meeting of state officials revealed that the California agency responsible for overseeing the state’s landmark consumer privacy law received over 2,000 complaints for alleged violations in the past year alone –...more
In the past several weeks, the Minnesota governor has signed into law the Minnesota Consumer Data Privacy Act, while the Vermont Data Privacy Act has been passed by the legislature and awaits the governor’s signature. Both of...more
On May 25, 2024, Minnesota Governor Tim Walz signed the Minnesota Consumer Data Privacy Act (the "Act"), which takes effect on July 31, 2025, for most controllers and on July 31, 2029, for certain postsecondary educational...more
On April 4, 2024, Kentucky Governor Andy Beshear signed the Kentucky Consumer Data Protection Act (the "KCDPA" or "Act"), which takes effect January 1, 2026. The KCDPA maps in large part to the Virginia Consumer Data...more
Maryland lawmakers recently passed comprehensive consumer privacy legislation that, in some ways, is stronger than laws seen in other states and even a key bill proposed by Congress. If Governor Wes Moore signs the Maryland...more
Businesses take heed: California state officials just warned that the law prohibits you from collecting unnecessary data and retaining data for longer than necessary. The California Privacy Protection Agency published its...more
On February 21, 2024, California Attorney General Rob Bonta ("Cal AG") announced that his office reached a settlement with DoorDash, the food delivery service company, for violating the California Consumer Privacy Act...more
On February 21, the California Attorney General (“AG”) announced a settlement with DoorDash, an online food delivery service, to resolve allegations that the company violated the California Consumer Privacy Act (CCPA) and...more
Following several years of investigating the common practices in the space, the Federal Trade Commission (FTC) reached its first settlement with a data broker over the alleged collection and sale of location information that...more
The FTC’s second attempt to pursue the data broker, Kochava, continues to move forward. The amended complaint, which was just unsealed and thus available for the public to review, gives insight into the agency’s perspective...more
On September 12, 2023, Delaware governor John Carney signed the Delaware Personal Data Privacy Act (the “DPDPA” or the “Act”) into law. The DPDPA protects the privacy rights of consumers in Delaware and regulates the...more
Texas Governor Greg Abbott signed into law the Texas Data Privacy and Security Act (TDPSA) on June 18, 2023. With the passage of TDPSA, Texas becomes the tenth state to adopt a consumer data privacy law. TDPSA passed the...more
As with a growing number of states, Connecticut passed a comprehensive consumer privacy law, the Connecticut Data Privacy Act (the “CTDPA”), on May 10, 2022. The CTDPA becomes effective on July 1, 2023 and, in spite of the...more
The Florida Digital Bill of Rights (FDBR) was signed into law by Governor Ron DeSantis on June 6, 2023, making Florida the tenth state to enact a consumer data privacy law along with California, Virginia, Colorado,...more
On April 21, Tennessee lawmakers approved and sent to Governor Bill Lee for signature, the Tennessee Information Protection Act (TIPA), one of nine different state consumer privacy laws that are generally considered to be...more
Since the privacy and security regulations were issued under the federal Health Insurance Portability and Accountability Act (HIPAA), critics pointed to the limitations on the reach of those rules. A critical limitation...more
Washington State (“Washington”) is preparing to break new ground in the privacy law space, as its legislature finalizes the “My Health My Data Act“ which will further regulate how health data of Washington residents should be...more
Washington State lawmakers just passed the most consequential privacy legislation in the country since the California Consumer Privacy Act (CCPA) was adopted in 2018, which will soon require businesses to take significant...more
By now, it is generally known that comprehensive privacy laws include requirements to allow consumers to opt-out of the sale of the their personal information, including personal information collected through the use of...more
This is the second in a series of articles about the implications of the California Privacy Rights Act for employers. - The California Privacy Rights Act (“CPRA”), which goes into effect on January 1, 2023, grants six new...more
Nevada’s governor recently approved an amendment to their privacy law. As we covered previously, generally, this law affords consumers a right to opt out of the “sale” of their data to third parties. The amendment broadens...more
Effective July 9, 2021, certain retail and hospitality businesses that collect and use “biometric identifier information” from customers will need to post conspicuous notices near all customer entrances to their facilities. ...more