On April 4, Governor Andy Beshear signed the Kentucky Consumer Data Protection Act (KCDPA), making Kentucky the fifteenth state to enact a comprehensive data privacy law. Set to go into effect on January 1, 2026, the KCDPA...more
The early weeks of 2024 have seen continued activity on the state comprehensive privacy law front. Since our last update, at least 11 new comprehensive privacy bills have been proposed. In particular, Georgia, Hawaii,...more
The California Privacy Protection Agency (CPPA) released initial draft regulations for cybersecurity audits (which have since been amended) and risk assessments late this summer. The agency’s board of directors addressed the...more
Generative Artificial Intelligence (AI) systems like ChatGPT and Google’s Bard have been widely successful and used in applications ranging from science, law, art, business, and even medicine. Generative AI has been called a...more
The digital age has ushered in a host of transformative opportunities for businesses, from enhanced customer engagement through data analytics to streamlined operations via digital platforms. However, this digital...more
Keypoint: Pending the Governor’s signature, the California Delete Act requires all data brokers to register with the CPPA next year and comply with a one-stop consumer deletion mechanism by 2026. Last week, the California...more
From long-standing laws to incoming legislation, global nonprofits must understand the requirements and prepare for scrutiny in their handling of personal data. U.S. privacy regulations are currently a complex framework of...more
The Volunteer State became the eighth state to enact a comprehensive data privacy law after Gov. Bill Lee (R) signed the Tennessee Information Protection Act (“TIPA”) into law yesterday, May 11. Tennessee joins a growing...more
Iowa became the sixth U.S. state to pass a comprehensive privacy law after the governor signed Senate File 262 (“the Act”) on March 28. The Act significantly echoes its non-California predecessors, particularly the Utah...more
Keypoint: In the aftermath of the Supreme Court’s Dobbs decision, Washington legislators introduced legislation to enhance privacy protections for consumer health data. In early March, lawmakers in Washington state’s House...more
On Wednesday February 1, 2023, the NAIC Privacy Protections Working Group (the Working Group) released a draft of a new model law for comment, the Insurance Consumer Privacy Protection Model Law (#674) (the Proposal), which...more
Editor’s Note: On September 29, 2022, HaystackID shared an educational webcast on the topic of US privacy law. As privacy continues to move to the forefront of not only information consideration but of business concern for...more
Over the last two years, many states have taken cues from California and the EU by adopting sweeping privacy laws. These laws, passed in Virginia, Colorado, Connecticut and Utah, as well as updates to the already enacted...more
On August 11, 2022, the Federal Trade Commission (FTC) issued an Advance Notice of Proposed Rulemaking (ANPR), titled “Trade Regulation Rule on Commercial Surveillance and Data Security”. The wide-ranging ANPR seeks feedback...more
On July 20, the House Committee on Energy & Commerce held an open markup session on the American Data Privacy and Protection Act (ADPPA), which concluded in an affirmative vote (53-2) for an amended version of the bill to...more
Keypoint: As it did last year, the Oklahoma House passed a consumer data privacy bill. On March 23, 2022, the Oklahoma House voted 74-15 (with 11 excused) to pass Representative Collin Walke’s HB2969 – the Oklahoma...more
The Massachusetts Information Privacy and Security Act (MIPSA) continues to advance through the state legislative process, and is now before the full legislature. While the Act has several hurdles to clear before becoming...more
Started in Europe in 2007, Data Privacy Day, or Data Protection Day as it is known internationally, is an international effort that takes place annually on January 28 to create awareness of the importance of data privacy. In...more
In the last year, we continued to see a shift in the privacy landscape of the United States, including the passage of comprehensive privacy legislation in both Virginia and Colorado, while other states still have bills under...more
Facial recognition technology, drones the size of a butterfly, secure microchips replacing magnetic stripes on credit cards, sensors the size of a grain of sand swallowed by patients that transmit data directly to the...more
Colorado has now joined California and Virginia to become the third US state to pass a comprehensive data privacy legislation when Governor Jared Polis signed the Colorado Privacy Act (the “CPA”) into law on July 8, 2021. The...more
While a uniform federal privacy law in the United States continues to be an uncertain prospect overshadowed by other national priorities such as infrastructure and COVID relief, state legislatures have pushed forward with...more
On May 13th, New York State Senator Kevin Thomas, Chair of NY’s Consumer Protection Committee, reintroduced the New York Privacy Act (“NYPA”), a comprehensive consumer privacy law similar in kind to the California Consumer...more
First we take Sacramento, then we take Berlin: How do US data protection laws affect how you do business. The webinar is aimed at in-house or outside counsel, as well as data protection and compliance officers. In this...more
Keypoint: Although weakened from its original version, the Oklahoma bill would (if enacted) provide substantial privacy rights to Oklahoma residents and, in some respects, provide more privacy protections than found in the...more