On February 27, the California Privacy Protection Agency (CPPA) announced it reached a settlement with a data broker company that failed to register and pay an annual registration fee as required under the Delete Act. The...more
Businesses that sell data regarding California residents have been put on notice by the California Privacy Protection Agency’s (the CPPA’s) recent aggressive enforcement of the California Delete Act. On October 30, 2024, the...more
The old saying goes, “Don’t mess with Texas.” The same can be said of the Texas Privacy Act. The Texas Department of Information Resources recently issued an implementation status for the act....more
Earlier this month, after the conclusion of the public comment period, the Colorado Department of Law adopted amendments to the Colorado Privacy Act (CPA), which grants rights to Colorado consumers concerning their personal...more
Under many circumstances, state privacy laws require businesses to pass a consumer’s valid deletion request to any entity that processes the data on behalf of the business or otherwise is a recipient of the data. These...more
On October 30, the California Privacy Protection Agency (CPPA) announced an investigative sweep to ensure data brokers comply with the Delete Act. Effective January 1, the Delete Act requires parties to register by January 31...more
The U.S. is taking another swing at a federal data privacy law with the American Privacy Rights Act, or APRA. While there’s no guarantee that the APRA will become the law of the land, it’s still worthwhile to study in order...more
On April 2, the California Privacy Protection Agency (CPPA or “the Agency”) issued the Agency’s first-ever enforcement advisory. The advisory (“Applying Data Minimization to Consumer Requests”) reaffirms data minimization as...more
Over the weekend, lawmakers unveiled the latest push for a federal privacy law – the American Privacy Rights Act (APRA). The bill was circulated as a discussion draft by Sen. Maria Cantwell (D-WA), Chair of the Senate...more
In just a few short weeks, a new front may emerge for biometrics litigation in the United States. On March 31, 2024, the My Health My Data Act (“MHMDA”) will go into effect in Washington for most entities that conduct...more
Welcome to this month's issue of The BR Privacy & Security Download, the digital newsletter of Blank Rome’s Privacy, Security & Data Protection practice....more
In October, California enacted its newest privacy legislation, commonly referred to as the “Delete Act” (California Senate Bill No. 362). The Delete Act will allow consumers to request that any data broker that maintains any...more
California continues to be at vanguard of data privacy rights. The latest effort by California legislators to protect consumer privacy rights focuses on data brokers, who under the proposed California Senate Bill 362, aka...more
Bill C-27, the Digital Charter Implementation Act, proposes new legislation that will significantly impact the Canadian privacy law landscape. The omnibus bill – which is a second reiteration of the former Bill C-11 (which...more
Under the California Consumer Privacy Act (CCPA), California consumers may exercise certain rights in relation to their personal information – and businesses have strict deadlines to respond to such consumer requests. These...more
On Thursday, May 11, Gov. Bill Lee (R) signed into law the Tennessee Information Protection Act. The new TIPA follows the recent enactment of data privacy laws in Iowa and Indiana. The other states with data privacy laws are...more
On the heels of the unanimous passage of Iowa’s Act Relating to Consumer Data Protection on March 28, Indiana’s Consumer Data Protection Act was passed by the state legislature on April 13 and has been signed into law by Gov....more
Iowa will soon be the sixth state in the nation with a comprehensive consumer privacy law – but the good news for employers is that it does not apply to data collected in the employment context and does not include a private...more
Shortly before Privacy Day, California Attorney General (Cal AG) Rob Bonta announced a California Consumer Privacy Act (CCPA) enforcement sweep that targeted mobile applications....more
Keypoint: The draft CPA rules retain the hallmarks of what makes the CPA rules unique but contain some notable revisions and clarifications. On Friday, January 27, 2023, the Colorado Attorney General’s Office published the...more
A new Washington State bill works to close the gap between consumer knowledge and industry practice by providing stronger privacy protections for all Washington consumers’ health data....more
The biggest challenge that most PEO and staffing agencies will face in 2023 will come in the form of what appears to be a fairly benign request, but one that will occur with both increasing regularity and legal significance:...more
Following the passage of the California Privacy Rights Act (CPRA), for the past two years, employers have been partially exempt from many of the California Consumer Privacy Act's (CCPA) mandates pertaining to applicants,...more
Since the California Consumer Privacy Act (“CCPA”) was passed in 2018, employers have been watching carefully to see how the law will apply to data collected and maintained about their employees. Up until now, employment data...more
Keypoint: The CPA draft rules are a complex and lengthy set of regulations that, if adopted without substantial modification, will significantly expand the CPA’s requirements and require controllers to carefully consider...more