The U.S. is taking another swing at a federal data privacy law with the American Privacy Rights Act, or APRA. While there’s no guarantee that the APRA will become the law of the land, it’s still worthwhile to study in order...more
On April 2, the California Privacy Protection Agency (CPPA or “the Agency”) issued the Agency’s first-ever enforcement advisory. The advisory (“Applying Data Minimization to Consumer Requests”) reaffirms data minimization as...more
Over the weekend, lawmakers unveiled the latest push for a federal privacy law – the American Privacy Rights Act (APRA). The bill was circulated as a discussion draft by Sen. Maria Cantwell (D-WA), Chair of the Senate...more
In just a few short weeks, a new front may emerge for biometrics litigation in the United States. On March 31, 2024, the My Health My Data Act (“MHMDA”) will go into effect in Washington for most entities that conduct...more
Welcome to this month's issue of The BR Privacy & Security Download, the digital newsletter of Blank Rome’s Privacy, Security & Data Protection practice....more
In October, California enacted its newest privacy legislation, commonly referred to as the “Delete Act” (California Senate Bill No. 362). The Delete Act will allow consumers to request that any data broker that maintains any...more
California continues to be at vanguard of data privacy rights. The latest effort by California legislators to protect consumer privacy rights focuses on data brokers, who under the proposed California Senate Bill 362, aka...more
Bill C-27, the Digital Charter Implementation Act, proposes new legislation that will significantly impact the Canadian privacy law landscape. The omnibus bill – which is a second reiteration of the former Bill C-11 (which...more
Under the California Consumer Privacy Act (CCPA), California consumers may exercise certain rights in relation to their personal information – and businesses have strict deadlines to respond to such consumer requests. These...more
On Thursday, May 11, Gov. Bill Lee (R) signed into law the Tennessee Information Protection Act. The new TIPA follows the recent enactment of data privacy laws in Iowa and Indiana. The other states with data privacy laws are...more
On the heels of the unanimous passage of Iowa’s Act Relating to Consumer Data Protection on March 28, Indiana’s Consumer Data Protection Act was passed by the state legislature on April 13 and has been signed into law by Gov....more
Iowa will soon be the sixth state in the nation with a comprehensive consumer privacy law – but the good news for employers is that it does not apply to data collected in the employment context and does not include a private...more
Shortly before Privacy Day, California Attorney General (Cal AG) Rob Bonta announced a California Consumer Privacy Act (CCPA) enforcement sweep that targeted mobile applications....more
Keypoint: The draft CPA rules retain the hallmarks of what makes the CPA rules unique but contain some notable revisions and clarifications. On Friday, January 27, 2023, the Colorado Attorney General’s Office published the...more
A new Washington State bill works to close the gap between consumer knowledge and industry practice by providing stronger privacy protections for all Washington consumers’ health data....more
The biggest challenge that most PEO and staffing agencies will face in 2023 will come in the form of what appears to be a fairly benign request, but one that will occur with both increasing regularity and legal significance:...more
Following the passage of the California Privacy Rights Act (CPRA), for the past two years, employers have been partially exempt from many of the California Consumer Privacy Act's (CCPA) mandates pertaining to applicants,...more
Since the California Consumer Privacy Act (“CCPA”) was passed in 2018, employers have been watching carefully to see how the law will apply to data collected and maintained about their employees. Up until now, employment data...more
Keypoint: The CPA draft rules are a complex and lengthy set of regulations that, if adopted without substantial modification, will significantly expand the CPA’s requirements and require controllers to carefully consider...more
Last week, the California Legislature failed to reach agreement on an extension to the employee exemption which applies to the California Consumer Privacy Act (CCPA) which currently exempts employees and employee data from...more
Most privacy laws derive from the same core foundational principles, namely the Fair Information Practice Principles (FIPPs). This includes the California Consumer Privacy Act of 2018 (CCPA), California Privacy Rights Act of...more
The Utah Consumer Privacy Act (“UCPA”) passed by the Utah legislature was signed into law by Governor Spencer Cox on March 24, 2022 and becomes effective December 31, 2023. While companies conducting business in Utah will...more
On March 3, 2022, the Utah House of Representatives passed a consumer privacy bill: the Utah Consumer Privacy Act. The bill had already passed the Utah Senate in February, and at the time of this writing, awaits a signature...more
The Utah legislature has passed Senate Bill 227, otherwise known as the Utah Consumer Privacy Act (UCPA). Barring a veto from Utah Governor Spencer J. Cox, who, as of March 15, 2022, officially has the bill on his desk for...more
On November 3, 2020, California voters approved Proposition 24, a ballot initiative which enacted the California Privacy Rights Act (“CPRA”). The CPRA amends the California Consumer Privacy Act (“CCPA”), the most sweeping...more