State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
On August 31, the California assembly passed SB1223, which amends the CCPA/CPRA to include “neural data” as a type of sensitive data. SB1223, which is likely to become law, defines “neural data” as “information that is...more
Recent U.S. developments indicate a growing focus on regulating and investigating the data privacy practices of companies in the automotive sector. The Federal Trade Commission (FTC) recently highlighted in a blog post its...more
2023 brought a surge of data privacy developments, with a large expansion of state comprehensive privacy laws, litigation of new claims based on older laws (e.g. wiretapping and VPPA cases), increased scrutiny on data...more
With the onslaught of new privacy legislation and cyber threats coupled with upticks in enforcement, running a well-functioning and flexible privacy program is now, more than ever, a critical component of an organization’s...more
The California Privacy Protection Agency (CPPA) released initial draft regulations for cybersecurity audits (which have since been amended) and risk assessments late this summer. The agency’s board of directors addressed the...more
Governor Newson recently signed two amendments to the CCPA strengthening protections for certain data types. The changes go into effect January 1, 2024....more
From long-standing laws to incoming legislation, global nonprofits must understand the requirements and prepare for scrutiny in their handling of personal data. U.S. privacy regulations are currently a complex framework of...more
Texas, long lauded as one of the most “business-friendly” states, has passed a comprehensive privacy law that will bring new regulations to consumer personal data. The new Texas Data Privacy and Security Act (“TDPSA”), H.B....more
March wrapped up with several significant state privacy developments. First, on March 28, Iowa Governor Kim Reynolds signed Senate File 262 (SF 262) into law, making Iowa the sixth state to adopt comprehensive data privacy...more
The year 2023 will continue to have cybersecurity and data privacy front of mind for General Counsels. With sweeping new US and global laws and regulations coming online and the California Privacy Protection Agency (CPPA)...more
The concept of Sensitive Personal Information (SPI) has made its way into new and emerging US privacy laws. The usual challenges associated with a novel privacy obligation certainly apply to Sensitive Personal Information,...more
The California Privacy Protection Agency (CPPA) held a board meeting on October 28 - 29, 2022 (the “Meeting”) to review proposed modifications to the California Privacy Rights Act (CPRA). The CPRA is effectively an amendment...more
Following the passage of the California Privacy Rights Act (CPRA), for the past two years, employers have been partially exempt from many of the California Consumer Privacy Act's (CCPA) mandates pertaining to applicants,...more
The compliance date for the California Privacy Rights Act (CPRA) is January 1, 2023. There are significant changes from the current law, the California Consumer Privacy Act (CCPA), including the following...more
Keypoint: The CPA draft rules are a complex and lengthy set of regulations that, if adopted without substantial modification, will significantly expand the CPA’s requirements and require controllers to carefully consider...more
A data inventory is a detailed account of how a business processes personal data. While this is not an exhaustive list, a data inventory should contain information such as purpose of collecting the data, volume of individual...more
On Friday, June 3, Representative Frank Pallone (D-NJ), Chairman of the House Energy & Commerce Committee, Representative Cathy McMorris Rodgers (R-WA), the committee’s Ranking Member, and Senator Roger Wicker (R-MS), Ranking...more
Last week, Representatives Frank Pallone (D-NJ) and Cathy McMorris Rodgers (R-WA) and Senator Roger Wicker (R-MS) released a draft federal privacy proposal titled the American Data Privacy and Protection Act (ADPPA). ADPPA is...more
Beginning next summer, business that meet certain thresholds must comply with the Connecticut law, including several - now common place - individual privacy rights and a requirement to obtain opt-in consent before processing...more
On May 4, 2022, the Connecticut legislature passed S.B. 6 entitled the “Connecticut Data Privacy Act” (CDPA) with the bill now moving to Governor Ned Lamont’s desk for signature. Although Governor Lamont is generally expected...more
On January 1, 2023, absent intervention from the California legislature, the nation’s first comprehensive data privacy law, the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act...more
Keypoint: The CPRA requires that businesses use certain types of sensitive personal information only for limited purposes, otherwise they must notify consumers of the additional purposes and provide consumers the opportunity...more
Keypoint: The CPRA, CPA, and VCDPA’s definitions of “publicly available information” are broader than the CCPA’s definition, thereby expanding the types of personal information companies may process outside the confines of...more
The California Consumer Privacy Act (CCPA), considered one of the most expansive U.S. privacy laws to date, went into effect on January 1, 2020. The CCPA placed significant limitations on the collection and sale of a...more
On November 3, 2020, California voters approved Proposition 24, a ballot initiative which enacted the California Privacy Rights Act (“CPRA”). The CPRA amends the California Consumer Privacy Act (“CCPA”), the most sweeping...more