State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
On June 25, 2025, Connecticut Governor Ned Lamont signed into law a major amendment to the state’s comprehensive privacy law (CTDPA), just over three years after signing the CTDPA into law on May 10, 2022 and two years after...more
In the recent high-profile civil class action, Frasco v. Flo Health, a California federal court issued a significant ruling partially certifying a nationwide class and California subclass of individuals who used the Flo...more
On June 25, Connecticut Governor Lamont signed Senator James Maroney’s SB 1295 into law. The bill makes several notable changes to Connecticut’s existing consumer data privacy law, including modifying its applicability...more
On June 11, 2025, Connecticut passed Senate Bill 01295 (SB 01295). If signed by the governor, SB 01295 will amend the existing Connecticut Data Privacy Act (CTDPA) in several important ways, with the amendments going into...more
On June 3, 2025, the Connecticut legislature passed a bill amending the Connecticut Data Privacy Act (CTDPA). The amendment introduces a variety of changes, including a broadening of the CTDPA’s applicability, changed...more
What happens to sensitive personal information shared by consumers when the company collecting that information encounters financial distress? That exact issue is currently front and center in the Chapter 11 proceedings of...more
There is nothing more inherently unique and personal to an individual than his or her DNA. Unlike many other types of personal information, a person’s DNA is immutable. It can be the key to unlocking extremely sensitive...more
While most state legislatures are wrapping up their legislative sessions with little fanfare, Massachusetts appears to just be getting started. On May 12, 2025, the Bay State introduced the Massachusetts Data Privacy Act (S...more
IAPP’s Global Privacy Summit kicked off on April 22 with keynote remarks from Federal Trade Commission (FTC) Commissioner Melissa Holyoak, who highlighted her top priorities for privacy enforcement and the digital economy. ...more
23andMe, a pioneer in the DNA testing kit industry, announced that it has filed for Chapter 11 bankruptcy protection and recently asked to select an independent customer data representative regarding any sale of user data....more
In the ongoing saga of the 23andMe bankruptcy, Federal Trade Commission Chairman Andrew N. Ferguson recently sent a letter to the Trustee overseeing the 23andMe bankruptcy proceeding stating, “As Chairman of the Federal Trade...more
A new California investigative sweep into the location data industry focuses on whether businesses have violated state law relating to the consumers’ right to limit how their personal information – including their geolocation...more
Genetic testing company 23andMe has filed for Chapter 11 bankruptcy protection, and its CEO has resigned. It is seeking to sell “substantially all of its assets” through a reorganization plan that will have to be approved by...more
As we progress deeper into the 2025 legislative season, comprehensive privacy law proposals continue to progress through the legislative process. In the weeks since our last update, Kentucky amended its comprehensive data...more
On March 10, California Attorney General (AG) Rob Bonta launched an investigation into the location data industry, issuing letters to companies that the AG alleged “appear to be in violation of the California Consumer Privacy...more
The California Privacy Protection Agency (CPPA) the agency responsible for implementing and enforcing the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) (collectively the CCPA), protecting...more
In data breach litigation, courts generally find plaintiffs have standing such that their complaints may proceed past the pleading stage when it is alleged that sensitive information was impacted and there is an allegation of...more
Over the last several years, litigation (often class actions) premised on the use of technology like session-replay products, web beacons, pixels, and cookies has proliferated. Typical theories include plaintiffs claiming...more
On January 22, the New York State Legislature passed Senate Bill S929, titled the New York Health Information Privacy Act (NYHIPA), which is poised to redefine how businesses handle health and wellness-related data in and...more
The Court of Appeal has handed down its judgment in the case of Prismall v Google UK Ltd and DeepMind Technologies Ltd [2024] EWCA Civ 1516. Finding for Google, the Court of Appeal upheld the lower Court’s decision to...more
Businesses need data from consumers, and the sharing and selling of this resource has become quite common. However, you also need to be mindful of the rights of the people whose data you collect, especially their personally...more
Looking forward to 2025, more U.S. states are in line to pass omnibus data protection laws, enforcement of U.S. state data protection laws is likely to increase, and “sensitive data” concepts will similarly grow and take...more
With the onslaught of new privacy, AI and cyber legislation coupled with promises for enforcement and class action litigation, running a well-functioning and flexible privacy and cyber program is increasingly a critical...more
Advertising on social media platforms such as Facebook and Instagram is a common marketing strategy for many businesses. Government agencies and consumer advocates have increasingly scrutinized this practice to determine if...more
States continued to pass comprehensive consumer privacy laws throughout 2024. 2025 brings eight new state-level comprehensive consumer privacy laws into effect. As with the five state privacy laws that went into effect in...more