State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
Comprehensive consumer privacy laws continue to hit the desks of governors in states across the country, with nineteen state laws now on the books. Since we wrote our 2023 Round-Up on State Consumer Data Privacy Laws article...more
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
On September 24, 2024, the State Council released the Regulations on the Management of Network Data Security (《网络数据安全管理条例》) (“Regulations”). The Regulations focus on prominent issues related to Personal Information (PI),...more
The federal government is the biggest purchaser in America and that extends to the SaaS space. On September 24, 2024, the Office of Management and Budget (OMB) released Memorandum M-24-18, offering updated guidelines for the...more
Actions in the last six months of the Brazilian National Data Protection Authority (“ANPD”) suggest that it intends to aggressively enforce the Brazilian Data Protection Law (“LGPD”). The LGPD applies to any entity that...more
The Israeli Privacy Protection Authority recently published a binding directive addressing the board of director’s responsibilities for the fulfillment of a company’s obligations prescribed in the Privacy Protection...more
Do you know what cookies your company’s website is using? If not, you likely do not know whether your company’s website is honoring users’ data protection choices involving the use of cookies. You should know and care so your...more
X Agrees to Stop Processing EU Data to Train its Grok AI - Ireland’s Data Protection Commission (“DPC”) recently filed an urgent High Court application against X (formerly Twitter) for using the personal data of European...more
On August 6th, the Dutch Data Protection Authority (DPA) issued guidance cautioning companies about the potential data protection risks associated with the use of Artificial Intelligence (AI)-powered chatbots....more
The amendment to the Colorado Privacy Act, expanding the scope of sensitive data, goes into effect August 6, 2024. The law will now include as sensitive information biological data that is used for identification purposes....more
On May 16, the Securities and Exchange Commission (“SEC”) announced the adoption of amendments to Regulation S-P, aimed at modernizing and enhancing the rules governing the treatment of consumers’ nonpublic personal...more
The stakes are high for FemTech – as Benjamin Franklin noted: ‘it takes many good deeds to build a good reputation and only one bad one to lose it.’...more
Rhode Island is the latest state to enact consumer privacy legislation. The Rhode Island Transparency and Privacy Protection Act (the "Act"), which passed into law on June 28, 2024, establishes a framework for controlling and...more
As of July 1, three new comprehensive state privacy laws – the Florida Digital Bill of Rights (FDBR), the Oregon Consumer Privacy Act (OCPA), and the Texas Data Privacy and Security Act (TDPSA) – will take effect, joining the...more
The Kingdom of Saudi Arabia (KSA or Kingdom) is a sovereign state located in the Middle East between the Red Sea and the Arabian Gulf (sometimes referred to as the Persian Gulf) and is one of the member states of the Gulf...more
On April 24, 2024, President Biden signed into law H.R. 815, a national security and foreign aid package which includes the “Protecting Americans’ Data from Foreign Adversaries Act of 2024” (“PADFA”). The Act establishes new...more
On May 16, 2024, the Securities and Exchange Commission adopted amendments to Regulation S-P, the regulation that governs the treatment of nonpublic personal information about consumers by certain financial institutions....more
Last month, the Securities and Exchange Commission (the SEC or the Commission) unanimously voted to adopt amendments to Regulation S-P (Reg S-P), which is the SEC’s regulation governing the treatment and safeguarding of...more
Major hospitals in London are grappling with severe disruptions following a cyberattack on Synnovis, a key pathology services provider. The attack has resulted in canceled surgeries and emergency patients being diverted to...more
Recent U.S. developments indicate a growing focus on regulating and investigating the data privacy practices of companies in the automotive sector. The Federal Trade Commission (FTC) recently highlighted in a blog post its...more
On April 4, 2024, Kentucky became the fifteenth state to enact a comprehensive data privacy law, with Governor Andy Beshear signing the Kentucky Consumer Data Protection Act (KCDPA) into law. The Kentucky law will go into...more
On May 19, 2024, the Minnesota Legislature passed a comprehensive privacy bill, sending the Minnesota Consumer Data Privacy Act (MCDPA) to Governor Tim Walz’s desk for signature into law. The law, which would take effect...more
On May 10, 2024, Maryland Governor Wes Moore signed the Maryland Online Data Privacy Act of 2024 ("MODPA" or the "Act"), bringing the number of comprehensive state privacy laws to 18and establishing a new, more restrictive...more
Maryland Governor Wes Moore signed the Maryland Online Data Privacy Act of 2024 (MODPA) into law on May 9, 2024. This new law establishes transparency, assessment, and consumer rights requirements for organizations that fall...more
The list of U.S. state-level data privacy laws will grow substantially this summer as three more comprehensive state laws become effective. Texas, Oregon and Florida each have a comprehensive data privacy law taking effect on...more