On July 29, 2024, the FTC’s revised Health Breach Notification Rule (HBNR) takes effect. The Rule requires vendors of personal health records (PHRs) and related entities not covered by HIPAA to notify individuals, the FTC,...more
U.S. privacy developments are moving quickly, but health data privacy is racing forward. Companies that come into contact with consumers’ health data need to track and respond to a variety of developments. Most notably, these...more
New Jersey and New Hampshire are the first states out of the gate in what promises to be another busy year in state privacy legislation.
On January 16, New Jersey Governor Phil Murphy signed the New Jersey Data Privacy...more
While the California Privacy Protection Agency (CPPA) Board’s attention during its December 8 public meeting was mainly focused on preliminary draft regulations on automated decisionmaking technology (ADMT), risk assessments,...more
With the continuing onslaught of state privacy laws, it’s easy to become overwhelmed by the number of new legal obligations while also trying to stay focused on identifying and mitigating the most pressing legal and business...more
Two years ago this month, the state of Colorado joined California and Virginia in the passage of broad consumer protection legislation when the Colorado Privacy Act (CPA) was signed into law....more
Google updated its privacy terms earlier this month, shifting away from offering many of its advertising services on a “service provider” basis. With the change, Google states that its Customer Match, Audience Partner API,...more
The FTC took unprecedented action yesterday when it moved to impose what it describes as a “blanket prohibition” preventing the company from monetizing young people’s data. The FTC contends that this prohibition is warranted...more
Absent a veto by Governor Jay Inslee, My Health My Data (MHMD) will become law and go into effect on March 31, 2024. While the 2023 state legislative season may see the addition of four comprehensive privacy laws (Iowa,...more
Indiana’s Consumer Data Protection Act advanced in the state legislature last week and now heads to Governor Eric J. Holcomb’s desk. The bill mirrors comprehensive privacy legislation enacted in Virginia, Utah, and Iowa,...more
If Iowa Governor Kim Reynolds signs Senate File (SF) 262, the Hawkeye State will become the sixth state to adopt a comprehensive consumer privacy law. Iowa’s House and Senate have both passed Senate File 262 unanimously. If...more
For the second time in as many months, the Federal Trade Commission (FTC) last week announced a settlement alleging that a company’s the use and disclosure of consumers’ health information for online advertising violated the...more
The Federal Communications Commission (“FCC” or “Commission”) is seeking comments on a Notice of Proposed Rulemaking (NPRM) to refresh its customer proprietary network information (“CPNI”) data breach reporting requirements...more
Just two months before the effective date (January 1, 2023) of the California Privacy Rights Act (“CPRA”), the California Privacy Protection Agency (“CPPA”) Board met on October 28 and 29 to discuss revisions to the agency’s...more
11/7/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information
Warning that “[t]here are no more excuses,” California Attorney General on August 24, announced the first public settlement under the California Consumer Privacy Act (CCPA). The settlement order, which the court approved on...more
On August 11, the FTC finally launched its “commercial surveillance and data security” rulemaking after many months of hype and speculation about the FTC’s ability to address consumer privacy through its “Mag-Moss” rulemaking...more
With the clock now running on the comment period for the California Privacy Protection Agency’s (CPPA) Draft Regulations to implement the CPRA – comments are due on August 23 – one of the items on many businesses’ CPRA...more
Among the many details to absorb in the draft amendments to the CCPA regulations published by the California Privacy Protection Agency (“CPPA”) on May 27 (the “Draft Regulations”) are new and prescriptive disclosure...more
On Friday May 27, 2022, the California Privacy Protection Agency (CPPA) Board announced its next public meeting will be on June 8, 2022. The announcement simply stated the date of the meeting, that there are “some discussion...more
As companies wait to see whether the Utah Consumer Privacy Act (UCPA) becomes the fourth comprehensive state privacy law, we are providing an overview of some of the Act’s key provisions – and how they depart from...more
In the first formal written opinion interpreting CCPA compliance obligations, California Attorney General Rob Bonta concludes that the CCPA grants consumers the right to know and access internally generated inferences that...more
In the absence of a federal privacy law, privacy has been at the forefront of many states’ legislative sessions this year:
- Utah is poised to be the fourth state to enact comprehensive privacy legislation
- Florida...more
Over the past few years, the data collection and use practices of Internet Service Providers (“ISPs”) have largely flown under the radar while large internet platforms and the broader adtech industry have been under greater...more
During last month’s California Privacy Protection Agency Board (CPPA) meeting, the only substantive agenda item, addressed in closed session, was a discussion of two key appointments: the first Executive Director and a Chief...more
As of September 27, 2021, the European Commission requires controllers and processors to rely on the recently updated Standard Contractual Clauses (SCCs) for any new contracts governing personal data transfers from the EEA....more
9/30/2021
/ Data Controller ,
Data Protection ,
EU ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses