As anyone who uses the internet can attest, cookies banners pop up on almost every type of website and offer a dizzying and often annoying array of approaches and options to consumers. It is difficult to parse through what...more
4/11/2025
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consent ,
Cookie Banners ,
Data Collection ,
Enforcement Actions ,
Honda ,
Opt-Outs ,
Privacy Laws ,
Websites
The enactment of biometric privacy laws is a growing trend across the country. Existing legislation has led to a boon of class action litigation against employers, consumer-facing businesses, and technology companies for...more
3/11/2025
/ Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Facial Recognition Technology ,
Pending Legislation ,
Privacy Laws ,
State Privacy Laws
The vast majority of commentary and public advice concerning data breaches surround, deservedly, the breach itself. This focus is only natural; it is the breach itself that requires victims to bring enormous resources to bear...more
In another example of the patchwork of AI laws quietly coming into force across the US, California passed at the beginning of this year a new law regulating the use of certain AI technologies by some types of healthcare...more
With the onslaught of new privacy, AI and cyber legislation coupled with promises for enforcement and class action litigation, running a well-functioning and flexible privacy and cyber program is increasingly a critical...more
1/29/2025
/ Consumer Privacy Rights ,
Cookies ,
Cyber Incident Reporting ,
Data Breach ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Privacy Laws ,
Risk Management ,
Security and Privacy Controls ,
Sensitive Personal Information ,
State Privacy Laws
On December 6, 2024, the Colorado Attorney General’s Office notified the public that it adopted the updated Colorado Privacy Act (CPA) Rules, as a follow-up to the amendments to the CPA made earlier in the year (collectively,...more
1/10/2025
/ Biometric Information ,
Compliance ,
Consent ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Employee Privacy Rights ,
Employee Rights ,
Privacy Laws ,
Regulatory Requirements ,
State Privacy Laws
On September 29, 2024, California Governor Gavin Newsom signed AB 1824 into law, amending the California Consumer Privacy Act (CCPA) to require entities involved in corporate transactions, such as mergers and acquisitions,...more
12/9/2024
/ Acquisitions ,
Amended Legislation ,
California Consumer Privacy Act (CCPA) ,
Consent ,
Consumer Privacy Rights ,
Data Brokers ,
Data Collection ,
Data Sellers ,
Data-Sharing ,
Governor Newsom ,
Mergers ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws
On October 22, 2024, the U.S. Securities and Exchange Commission (SEC) charged four publicly traded technology companies with making materially misleading disclosures regarding cybersecurity risks and incidents (SEC press...more
11/7/2024
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Form 10-K ,
Form 8-K ,
Material Misstatements ,
Penalties ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC)
This article is the first in a series that will address privacy concerns for insurance carriers, agents and brokers. The insurance industry is uniquely situated at the confluence of multiple data privacy regimes....more
10/30/2024
/ Bank Holding Company Act ,
Captive Insurance Company ,
Data Privacy ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Insurance Agents ,
Insurance Brokers ,
Insurance Industry ,
NAIC ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Privacy Notice Rule ,
Sensitive Personal Information
On May 17, 2024, Colorado’s Governor Jared Polis signed into law The Colorado AI Act (SB205). SB205 will take effect on February 1, 2026, and regulates the use of certain high-risk artificial intelligence (AI) systems....more
Communication during a data breach is challenging in the best of circumstances, and control of information, especially early in a breach response, is critical. Below are some DOs and DON’Ts for communicating during a data...more
9/12/2024
/ Attorney-Client Privilege ,
Best Practices ,
Cyber Attacks ,
Data Breach ,
Discovery ,
Electronic Communications ,
Email ,
Incident Response Plans ,
Public Communications ,
Reputation Management ,
Work-Product Doctrine
With the recent wave of ransomware and other security incidents, it is now more important than ever for impacted organizations to have a thorough understanding of each element of a proper data breach response. That includes...more
Recently filed class action complaints allege that companies that utilize embedded trackers within emails, or “spy pixels” as the plaintiffs are calling them, violate Arizona law because they collect a “communication service...more
A recent trend in litigation has emerged that is causing companies to re-think conventional wisdom. Until now, it has been a widely adopted best practice for retailers and other consumer-facing companies to include mandatory...more
On March 18, 2024, the Office of Civil Rights (“OCR”) within the Department of Health and Human Services (“HHS”) updated prior guidance concerning the use of online tracking technologies, including cookies, by Covered...more
5/31/2024
/ Business Associates ,
Cookies ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Guidance Update ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
OCR ,
PHI ,
Popular ,
Tracking Systems ,
Web Tracking
Last year was a pivotal one for data privacy, as privacy received substantial attention from many regulators, including the Federal Trade Commission (“FTC”). Looking back at the FTC’s 2023 enforcement actions, statements and...more
What are the unique features concerning the processing of biometric data under the MHMDA?
The MHMDA defines “biometric data” very broadly. Specifically, biometric data is “data that is generated from the measurement or...more
On April 27, 2023, the Washington State governor signed into law the My Health My Data Act or the MHMDA. In spite of the onerous and at times confusing requirements of the MHMDA, the Washington Attorney General (AG) has only...more
The Colorado Privacy Act (CPA) requires that beginning on July 1, 2024, businesses provide consumers with the ability to opt-out of the use of targeted advertising cookies using a Universal Opt-Out Mechanism (UOOM). A UOOM is...more
The development and implementation of AI-powered tools, including in SaaS platforms, have experienced a meteoric rise over the course of the last year. Businesses are understandably looking to realize competitive advantages...more
On April 27, 2023, the Washington State governor signed into law the My Health My Data Act or the MHMDA. In spite of the onerous and at times confusing requirements of the MHMDA, the Washington Attorney General (AG) has only...more
1/30/2024
/ Compliance ,
Consent ,
Data Collection ,
Data Privacy ,
Data Subject Access Requests ,
Effective Date ,
Notice Requirements ,
Penalties ,
Personal Information ,
PHI ,
Privacy Laws ,
State Privacy Laws
With the onslaught of new privacy legislation and cyber threats coupled with upticks in enforcement, running a well-functioning and flexible privacy program is now, more than ever, a critical component of an organization’s...more
1/5/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
EU ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Personally Identifiable Information ,
Privacy Laws ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Sensitive Personal Information ,
State Privacy Laws ,
Targeted Digital Advertising
On October 10, 2023, California Governor Gavin Newsom signed SB 362 into law. The “Delete Act” is intended to bridge a gap in consumer privacy rights – whereas the California Privacy Rights Act (the CPRA) grants consumers the...more
On September 21, 2023, the Colorado Division of Insurance adopted a Final Regulation implementing S.B. 21-169, the 2021 law governing Colorado-licensed insurers’ use of external consumer data and information sources (ECDIS),...more
11/30/2023
/ Algorithms ,
Anti-Discrimination Policies ,
Artificial Intelligence ,
Consumer Privacy Rights ,
Data Collection ,
Final Rules ,
Insurance Industry ,
Life Insurance ,
NAIC ,
Predictive Analytics ,
Risk Management ,
Underwriting
The use of online tracking technologies for online behavioral advertising, analytics and related activities has come under increasing scrutiny by regulators in the U.S., Europe and elsewhere. The obligations under various...more
11/7/2023
/ Advertising ,
Behavioral Advertising ,
Cookie Banners ,
Cookies ,
Do Not Sell ,
EU ,
Opt-In ,
Opt-Outs ,
Privacy Laws ,
State Privacy Laws ,
Targeted Digital Advertising ,
Web Tracking