On March 7, 2025, the California Privacy Protection Agency (CPPA) issued a settlement order imposing a $632,500 fine on American Honda Motor Co., Inc. for violations of the California Consumer Privacy Act (CCPA). The CPPA...more
3/17/2025
/ Automotive Industry ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Honda ,
Personal Information ,
Privacy Laws ,
Regulatory Requirements ,
Settlement
Washington State’s My Health My Data Act (the Act), which is working its way through the reconciliation process after the Washington Senate and House passed different versions of the Act, is ultimately expected to be signed...more
4/14/2023
/ Carve Out Provisions ,
DATA Act ,
Data Controller ,
Enforcement ,
Exemptions ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Private Right of Action ,
State and Local Government ,
Washington
There has been a flurry of state privacy activity in the past week, with Colorado becoming the latest state to finalize sweeping data privacy rules and Iowa on the precipice of becoming the sixth state to enact comprehensive...more
On January 1, 2023, the substantive provisions of the California Privacy Rights Act (CPRA) took effect, significantly amending the California Consumer Privacy Act (CCPA) and marking another milestone in the development of US...more
On August 24, 2022, the California Attorney General (AG) announced a first-of-its-kind settlement with Sephora, Inc. (Sephora) over Sephora’s alleged violation of the California Consumer Privacy Act (CCPA). The settlement...more
In recent years, the digital marketing and global AdTech industry have seen seismic changes, and online marketers are facing challenges under new privacy laws and regulations. Substantial restrictions on targeted advertising...more
7/13/2022
/ Adtech ,
Advertising ,
Consent ,
Cookies ,
General Data Protection Regulation (GDPR) ,
Marketing ,
Notice Requirements ,
Online Advertisements ,
Privacy Laws ,
State Privacy Laws ,
Webinars
Security Schedules, Privacy Addenda, TOMs, DPAs—whatever you call them, privacy and cybersecurity contract terms have exploded in prevalence in recent years, bringing with them new importance that can lead to difficult and...more
6/10/2022
/ Continuing Legal Education ,
Contract Drafting ,
Contract Negotiations ,
Contract Terms ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
International Data Transfers ,
Popular ,
Privacy Laws ,
Risk Management ,
Standard Contractual Clauses ,
Vendors ,
Webinars
On March 3, 2022, the Utah House of Representatives unanimously passed a consumer privacy bill which the Utah Senate passed earlier this year. The bill, entitled the Utah Consumer Privacy Act, still has several hurdles to...more
Since California enacted the California Consumer Privacy Act (CCPA) there’s been a new version of keeping up with the Joneses – and it’s happening in state capitals across the United States. As the federal government takes a...more
10/13/2021
/ California Privacy Rights Act (CPRA) ,
CDPA ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
New Legislation ,
Pending Legislation ,
Privacy Laws ,
Proposed Legislation ,
State Privacy Laws ,
Webinars
On July 7, 2021, Colorado Governor Jared Polis signed the Colorado Privacy Act (CPA) into law, the latest in the recent wave of state privacy legislation but unlikely to be the last. The CPA will take effect July 1, 2023, six...more
Generally, contact tracing refers to an effort by public health officials to identify individuals with whom a patient who has tested positive for an infectious disease has been in close proximity. Public health officials will...more
9/15/2020
/ Bluetooth ,
California Consumer Privacy Act (CCPA) ,
Contact Tracing ,
Coronavirus/COVID-19 ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
Employees ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Infectious Diseases ,
Information Governance ,
Mobile Apps ,
Non-Compete Agreements ,
Patient Privacy Rights ,
Patients ,
Personal Data ,
Private Sector ,
Public Health ,
Re-Opening Guidelines ,
UK Brexit ,
Whistleblowers
On August 20, 2020, a criminal complaint was filed charging Joseph Sullivan, Uber’s former chief security officer, with obstruction of justice and misprision of a felony in connection with an alleged attempted cover-up of a...more
9/1/2020
/ Bug Bounty Program ,
Confidential Information ,
Corporate Counsel ,
Data Breach ,
Enforcement Actions ,
Ethics ,
Extortion ,
Federal Trade Commission (FTC) ,
Hackers ,
Information Management ,
Information Technology ,
Personal Information ,
Popular ,
Risk Management ,
State Data Breach Notification Statutes ,
Uber
Although 2020 has already provided more than its share of surprises for businesses, one thing appears to remain unchanged: the California attorney general’s commitment to enforcing the California Consumer Privacy Act...more
Although 2020 has already provided more than its share of surprises for businesses, one thing appears to remain unchanged: the California attorney general’s commitment to enforcing the California Consumer Privacy Act...more
A proposed ballot initiative in California known as the California Privacy Rights Act, which is likely to pass if placed on the 2020 ballot, would both clarify and expand the existing California Consumer Privacy Act....more
New CFIUS rules—which took effect February 13, 2020—underscore the need for privacy diligence in deals involving foreign investments and signal a larger trend toward heightened regulatory scrutiny of foreign access to...more
2/19/2020
/ California Consumer Privacy Act (CCPA) ,
CFIUS ,
Congressional Investigations & Hearings ,
Cross-Border Transactions ,
FIRRMA ,
Foreign Investment ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
Legislative Agendas ,
National Security ,
New Rules ,
Personal Data ,
Privacy Laws ,
U.S. Treasury
The California Consumer Privacy Act (CCPA) requires businesses who engage in “sales” of “personal information,” to offer consumers the right to opt out of such sales via a “Do Not Sell My Personal Information” link or button...more
1/9/2020
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Transfers ,
Data Use Policies ,
Data-Sharing ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy ,
Third-Party Liability ,
Vendors
On October 10, 2019, the California Attorney General released proposed regulations to implement the California Consumer Privacy Act (CCPA), including substantial new requirements not included in the CCPA. Here we offer a...more
10/15/2019
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Notice Requirements ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Requirements ,
State Attorneys General
The California Legislature passed several bills amending the forthcoming California Consumer Privacy Act (CCPA). Although the amendments contain some significant changes, outlined here, the most important and groundbreaking...more
9/20/2019
/ Amended Legislation ,
B2B Organizations ,
B2B Transactions ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Fair Credit Reporting Act (FCRA) ,
Governor Newsom ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
Since the passage of the Illinois Biometric Information Privacy Act (BIPA) in 2008, it has been used by plaintiffs’ attorneys to sue companies that use biometric identification technologies. Many BIPA cases have failed...more
2/7/2019
/ Actual Damages ,
Amusement Parks ,
Article III ,
Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Data Collection ,
Data Privacy ,
Fingerprints ,
IL Supreme Court ,
Injunctive Relief ,
Injury-in-Fact ,
Liquidated Damages ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Standing ,
Statutory Damages ,
Statutory Violations ,
Written Consent
The SEC has released a new report on cyber fraud, suggesting that public companies that fail to implement appropriate preventative measures risk violating the internal accounting control provisions of the Exchange Act....more