The push by U.S. states to pass data privacy laws continues with Maryland being the 18th state to join their ranks. However, Maryland has taken a more stringent and comprehensive approach than many of its peers: Governor Wes...more
5/17/2024
/ Commodity Exchange Act (CEA) ,
Consumer Privacy Rights ,
COPPA ,
Data Protection ,
Fines ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Maryland ,
Opt-Outs ,
Penalties ,
Personal Data ,
Personal Information ,
Popular ,
Securities Exchange Act
2023 was a record-breaking year, with legislators in Delaware, Indiana, Iowa, Montana, Oregon, Tennessee and Texas passing comprehensive data privacy laws, joining California, Colorado, Connecticut, Utah and Virginia. Already...more
4/16/2024
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Exemptions ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Jersey ,
New Legislation ,
Opt-Outs ,
Personal Data ,
Personal Information ,
Private Right of Action ,
Reporting Requirements ,
State Privacy Laws
After years of internal discussion, the Board of the California Privacy Protection Agency (CPPA), at their March 8th meeting, voted to progress toward formalizing the proposed regulations on risk assessments and automated...more
3/26/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Bias ,
California Privacy Protection Agency (CPPA) ,
Corporate Counsel ,
Cybersecurity ,
Employment Discrimination ,
Information Sharing ,
Personal Information ,
Policy Updates ,
Privacy Laws ,
Proposed Regulation ,
Risk Assessment
Several states have clarified or tightened their data breach notification statutes since we last updated the Mintz Matrix at the beginning of the year. Please click here for the latest edition of the Mintz Matrix, which is a...more
The California Privacy Protection Agency (CPPA) has released its agenda for the September 8 board meeting, which includes (among other topics) presentation of a draft Cybersecurity Audit Regulation and a draft Risk Assessment...more
8/30/2023
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Selling ,
New Regulations ,
Personal Information ,
Privacy Laws ,
Risk Assessment ,
Rulemaking Process
Blaming a "data retention glitch," Microsoft has agreed to pay the Federal Trade Commission $20 million to settle allegations that the company's Xbox gaming system has illegally collected personal information from children...more
6/8/2023
/ COPPA ,
Corporate Counsel ,
Data Collection ,
Data Retention ,
Federal Trade Commission (FTC) ,
Microsoft ,
Minors ,
Personal Information ,
Regulatory Violations ,
Settlement ,
Xbox
The Volunteer State became the eighth state to enact a comprehensive data privacy law after Gov. Bill Lee (R) signed the Tennessee Information Protection Act (“TIPA”) into law yesterday, May 11.
Tennessee joins a growing...more
5/12/2023
/ California Consumer Privacy Act (CCPA) ,
Controlled Substances Act ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Fair Credit Reporting Act (FCRA) ,
Farm Credit Administration ,
Fines ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
Nonprofits ,
Opt-Outs ,
Penalties ,
Personal Information ,
Private Right of Action ,
State Privacy Laws ,
Tennessee
Indiana's New Law is on the Books -
Last month, three more state legislatures passed comprehensive data privacy laws. Just this week, Indiana’s governor signed one of them - the Indiana Consumer Data Privacy Act (“ICDPA’) -...more
5/4/2023
/ Cybersecurity ,
Data Privacy ,
Fair Credit Reporting Act (FCRA) ,
Fines ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Nonprofits ,
Penalties ,
Personal Data ,
Personal Information ,
Private Right of Action ,
Public Utility ,
State Privacy Laws
Just ahead of the expected April release of the final SEC cybersecurity regulations, the SEC has fined Blackbaud, a donor data management platform used widely by nonprofits, $3 million dollars for "misleading disclosures" in...more
The so-called “HR exemption” taking employee and applicant personal information out of the control of the California Consumer Privacy Act (CCPA) is about to come to an end. Employers who are “businesses” for purposes of the...more
10/18/2022
/ Anti-Retaliation Provisions ,
Audits ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Data Collection ,
Data Mapping ,
Data Retention ,
Exemptions ,
Opt-Outs ,
Personal Information ,
Policies and Procedures ,
Privacy Notice Rule ,
Right to Delete ,
Right To Know ,
Sensitive Personal Information
California Attorney General Rob Bonta has announced a major settlement under the California Consumer Privacy Act (CCPA), and it will cost Sephora, Inc. a whopping $1.2 million in penalties. According to the release from...more
It does not look as though Massachusetts will be state number 6 to enact a comprehensive data privacy law – or at least not the one that people have been talking about. The Massachusetts Joint Committee on Health Care...more
Privacy law 101 includes a simple but important basic concept that organizations may only use personal information they collect for what they say they will, and how they say they will. According to the Federal Trade...more
As businesses continue to work on compliance with the California Consumer Privacy Act (CCPA) and the multiple versions of regulations issued by the Attorney General’s Office, Attorney General Becerra has issued yet another...more
12/15/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Opt-Outs ,
Personal Information ,
Proposed Regulation ,
Public Comment ,
Rulemaking Process ,
State Attorneys General
The Home Depot, Inc. (“Home Depot”) recently entered into a multi-state Assurance of Voluntary Compliance with Attorneys General of 46 states and the District of Columbia (the “Settlement”) stemming from a massive 2014 data...more
12/3/2020
/ Chief Information Security Officer (CISO) ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Home Depot ,
Personal Information ,
Popular ,
Settlement ,
State Attorneys General
Earlier this week, the California Department of Justice unexpectedly released a third set of proposed modifications to the CCPA regulations. This move took place only two months after the California Attorney General’s Office...more
10/14/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Information Governance ,
Office of Administrative Law ,
Opt-Outs ,
Personal Information ,
Privacy Policy ,
State Attorneys General
The California Legislature has passed AB-1281 over to the Governor’s desk, approving the continuation of an exemption for personal information collected in the employment context and certain information collected in the...more
As we’ve been writing about in this space for some time, today marks the opening of the CCPA enforcement era. Despite protestations from the business community, and requests for delay due to the lack of regulations until...more
7/1/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Personal Information ,
Privacy Laws ,
State Attorneys General
Just as businesses are gearing up for the start of enforcement of the California Consumer Privacy Act (“CCPA”), California cleared the way for the California Privacy Rights Act (“CPRA”). The CPRA is an initiative imposing...more
We previously provided insights into this important portion of the regulations... In this installment we address important revisions provided by the AG’s office to Article 3 of these regulations, several of which will have...more
If you haven’t been paying attention to all the Microsoft warnings for the past year and your company is still running Windows 7, time’s up. After January 14, 2020, Microsoft will stop pushing out security updates to Windows...more
The short answer is “no”. The CCPA has a specific definition for “service provider” at Section 1798.140(v) – and it also requires a vendor to be bound by a written contract that prohibits it from...more
Unless you have been living off the grid for the past year, you likely know that we are now down to 13 days and counting to the effective date of the California Consumer Privacy Act (CCPA). We have received hundreds of...more
12/23/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
DPPA ,
Fair Credit Reporting Act (FCRA) ,
GLBA Privacy ,
Personal Information ,
Private Right of Action ,
State Attorneys General
Because the term “consumer” is so broad in the CCPA (remember: it’s any California resident), it would have applied to employee and job applicant data and all business contact information across the board. After much...more
12/20/2019
/ Amended Legislation ,
B2B Organizations ,
B2B Transactions ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Employee Privacy Rights ,
Job Applicants ,
Personal Information