On March 7, 2025, the California Privacy Protection Agency (CPPA) issued a settlement order imposing a $632,500 fine on American Honda Motor Co., Inc. for violations of the California Consumer Privacy Act (CCPA). The CPPA...more
3/17/2025
/ Automotive Industry ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Honda ,
Personal Information ,
Privacy Laws ,
Regulatory Requirements ,
Settlement
On January 13, 2025, California Attorney General (AG) Rob Bonta issued two legal advisories: one for businesses generally (General Advisory) and one specific to healthcare entities (Health Advisory). These advisories identify...more
2/6/2025
/ Artificial Intelligence ,
California ,
Civil Rights Act ,
Compliance ,
Consumer Protection Laws ,
Data Privacy ,
Data Protection ,
Health Care Providers ,
Healthcare ,
Privacy Laws ,
State Attorneys General ,
Technology Sector ,
Unfair Competition
Following our recent client alert, learn more about enforcement targeting website tracking technologies and the impact on organizations in 2025. Elliot Golding and David Saunders share further insights from working with...more
1/27/2025
/ California Consumer Privacy Act (CCPA) ,
Consent ,
Cookies ,
Data Collection ,
Data Privacy ,
Popular ,
Privacy Acts ,
Privacy Laws ,
Risk Management ,
State Privacy Laws ,
Web Tracking ,
Websites
On September 13, 2024, the Colorado Attorney General’s (AG) Office published proposed draft amendments to the Colorado Privacy Act (CPA) Rules. The proposals include new requirements related to biometric collection and use...more
On July 15, 2024, the Office of the New York State Attorney General (OAG) published website privacy control guidance focused on cookies and other tracking technologies. The guidance identifies common deficiencies and...more
8/15/2024
/ Cookies ,
Corporate Counsel ,
Enforcement Actions ,
New Guidance ,
New York ,
Privacy Policy ,
State Attorneys General ,
State Privacy Laws ,
Technology ,
Tracking Systems ,
Web Tracking ,
Websites
On April 7, 2024, Rep. Cathy McMorris Rodgers (R-WA), the chair of the US House Committee on Energy and Commerce, and Sen. Maria Cantwell (D-WA), the chair of the US Senate Committee on Commerce, Science, and Transportation,...more
4/18/2024
/ Covered Entities ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Enforcement ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
New Legislation ,
Preemption ,
Privacy Acts ,
Privacy Laws ,
Privacy Policy ,
State and Local Government ,
State Privacy Laws ,
U.S. House
On March 18, 2024, the US Department of Health and Human Services Office for Civil Rights (OCR) issued an update to its December 1, 2022, bulletin titled “Use of Online Tracking Technologies by HIPAA Covered Entities and...more
3/22/2024
/ Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Enforcement Priorities ,
Guidance Update ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
PHI ,
Tracking Systems ,
Web Tracking ,
Websites
New state privacy laws regulating health data impose significant obligations and heightened risks. In addition to existing laws in California, Colorado and other states, Washington State’s My Health My Data Act and Nevada’s...more
3/4/2024
/ Benchmarking ,
Consumer Privacy Rights ,
Continuing Legal Education ,
Cookies ,
Data Privacy ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Information Technologies ,
New Legislation ,
PHI ,
State Privacy Laws ,
Tracking Systems ,
Webinars
CALIFORNIA -
On March 29, 2024, the amended California Consumer Privacy Act (CCPA) regulations will take effect. These regulations were originally slated to take effect in 2023, but a court ruling (that is being appealed)...more
1/11/2024
/ California ,
Colorado ,
Connecticut ,
Cybersecurity ,
Data Privacy ,
Data Protection Acts ,
Data Security ,
Florida ,
Montana ,
Oregon ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Reform ,
State and Local Government ,
State Privacy Laws ,
Texas ,
Virginia ,
Washington
Substantial changes to the California Consumer Privacy Act (CCPA) are coming soon through five sets of proposed regulations governing (1) cybersecurity audits, (2) privacy risk assessments, (3) artificial...more
On November 1, 2023, the New York Department of Financial Services (NYDFS) amended Part 500, the cybersecurity regulation. These updates follow numerous NYDFS enforcement actions and other new cybersecurity rules, such as the...more
On August 28, 2023, the California Privacy Protection Agency (CPPA) released discussion drafts of regulations on cybersecurity audits and privacy risk assessments in advance of the CPPA’s meeting on September 8,...more
9/5/2023
/ Audits ,
California ,
California Privacy Protection Agency (CPPA) ,
Corporate Governance ,
Cybersecurity ,
New Regulations ,
Personal Information ,
Privacy Laws ,
Regulatory Agenda ,
Risk Assessment ,
Risk Management ,
State Privacy Laws
Data governance is a mission-critical issue for every company and institution in the United States.
GCs face a host of pressing cybersecurity concerns. Triaging them requires time, attention, and a well-rounded strategy...more
8/18/2023
/ Cookies ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Healthcare ,
Legislative Agendas ,
Mobile Apps ,
New Legislation ,
New Rules ,
OCR ,
Personal Information ,
Regulatory Agenda ,
Risk Factors ,
Risk Management ,
State Privacy Laws ,
Technology Sector ,
Tracking Systems
Regulators in California and Colorado recently announced enforcement sweeps under new and newly updated state privacy laws. Companies in Colorado (including nonprofits) and California should double-check their privacy...more
At an Open Meeting on July 26, 2023, the US Securities and Exchange Commission (SEC) adopted final rules and amendments that impose new cybersecurity-related disclosure requirements for public companies subject to the...more
7/31/2023
/ Compliance ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Security ,
Disclosure Requirements ,
New Rules ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Required Forms ,
Risk Management ,
Securities and Exchange Commission (SEC)
On June 30, 2023, the California Superior Court hearing Cal. Chamber of Commerce v. Cal. Privacy Prot. Agency, No. 34-2023-80004106 (Cal. Sup. Ct.), delayed enforcement of the latest California Consumer Privacy Act (CCPA)...more
Join Elliot Golding, Daniel Gottlieb and Amy Pimentel for a deep dive into how the new state privacy laws impact the healthcare and financial services industries....more
6/9/2023
/ Banks ,
Continuing Legal Education ,
Data Privacy ,
Financial Institutions ,
Financial Services Industry ,
Health Care Providers ,
Personally Identifiable Information ,
PHI ,
Physicians ,
State Privacy Laws ,
Webinars
On July 1, 2023, two more state privacy laws will take effect. The new laws in Colorado and Connecticut will impose requirements that extend beyond the rules in California and Virginia that took effect earlier this year. July...more
5/15/2023
/ Best Practices ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Colorado ,
Connecticut ,
Consumer Privacy Rights ,
Continuing Legal Education ,
Data Privacy ,
New Legislation ,
Personally Identifiable Information ,
State Privacy Laws ,
Webinars
There has been a flurry of state privacy activity in the past week, with Colorado becoming the latest state to finalize sweeping data privacy rules and Iowa on the precipice of becoming the sixth state to enact comprehensive...more
We would not blame companies for feeling fatigued after the race to comply with the amended California Consumer Privacy Act (CCPA), the soon-to-be finalized CCPA regulations and the new Virginia Consumer Data Protection Act...more
On December 1, 2022, the Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) issued a Bulletin on the obligations of covered entities and business associates (regulated entities) under the...more
12/6/2022
/ Data Privacy ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Mobile Apps ,
New Guidance ,
OCR ,
Personally Identifiable Information ,
PHI ,
Tracking Systems ,
Web Tracking
On October 17, 2022, the California Privacy Protection Agency (CPPA) released its much-anticipated updates to the proposed California Consumer Privacy Act (CCPA) regulations in response to the hundreds of public comments...more
On September 30, 2022, the Colorado Attorney General’s Office (the AG’s Office) released draft regulations to the Colorado Privacy Act (the CPA). Before these proposed regulations take effect, however, there will be a lengthy...more
10/4/2022
/ Appeals ,
Automation Systems ,
Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Colorado ,
Consent ,
Corporate Counsel ,
Customer-Loyalty Programs ,
Data Protection ,
Data Rights ,
Disclosure Requirements ,
Opt-Outs ,
Privacy Acts ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
State Attorneys General