On April 11, 2025, the Department of Justice (DOJ) issued guidance (Guidance) to assist individuals and entities in coming into compliance with its final rule, referred to as the "Data Security Program" (DSP Rule), which...more
Oregon Attorney General Dan Rayfield has released a report detailing implementation steps and enforcement actions taken during the first six months of the Oregon Consumer Privacy Act ("OCPA"), which entered into force in July...more
The Department of Justice (DOJ) issued a final rule (the "Rule") on December 27, 2024, implementing Executive Order 14117 "Preventing Access to Americans' Bulk Sensitive Personal Data and United States Government-Related Data...more
The Texas Attorney General has emerged as a significant regulatory enforcement authority for data privacy in the US. Traditionally, data privacy enforcement in the US has emanated from the Federal Trade Commission and other...more
2/4/2025
/ Compliance ,
Consent ,
Consumer Privacy Rights ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Personal Data ,
Popular ,
Privacy Laws ,
Privacy Notice Rule ,
State Privacy Laws
The momentum for change in US state privacy laws accelerated in 2024, driven by several significant developments, including efforts for a federal privacy law, state-level enforcement actions and the activation of four new...more
1/22/2025
/ Business Entities ,
Compliance ,
Consumer Privacy Rights ,
Corporate Counsel ,
Corporate Governance ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
State and Local Government ,
State Privacy Laws
California Bills, Rulemaking, and Enforcement Update -
CPPA automated decision-making technology -
On November 22, 2024, the California Privacy Protection Agency (CPPA) opened the formal public comment period on its...more
1/21/2025
/ Algorithms ,
Automated Decision Systems (ADS) ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
New York ,
Online Safety for Children ,
Privacy Laws ,
State Privacy Laws ,
Texas
On October 16, 2024, the New York State Department of Financial Services (the "DFS"), under its Cybersecurity Regulation—23 NYCRR Part 500—issued a memorandum providing guidance on the risks posed by artificial intelligence...more
11/26/2024
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Covered Entities ,
Cybersecurity ,
Cybersecurity Framework ,
Enforcement ,
Financial Institutions ,
Financial Services Industry ,
NYDFS ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Technology Sector
The U.S. Securities and Exchange Commission's ("SEC") Division of Enforcement has recently brought a spate of enforcement actions relating to key topics for public companies. These include enforcement actions related to...more
On July 18, 2024, a New York federal judge dismissed most of the US Securities and Exchange Commission’s ("SEC") claims against SolarWinds Corp. ("SolarWinds" or the "Company") and its Chief Information Security Officer...more
In June 2024, California Attorney General Rob Bonta and Los Angeles City Attorney Hydee Feldstein Soto announced a $500,000 settlement1 with Tilting Point Media LLC (Tilting Point). After a joint investigation by the...more
Rhode Island became the latest state to enact comprehensive data privacy legislation, when the Rhode Island Data Transparency and Privacy Protection Act (the "Rhode Island Data Privacy Act") passed into law on June 28, 2024....more
On May 24, 2024, Minnesota Governor Tim Walz signed into law the nation's 19th comprehensive data privacy law, the Minnesota Consumer Data Privacy Act (the "Minnesota Act"), which will take effect on July 31, 2025. This law...more
6/4/2024
/ Consumer Privacy Rights ,
Data Controller ,
Data Privacy ,
Data Protection ,
Governor Walz ,
Legislative Agendas ,
New Legislation ,
Personal Data ,
Regulatory Agenda ,
Regulatory Requirements ,
State Privacy Laws
On May 9, 2024, Maryland Governor Wes Moore signed into law Senate Bill 541 (the "Maryland Online Data Privacy Act") making Maryland the eighteenth state to adopt comprehensive data privacy legislation in the United States...more
5/15/2024
/ Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Privacy ,
Data Protection ,
Enforcement ,
New Legislation ,
Online Privacy Protection Act ,
Personal Data ,
Privacy Acts ,
Privacy Laws ,
Privacy Policy ,
State and Local Government ,
State Privacy Laws
On April 2, 2024, the California Privacy Protection Agency's (CPPA) Enforcement Division issued its first enforcement advisory, titled "Applying Data Minimization to Consumer Requests," to further emphasize the importance of...more
5/9/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Data Collection ,
Data Deletion ,
Data Protection ,
Data Selling ,
Data-Sharing ,
Enforcement ,
New Regulations ,
Opt-Outs ,
Personal Data ,
Regulatory Requirements
On March 6, 2024, New Hampshire joined the steadily expanding number of states adopting a comprehensive data privacy law, when Governor Chris Sununu signed SB 225 (the "New Hampshire Privacy Act"). The law will take effect...more
5/7/2024
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Legislative Agendas ,
New Legislation ,
Personal Data ,
Privacy Acts ,
Privacy Laws ,
Privacy Policy ,
Regulatory Requirements ,
State and Local Government ,
State Legislatures ,
State Privacy Laws
On 17 April, 2024, Nebraska Governor Jim Pillen signed into law omnibus Legislative Bill 1074, which includes the Nebraska Data Privacy Act, making Nebraska the seventeenth state to adopt comprehensive data privacy...more
Proposed American Privacy Rights Act of 2024 seeks to establish national consumer data privacy rights, govern Artificial Intelligence and automated decision-making, impose additional obligations on high-impact social media...more
4/19/2024
/ Consumer Privacy Rights ,
Covered Entities ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Legislative Agendas ,
New Legislation ,
Personal Data ,
Privacy Acts ,
Privacy Laws ,
Privacy Policy ,
Regulatory Requirements ,
State and Local Government ,
State Privacy Laws
On April 4, 2024, Kentucky joined the rapidly growing number of states adopting a comprehensive data privacy law, when Governor Andy Beshear signed, the Kentucky Consumer Data Protection Act ("Kentucky CDPA"). The law will...more
4/16/2024
/ Consent ,
Consumer Privacy Rights ,
Data Privacy ,
Enforcement ,
Exemptions ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Penalties ,
Personal Data ,
Personally Identifiable Information ,
Sensitive Personal Information ,
State Privacy Laws
On February 21, 2024, California Attorney General Rob Bonta ("Cal AG") announced that his office reached a settlement with DoorDash, the food delivery service company, for violating the California Consumer Privacy Act...more
3/25/2024
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Selling ,
DoorDash ,
Enforcement Actions ,
Opt-Outs ,
Personal Information ,
Privacy Policy ,
Settlement ,
State Attorneys General ,
State Privacy Laws ,
Third-Party Service Provider
On February 28, 2024, President Biden signed Executive Order 14117 on "Preventing Access to Americans' Bulk Sensitive Data and United States Government-Related Data by Countries of Concern" (the EO).1 The EO calls for the...more
On February 29, 2024, the US Department of Commerce Bureau of Industry and Security ("BIS") announced an advanced notice of proposed rulemaking ("ANPRM") that asks for public input on potential regulations to address the...more
As 2024 gets underway, California's regulators have continued to press forward in seeking to enforce the California Consumer Privacy Act (CCPA). Two recent developments warrant mentioning....more
3/1/2024
/ California Privacy Protection Agency (CPPA) ,
Data Privacy ,
Data Protection ,
Digital Platforms ,
Enforcement Actions ,
Internet Streaming ,
Mobile Apps ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Oversight ,
State Privacy Laws ,
Technology Sector
The effective dates of new U.S. data privacy laws are closing in. Currently, thirteen states have passed comprehensive data privacy laws in the United States: California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana,...more
The Connecticut Office of the Attorney General ("CT AG") has released its first report on enforcement of the Connecticut Data Privacy Act ("CTDPA"), revealing its focus on companies’ privacy policies, protections of...more
The effective dates of new U.S. data privacy laws are closing in. Currently, thirteen states have passed comprehensive data privacy laws in the United States: California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana,...more
2/7/2024
/ California Consumer Privacy Act (CCPA) ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Data Security ,
New Legislation ,
Personal Information ,
Privacy Laws ,
Regulatory Reform ,
Regulatory Requirements ,
State and Local Government ,
State Privacy Laws