The final weeks for many state legislatures have witnessed significant movements in the U.S. data privacy landscape. Last month, Nebraska Governor Jim Pillen signed the Data Privacy Act, LB1074, into law....more
5/22/2024
/ Compliance ,
Consumer Privacy Rights ,
COPPA ,
Data Controller ,
Data Privacy ,
Effective Date ,
FERPA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
PHI ,
Popular ,
Proposed Legislation ,
Sensitive Personal Information ,
State Privacy Laws ,
Unfair or Deceptive Trade Practices
On February 21, the California Attorney General (“AG”) announced a settlement with DoorDash, an online food delivery service, to resolve allegations that the company violated the California Consumer Privacy Act (CCPA) and...more
3/1/2024
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
CalOPPA ,
Civil Monetary Penalty ,
Compliance ,
Consumer Privacy Rights ,
Data Selling ,
Data-Sharing ,
DoorDash ,
Enforcement Actions ,
Enforcement Priorities ,
Personal Information ,
Sephora ,
State Attorneys General ,
Statutory Violations ,
Stipulated Judgment ,
Third-Party
This post is part of a series of articles we are doing on 2023 data protection litigation trends.
Since its enactment in 2008, Illinois’s Biometric Information Privacy Act (BIPA) has produced a wave of privacy-related...more
2/1/2024
/ Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Compliance ,
Consent ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Employer Liability Issues ,
Employment Litigation ,
Exemptions ,
Fingerprints ,
Health Care Providers ,
IL Supreme Court ,
PHI ,
Privacy Laws ,
Private Right of Action ,
State Privacy Laws ,
Statute of Limitations ,
Statutory Damages ,
Statutory Violations ,
Third-Party Liability
The Federal Trade Commission (FTC) recently published a post on their Business Guidance Blog discussing lessons learned from three enforcement actions against sellers of genetic testing products. These guidelines address...more
1/25/2024
/ Advertising ,
Artificial Intelligence ,
Biometric Information ,
Civil Monetary Penalty ,
Compliance ,
Data Privacy ,
Data Security ,
Enforcement Actions ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Genetic Testing ,
HIPAA Breach Notification Rule ,
Rite Aid ,
Sensitive Personal Information
On January 4, 2023, the New Hampshire House of Representatives passed Senate Bill 255 (the “Act”) with amendments, setting the stage for New Hampshire to become the latest state with a comprehensive privacy law....more
1/10/2024
/ Compliance ,
Consent ,
Covered Entities ,
Data Privacy ,
Effective Date ,
Exemptions ,
Minors ,
Pending Legislation ,
Popular ,
Privacy Laws ,
Sensitive Personal Information ,
State Privacy Laws
2023 marked a pivotal moment in US data privacy and cybersecurity, characterized by substantial regulatory and legislative advances at the international, federal, and state levels. The Federal Trade Commission (FTC) took a...more
1/8/2024
/ Artificial Intelligence ,
Breach Notification Rule ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Consumer Financial Protection Act (CFPA) ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Security ,
Enforcement Authority ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
OCR ,
PHI ,
Rulemaking Process ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws
On November 1, 2023, New York Department of Financial Services (NYDFS or the “Department”) released the finalized revisions (the “Second Amendment”) to 23 NYCRR Part 500 (Part 500) – the most significant modifications to Part...more
11/29/2023
/ Amended Regulation ,
Compliance ,
Compliance Dates ,
Covered Entities ,
Cyber Threats ,
Cybersecurity ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Final Rules ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Incident Response Plans ,
Non-Bank Lenders ,
NYDFS ,
Policies and Procedures ,
Popular ,
Risk Management
The state of California is on the verge of amending its current data broker law with Senate Bill 362, also known as the Delete Act (“the Act”). The Act passed in the Assembly’s Committee on Privacy and Consumer Protection and...more
9/1/2023
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Consumer Privacy Rights ,
Data Brokers ,
Duty to Delete ,
Geolocation ,
Legislative History ,
Pending Legislation ,
PHI ,
Proposed Amendments ,
Registration Requirement ,
Right to Delete ,
Sensitive Personal Information
The Massachusetts Gaming Commission recently approved regulations to ensure data privacy and security for sports betters in the Commonwealth. On August 8, 2023, the commissioners approved 205 CMR 257, Sports Wagering Data...more
On June 28, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a settlement (resolution agreement and corrective action plan) with iHealth Solutions (also known as Advantum Health)...more
7/21/2023
/ Compliance ,
Corrective Action Plans (CAPs) ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
OCR ,
PHI ,
Policies and Procedures ,
Popular ,
Risk Assessment ,
Risk Management ,
Settlement
On July 10, 2023, the European Commission adopted an adequacy decision for the new EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the successor to the EU-U.S. Privacy Shield, which the Court of Justice of the European Union...more
7/19/2023
/ Certification Requirements ,
Compliance ,
Compliance Monitoring ,
Department of Transportation (DOT) ,
EU ,
European Commission ,
Federal Trade Commission (FTC) ,
Framework Agreement ,
International Data Transfers ,
Privacy Framework ,
UK
On June 5th, the Federal Trade Commission (FTC) announced a settlement with Microsoft over alleged violations of the Children’s Online Privacy Protection Act (COPPA) for its data practices involving its Xbox live product. ...more
6/21/2023
/ Amazon ,
Compliance ,
COPPA ,
Data Collection ,
Data Retention ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Microsoft ,
Minors ,
Parental Consent ,
Personal Information ,
Popular ,
Xbox
The past two weeks have seen continued progress on proposed comprehensive privacy legislation across multiple states. Most notably, on March 28, Iowa Governor Kim Reynolds signed SF 262 into law, officially making Iowa the...more
On Friday, February 3, 2023, the California Privacy Protection Agency (CPPA) held a public board meeting at which it voted unanimously to (1) approve the final text of the California Privacy Rights Act (CPRA) regulations and...more
2/9/2023
/ Artificial Intelligence ,
Audits ,
Board Meetings ,
California Privacy Rights Act (CPRA) ,
Comment Period ,
Compliance ,
Cybersecurity ,
New Regulations ,
NPRM ,
Public Meetings ,
Regulatory Agencies ,
Regulatory Agenda ,
Risk Assessment
In a press release on January 27, 2023, California Attorney General (“California AG”) Rob Bonta announced an investigative sweep focused on mobile applications’ compliance under the California Consumer Privacy Act (CCPA),...more
On September 30, the Colorado Attorney General’s Office (“Colorado AG’s Office”) released proposed rules (the “Proposed Rules”) for the Colorado Privacy Act (CPA), which goes into effect on July 1, 2023. The Proposed Rules...more
On July 8, 2022, the Department of Justice (“DOJ”) announced in a press release that Aerojet Rocketdyne Inc, a provider of advanced propulsion and energetics systems for multiple government agencies, reached a settlement...more
7/28/2022
/ Compliance ,
Cyber Crimes ,
Cybersecurity ,
Department of Defense (DOD) ,
Department of Justice (DOJ) ,
DFARS ,
False Claims Act (FCA) ,
Federal Contractors ,
Military Contracts ,
NASA ,
Qui Tam ,
Settlement
On May 27, 2022, the California Privacy Protection Agency (CPPA) released draft regulations for the California Privacy Rights Act (CPRA) (Draft Regulations). The Draft Regulations come roughly two months before the agency is...more
On May 19, 2022, the Federal Trade Commission (FTC or the “Commission”) including Commissioner Alvaro M. Bedoya in his first sitting since being sworn in to the Commission, held an open meeting to discuss two critical topics:...more
5/26/2022
/ Administrative Authority ,
Advertising ,
Compliance ,
COPPA ,
Data Collection ,
Educational Institutions ,
Endorsements ,
Federal Trade Commission (FTC) ,
FTC Endorsement Guidelines ,
Online Reviews ,
Public Comment ,
Public Meetings ,
Public Policy ,
Public Schools ,
Testimonial Statements ,
Virtual Education Tools
On April 21, 2022, the U.S. Department of Commerce Secretary Gina Raimondo (the “Department”) announced a key development in international collaboration concerning cross-border data flows with the newly created Global...more
The purpose of this article is to provide background information on the California Consumer Privacy Act and specifically the exemptions that generally will be applicable to the insurance industry. While developing a...more
1/28/2020
/ B2B Organizations ,
California Consumer Privacy Act (CCPA) ,
California Financial Information Privacy Act (CFIPA) ,
Compliance ,
Employee Privacy Rights ,
Exemptions ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Insurance Industry ,
Personal Information ,
Security and Privacy Controls ,
State Attorneys General
On June 12, 2019 Lightyear Dealer Technologies LLC, a company that provides data storage for many of the nation’s largest auto dealers, stipulated to an Order with the Federal Trade Commission (FTC) resulting from a 2016 data...more
6/17/2019
/ Assessment ,
Compliance ,
Consent Order ,
Corporate Executives ,
Data Breach ,
Data Security ,
Data Storage ,
Data Storage Providers ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Injunctive Relief ,
Popular ,
Section 5 ,
Settlement ,
Stipulated Judgment ,
Third-Party