On September 18, the Texas Attorney General (AG) announced a settlement agreement with Pieces Technologies, Inc. (“Pieces”), a Dallas-based healthcare artificial intelligence (AI) research and development firm, resolving...more
10/10/2024
/ Artificial Intelligence ,
Corporate Counsel ,
Enforcement Actions ,
False Statements ,
Hospitals ,
Med Tech ,
Misleading Statements ,
PHI ,
Research and Development ,
Settlement ,
State Attorneys General ,
Unfair or Deceptive Trade Practices
In the past several weeks, the Minnesota governor has signed into law the Minnesota Consumer Data Privacy Act, while the Vermont Data Privacy Act has been passed by the legislature and awaits the governor’s signature. Both of...more
On May 16, 2024, the Illinois General Assembly joined the Illinois Senate in approving S.B. 2979, a bill that amends the state’s landmark Biometric Information Privacy Act (BIPA) by limiting plaintiffs’ potential damages...more
As we move closer to the end of many states’ legislative sessions, a number of comprehensive privacy law proposals continue to work their way through the legislative process. Since our last update, Nebraska became the...more
On April 2, the California Privacy Protection Agency (CPPA or “the Agency”) issued the Agency’s first-ever enforcement advisory. The advisory (“Applying Data Minimization to Consumer Requests”) reaffirms data minimization as...more
The opening weeks of spring have seen comprehensive privacy law proposals continue to progress in state legislatures across the country. Since our last update, the Kentucky Consumer Data Protection Act (HB 15) received a...more
One of the main risks that a company faces after a data breach is a potential lawsuit. Plaintiffs often will allege creative statutory and common law theories of harm after they learn that their personal information has been...more
3/15/2024
/ Article III ,
Corporate Counsel ,
Damages ,
Data Breach ,
Emotional Distress Damages ,
Future Harm ,
Hackers ,
Imminent Harm ,
Intent ,
Personal Information ,
Public Disclosure ,
Sensitive Personal Information ,
Standing ,
TransUnion
In the weeks since our last update, we have seen continued progress in several state legislatures on comprehensive privacy legislation. Most notably, legislative chambers in West Virginia, Kentucky, and Georgia have passed...more
This post is part of a series of articles we are doing on 2023 data protection litigation trends.
While the California Consumer Privacy Act (CCPA) is most known for its onerous privacy compliance obligations, the law also...more
3/4/2024
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Breach ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Personal Information ,
Private Right of Action ,
Right To Cure ,
Security and Privacy Controls ,
State Attorneys General ,
Statutory Damages ,
U-Haul ,
Wells Fargo
On Thursday, January 25, the Federal Trade Commission’s (FTC) Office of Technology hosted the FTC Tech Summit to discuss key developments in artificial intelligence (AI). The FTC brought together thought leaders from across...more
This post is part of a series of articles we are doing on 2023 data protection litigation trends.
Since its enactment in 2008, Illinois’s Biometric Information Privacy Act (BIPA) has produced a wave of privacy-related...more
2/1/2024
/ Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Compliance ,
Consent ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Employer Liability Issues ,
Employment Litigation ,
Exemptions ,
Fingerprints ,
Health Care Providers ,
IL Supreme Court ,
PHI ,
Privacy Laws ,
Private Right of Action ,
State Privacy Laws ,
Statute of Limitations ,
Statutory Damages ,
Statutory Violations ,
Third-Party Liability
Following a busy 2023 in which seven states enacted comprehensive privacy laws, we entered this year expecting additional activity on this front across state legislatures. The opening weeks of 2024 have not disappointed. Most...more
On December 8, the California Privacy Protection Agency (CPPA or “the Agency”) held a public Board meeting to discuss a range of topics, including proposed regulations on cybersecurity audits, risk assessments, and automated...more
On November 16, the Federal Trade Commission (FTC) announced an enforcement action against Global Tel*Link Corporation and two of its subsidiaries (collectively, “GTL”), which provide communications and payment services to...more
12/8/2023
/ Breach Notification Rule ,
Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Misrepresentation ,
Payment Systems ,
Popular ,
Prison ,
Proposed Standards ,
Section 5 ,
Telecommunications ,
Unfair or Deceptive Trade Practices
On June 30, the Delaware legislature passed the Personal Data Privacy Act (“the Act”). The Act now moves to the Delaware Governor’s desk for consideration and, if signed into law, will make Delaware the seventh state this...more
7/11/2023
/ Advertising ,
Advertising to Minors ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Minors ,
Notice Requirements ,
Opt-Outs ,
Pending Legislation ,
Personal Data ,
Sensitive Personal Information ,
State Privacy Laws ,
Unfair or Deceptive Trade Practices
As we move into the summer months, state comprehensive privacy law developments continue to steadily emerge. Most notably, in the weeks since our last update, the Texas legislature passed the Texas Data Privacy and Security...more
On May 31, the Federal Trade Commission (FTC or Commission) announced two separate enforcement actions against Amazon—one involving its cloud-based voice service, Alexa, and the other involving Ring, its smart doorbell...more
6/7/2023
/ ALEXA ,
Amazon ,
Artificial Intelligence ,
Biometric Information ,
Consumer Privacy Rights ,
COPPA ,
Corporate Counsel ,
Cybersecurity ,
Data Deletion ,
Data Privacy ,
Deceptive Intent ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Personal Data ,
Popular ,
Settlement ,
Unfair or Deceptive Trade Practices
On May 28, 2023, the Texas legislature reached an agreement (by conference committee) on the Texas Data Privacy and Security Act (the Act), setting the stage for Texas to become the tenth state with a comprehensive privacy...more
On May 17, 2023, the Federal Trade Commission (the “FTC”) reached a settlement with Easy Healthcare Corporation (“Easy Healthcare”), for its fertility-tracking app, Premom. The agency alleged that Easy Healthcare failed to...more
5/25/2023
/ Corporate Counsel ,
Data Privacy ,
Data Security ,
Data-Sharing ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
Mobile Apps ,
Mobile Health Apps ,
PHI ,
Policy Statement ,
Risk Mitigation
The past two weeks have seen continued progress on proposed comprehensive privacy legislation across multiple states. Most notably, on March 28, Iowa Governor Kim Reynolds signed SF 262 into law, officially making Iowa the...more
Since our last update, comprehensive privacy law proposals have continued to emerge and progress through state legislatures. Most notably, five bills have now passed a legislative chamber, with Hawaii’s Consumer Data...more
Since the start of the 2023 legislative session, at least 15 biometric privacy law proposals have emerged across 11 states (including Arizona, Hawaii, Maryland, Massachusetts, Minnesota, Mississippi, Missouri, New York,...more
The new year has already seen a flurry of state privacy law activity, with legislators in at least nine states (Indiana, Iowa, Kentucky, Massachusetts, Mississippi, New York, Oklahoma, Oregon, and Tennessee) proposing new...more
On September 30, the Colorado Attorney General’s Office (“Colorado AG’s Office”) released proposed rules (the “Proposed Rules”) for the Colorado Privacy Act (CPA), which goes into effect on July 1, 2023. The Proposed Rules...more
On May 16, 2022, the European Data Protection Board (EDPB), the independent body of data protection supervisors that promotes consistent data protection rules and application thereof throughout the European Union (EU),...more
5/31/2022
/ Artificial Intelligence ,
Biometric Information ,
Corporate Counsel ,
Corporate Fines ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
European Data Protection Board (EDPB) ,
Facial Recognition Technology ,
General Data Protection Regulation (GDPR) ,
Law Enforcement ,
New Guidance ,
Personal Data ,
Right to Privacy