On July 5, the California Privacy Protection Agency (CPPA) published a Notice of Proposed Rulemaking regarding Data Broker Registration pursuant to Senate Bill 362 (the Delete Act). The Delete Act requires the CPPA to...more
On May 13, Senator Joseph P. Cryan (D) introduced an amendment to New Jersey’s Daniel’s Law, which would broaden the law’s coverage. An identical amendment was introduced by Assemblywoman Annette Quijano (D) in the Assembly...more
In a recent alert, we reported that California Attorney General (AG) Rob Bonta announced a settlement with DoorDash over allegations that the company violated the California Consumer Privacy Act (CCPA) and the California...more
3/5/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
CalOPPA ,
Data Privacy ,
DoorDash ,
Marketing ,
Mobile Apps ,
Personal Information ,
State and Local Government ,
State Attorneys General ,
Statutory Violations
In the second settlement under the California Consumer Privacy Act (CCPA), California Attorney General (AG) Rob Bonta announced a settlement over allegations that DoorDash sold consumers' personal information in a manner that...more
3/4/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
CalOPPA ,
Data Privacy ,
DoorDash ,
Marketing ,
Mobile Apps ,
Personal Information ,
State and Local Government ,
State Attorneys General ,
Statutory Violations
NIST Publishes Report on the Cybersecurity of Genomic Data. On December 20, 2023, the NIST National Cybersecurity Center of Excellence (NCCoE) published Final NIST IR 8432, Cybersecurity of Genomic Data. Informed by direction...more
2/13/2024
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
Consumer Financial Products ,
Consumer Fraud ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
NIST ,
Personal Information ,
Personally Identifiable Information ,
Popular ,
Putative Class Actions
Editor’s Note: The FTC continues to crack down on privacy and cybersecurity, including issuing a new warning to tax preparation companies and entering into a consent decree with 1Health.io. VPPA and BIPA litigation continues...more
11/28/2023
/ Artificial Intelligence ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consent Order ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Final Rules ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Motion to Dismiss ,
NIST ,
Personal Information ,
Popular ,
Privacy Policy ,
Putative Class Actions ,
Safeguards Rule ,
State Attorneys General
The Delete Act (SB 362), signed into law by California Gov. Gavin Newsom on October 10, imposes additional disclosure and registration requirements on data brokers. It requires data brokers to support deletion requests...more
10/23/2023
/ California ,
California Privacy Protection Agency (CPPA) ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
New Legislation ,
Personal Information ,
Registration Requirement ,
Regulatory Reform ,
State and Local Government ,
State Privacy Laws
On October 10, Governor Newsom signed the Delete Act ( SB 362) into law, which amends California's current data broker law to impose extensive additional disclosure and registration requirements on data brokers, and to...more
10/20/2023
/ California ,
California Privacy Protection Agency (CPPA) ,
Consumer Reporting Agencies ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Deletion ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
New Legislation ,
Notice of Proposed Rulemaking (NOPR) ,
Personal Data ,
Personal Information ,
Personally Identifiable Information ,
Popular ,
Public Comment ,
Regulatory Reform
Editor’s Note: Iowa became the sixth state in the nation to enact a comprehensive privacy law, and California’s latest privacy regulations came into effect. At the federal level, Congress experienced a leak of sensitive...more
Editor’s Note: In regulatory news, the Colorado AG published a second version of its proposed regulations. In U.S. litigation, Meta and TikTok both faced further litigation, and an Illinois court ruled that J&M Plating must...more
1/18/2023
/ Data Breach ,
Data Collection ,
Data Protection ,
Facial Recognition Technology ,
Internet ,
National Security ,
Online Safety for Children ,
Personal Information ,
Proposed Legislation ,
Proposed Regulation ,
State Privacy Laws ,
TikTok ,
Websites
It is 2022, which means you’ve received your fair share of consumer breach notification letters.
Originally published in Law360 on September 30, 2022....more
Editor’s Note: The California Privacy Protection Agency released amendments to its draft regulations, and the Consumer Finance Protection Bureau contemplates rulemaking on sharing financial data. In U.S. litigation, the first...more
On September 15, 2022, California Governor Gavin Newsom signed Assembly Bill 2273 — the California Age-Appropriate Design Code Act (ADCA) — into law. Inspired by the United Kingdom’s (U.K.) Age-Appropriate Design Code, the...more
Editor’s Note: In the U.S. laws and regulation space, the California attorney general announced the first-ever CCPA settlement, the California Privacy Protection Agency raised objections to the ADPPA, and the FTC announced...more
Exemption Extensions Failed. On August 31, California's legislature ended its 2022 session without adopting legislation to extend the California Consumer Privacy Act (CCPA) employee and business-to-business (B2B) personal...more
With the notice and cure set to expire on January 1, 2023, California Attorney General Rob Bonta (CA AG) provided a glimpse at what to expect with its first settlement of alleged violations of the California Consumer Privacy...more
9/1/2022
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Privacy Laws ,
Sephora ,
Statutory Violations
Background on the PIPL Security Assessment. On July 7, China’s top regulator, the Cyberspace Administration of China (CAC), released the final version of the Measures for Security Assessment of Data Exports (Security...more
Editor’s Note: In the U.S. laws and regulation space, federal lawmakers formally introduced bipartisan comprehensive federal privacy legislation titled, the American Data Privacy and Protection Act. Meanwhile, California...more
Editor’s Note: This past month featured increased activity in privacy and data protection. U.S. Legislation and Regulation. Connecticut’s governor signed a comprehensive privacy bill, and President Biden has before him a bill...more
The California Privacy Rights Act (CPRA) established the California Privacy Protection Agency (CPPA), and requires the CPPA to adopt, amend, and rescind regulations on 22 topics — including, among other things, definitions,...more
The California Privacy Rights Action (CPRA) will significantly impact how entities process personal information requiring covered businesses to review and update their existing vendor agreements. The CPRA also includes...more
Most privacy laws derive from the same core foundational principles, namely the Fair Information Practice Principles (FIPPs). This includes the California Consumer Privacy Act of 2018 (CCPA), California Privacy Rights Act of...more
Editor’s Note: It may be the shortest month of the year, but February 2022 saw a flurry of privacy — especially biometric — legislation move closer to enactment. Kentucky, California, Maryland, and New York state introduced...more
Introduction -
The Connecticut legislature recently enacted a pair of new data breach and cybersecurity statutes — Public Act 21-59 and Public Act 21-119 — on June 16 and July 6, respectively. Both laws will take effect on...more
7/20/2021
/ Biometric Information ,
Breach Notification Rule ,
Connecticut ,
Cybersecurity ,
Data Breach ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
NIST ,
Personal Information ,
Popular ,
Unfair Trade Practices Act
A federal court in Michigan recently ruled that out-of-state residents have standing to sue under the Michigan Personal Privacy Protection Act (PPPA). In Lin v. Crain Communications, Inc., Case No. 2:19-cv-11889 (E.D. Mich.,...more