Since the passage of the California Consumer Privacy Act (CCPA) in 2018, other U.S. states have followed suit by enacting comprehensive consumer data privacy laws in rapid succession. While these state consumer privacy laws...more
Given the inability of the U.S. Congress to pass a comprehensive privacy law (such as the proposed and likely dead-on-arrival APRA), the United States continues to be left with a patchwork of sector-specific laws and a...more
7/19/2024
/ Chevron Deference ,
Chevron v NRDC ,
COPPA ,
FCC ,
Federal Trade Commission (FTC) ,
OCR ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
SCOTUS ,
Securities and Exchange Commission (SEC) ,
Statutory Interpretation ,
TCPA ,
Technology
Whether the game is football, baseball, hockey, or Indy Car racing, no team goes into their major championship matchup without training. Companies need to train as well if they intend to operate on the internet and expect to...more
6/14/2024
/ Breach Notification Rule ,
Critical Infrastructure Sectors ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
EU ,
Gramm-Leach-Blilely Act ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Intellectual Property Protection ,
NIST ,
Personal Information ,
Privacy Laws ,
Reporting Requirements ,
Software ,
Supply Chain ,
Third-Party Risk
On July 7, 2021, Colorado enacted the Colorado Privacy Act (CPA), becoming the third U.S. state to adopt a comprehensive privacy law. As previously described, the CPA doesn’t apply to everyone. Instead, it only applies to...more
11/11/2022
/ California Privacy Rights Act (CPRA) ,
Colorado ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Opt-Outs ,
Personal Data ,
Privacy Laws ,
Rulemaking Process ,
Shareholders ,
State Attorneys General ,
State Privacy Laws
Utah is likely the next in line to pass a comprehensive consumer privacy law, joining the ranks of California, Colorado, and Virginia. Senate Bill 227, the Utah Consumer Privacy Act (UCPA), was passed by the Utah legislature...more
On October 6, 2021, Apple announced that the requirement that applications that allow users to create an account must also enable users to initiate deletion of their accounts from within the application will go into effect on...more
10/18/2021
/ Apple ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CDPA ,
Consent ,
Data Deletion ,
General Data Protection Regulation (GDPR) ,
Mobile Apps ,
Notification Requirements ,
Privacy Laws ,
Privacy Notice Rule
On July 7, 2021, Colorado Governor Jared Polis signed the Colorado Privacy Act (“CPA”) into law, making Colorado the third state to enact comprehensive privacy legislation, following in the footsteps of California and...more
7/23/2021
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CDPA ,
Colorado ,
COPPA ,
Data Privacy ,
DPPA ,
Enforcement ,
Families First Coronavirus Response Act (FFCRA) ,
FERPA ,
General Data Protection Regulation (GDPR) ,
Governor Polis ,
Gramm-Leach-Blilely Act ,
HIPAA Access Request ,
New Legislation ,
Penalties ,
Privacy Laws ,
State Data Privacy Laws ,
Virginia
Still grappling with the aftershocks of the Schrems II decision from the CJEU on July 16 (we previously discussed the Schrems II decision here), the European Data Protection Board (“EDPB”) has issued a Frequently Asked...more
8/4/2020
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General-Business ,
International Data Transfers ,
Personal Data ,
Privacy Laws ,
Risk Assessment ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
On March 19, 2020, the European Data Protection Board (EDPB) adopted a statement on the processing of personal data in the context of the COVID-19 outbreak. The EDPB made it clear that while the EU’s General Data Protection...more
On August 6, 2019, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) released ISO/IEC 27701 (ISO 27701), a privacy extension to ISO/IEC 27001 and ISO/IEC 27002...more
9/9/2019
/ California Consumer Privacy Act (CCPA) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Organization for Standardization ,
Personally Identifiable Information ,
Privacy Laws ,
Security and Privacy Controls
Since the referendum to leave the EU rocked the UK in 2016, commentators, privacy personnel, and corporate officers alike have been speculating as to how Brexit will affect Britain’s subjugation to the General Data Protection...more
5/22/2019
/ Binding Corporate Rules ,
Data Protection ,
EU ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
No-Deal Brexit ,
Personal Data ,
Privacy Laws ,
Standard Contractual Clauses ,
Third Country Entities (TCEs) ,
UK ,
UK Brexit ,
Withdrawal Agreement