Since the passage of the California Consumer Privacy Act (CCPA) in 2018, and in the absence of a comprehensive data privacy law at the federal level, states have increasingly sought to enact their own privacy legislation. ...more
On April 17, 2024, Nebraska’s governor signed Legislative Bill 1074, which establishes a consumer data privacy law for the state. Nebraska’s law takes effect January 1, 2025. To Whom does the law apply? The law applies to...more
On May 9, 2024, Governor Wes Moore signed the Maryland Online Data Privacy Act (MODPA), making Maryland the seventeenth state to enact a comprehensive data privacy law. While similar in certain respects to most Virginia Model...more
Keypoint: The Minnesota bill contains several unique requirements and provisions, including a novel right to question the result of a profiling decision, privacy policy provisions that increase interoperability with existing...more
2023 was a record-breaking year, with legislators in Delaware, Indiana, Iowa, Montana, Oregon, Tennessee and Texas passing comprehensive data privacy laws, joining California, Colorado, Connecticut, Utah and Virginia. Already...more
With the Kentucky governor recently signing into law that state’s privacy law the US now has 16 states with “comprehensive” privacy laws. This newest one will go into effect on January 1, 2026 – the same day as Indiana. It...more
Enforcement of Washington’s My Health My Data Act (MHMDA or the Act) starts now. Passed by the Washington state legislature last year and designed broadly to protect “consumer health data,” the Act is one part of a larger...more
The Georgia Senate voted to pass the Georgia Consumer Privacy Protection Act (SB 473) on Feb. 27th. Although the bill is similar to many other comprehensive state privacy laws, there are some notable distinctions....more
The California Privacy Protection Agency (CPPA) released initial draft regulations for cybersecurity audits (which have since been amended) and risk assessments late this summer. The agency’s board of directors addressed the...more
As we enter into the final few months of the year, it is important for companies operating in the United States to not only assess the implementation of the compliance requirements for the four new comprehensive state privacy...more
Generative Artificial Intelligence (AI) systems like ChatGPT and Google’s Bard have been widely successful and used in applications ranging from science, law, art, business, and even medicine. Generative AI has been called a...more
The Delaware Personal Data Privacy Act (DPDPA or Act) became law on September 11, 2023, making Delaware the 13th state to enact a comprehensive consumer data privacy law, joining California, Virginia, Colorado, Connecticut,...more
Despite its misleading title, Washington’s My Health My Data Act will regulate many things most people would not think of as health-related data. It will also regulate non-Washington entities, mere processors of...more
The Volunteer State became the eighth state to enact a comprehensive data privacy law after Gov. Bill Lee (R) signed the Tennessee Information Protection Act (“TIPA”) into law yesterday, May 11. Tennessee joins a growing...more
State legislatures continue to take privacy matters into their own hands while talks of a federal privacy law linger. Indiana is set to become the seventh state to enact a comprehensive privacy law when Senate Bill No. 5 is...more
Editor’s Note: On September 29, 2022, HaystackID shared an educational webcast on the topic of US privacy law. As privacy continues to move to the forefront of not only information consideration but of business concern for...more
This week, on Tuesday May 10, 2022, Connecticut Gov. Ned Lamont approved Connecticut Senate Bill 6, an Act Concerning Personal Data Privacy and Online Monitoring (the "Connecticut Privacy Act"). Governor Lamont’s approval...more
Is your business one that has not prioritized compliance with data privacy laws because you do not collect personal data about your customers? If so, you are in good company, but it is time to reframe your approach on data...more
Started in Europe in 2007, Data Privacy Day, or Data Protection Day as it is known internationally, is an international effort that takes place annually on January 28 to create awareness of the importance of data privacy. In...more
Facial recognition technology, drones the size of a butterfly, secure microchips replacing magnetic stripes on credit cards, sensors the size of a grain of sand swallowed by patients that transmit data directly to the...more
At the close of Connecticut’s 2021 legislative session, a pair of data protection/cybersecurity related bills made their way to Governor Ned Lamont’s desk, while a CCPA-like omnibus privacy law falling one floor vote short. ...more
First we take Sacramento, then we take Berlin: How do US data protection laws affect how you do business. The webinar is aimed at in-house or outside counsel, as well as data protection and compliance officers. In this...more
We are now seeing a potential trend where states are incentivizing companies through the creation of safe harbors to improve their cybersecurity posture, instead of penalizing them after a breach of personal information. Utah...more
Keypoint: New Utah law creates incentive for businesses to develop and implement a written cybersecurity program to protect themselves against data breach lawsuits. On March 11, 2021, Utah governor Spencer Cox signed the...more
Keypoint: Although weakened from its original version, the Oklahoma bill would (if enacted) provide substantial privacy rights to Oklahoma residents and, in some respects, provide more privacy protections than found in the...more