Data Revolution: How U.S. Privacy Laws Change the Way Data Should be Managed by Retail and Tech Industries
The Texas Attorney General has emerged as a significant regulatory enforcement authority for data privacy in the US. Traditionally, data privacy enforcement in the US has emanated from the Federal Trade Commission and other...more
On January 16, 2025, the Federal Trade Commission (FTC) finalized amendments to the Children’s Online Privacy Protection Act (COPPA) Rule (Final Rule), which completes the process that started back in 2019 when the FTC sought...more
This article is the first in a series that will address privacy concerns for insurance carriers, agents and brokers. The insurance industry is uniquely situated at the confluence of multiple data privacy regimes....more
There have been some highly publicized privacy statement revisions. Here are some lessons we are discussing with clients: •Regulators are putting a high value on transparency and they are looking specifically at privacy...more
The Personal Information Protection Act ("PIPA") comes into full force on 1 January 2025. All organisations in Bermuda are expected to be in compliance with it by that date – time is running out! The Privacy Commissioner...more
Late last month, the Association of Corporate Counsel (ACC) hosted a panel on artificial intelligence and how it is rapidly transforming the life sciences sector, allowing companies to leverage large datasets to accelerate...more
This breakout series will discuss the latest U.S. privacy compliance programs, and how trends such as sale opt-out and cookie banners are part of the “data revolution”. The series will also cover the intersection of...more
The Delaware Personal Data Privacy Act (DPDPA or Act) became law on September 11, 2023, making Delaware the 13th state to enact a comprehensive consumer data privacy law, joining California, Virginia, Colorado, Connecticut,...more
As with many websites, hospitals often deploy third-party analytics tools to measure browser traffic in order to increase awareness of their websites, ensure website optimization and provide health care information to the...more
On March 29, 2023, California’s Office of Administrative Law (OAL) approved the California Privacy Protection Agency (CPPA) Board’s initial package of regulations under the California Privacy Rights Act (CPRA)....more
The start of 2023 has brought with it significant changes to data privacy – new state laws concerning data privacy came into effect January 1 (the California Privacy Rights Act and the Virginia Consumer Data Protection Act),...more
European data protection authorities kicked 2023 off with a bang when, on January 4, the Irish Data Protection Commission (DPC) announced that Meta Platforms Ireland would be fined a total of €390 million (roughly $414...more
As we ring in the new year, employers around the country will be bringing in new or updated employee privacy notices. And while these notices were initially targeted to California employees because of privacy requirements...more
The so-called “HR exemption” taking employee and applicant personal information out of the control of the California Consumer Privacy Act (CCPA) is about to come to an end. Employers who are “businesses” for purposes of the...more
The Colorado Attorney General’s Office issued its proposed Colorado Privacy Act (CPA) Rules (Draft Rules) on Friday, September 30. The CPA Rules differ in many ways from those in the proposed California Privacy Rights Act...more
Editor’s Note: On September 29, 2022, HaystackID shared an educational webcast on the topic of US privacy law. As privacy continues to move to the forefront of not only information consideration but of business concern for...more
Over the last two years, many states have taken cues from California and the EU by adopting sweeping privacy laws. These laws, passed in Virginia, Colorado, Connecticut and Utah, as well as updates to the already enacted...more
Keypoint: The comments focus on identifying areas in which the Attorney General’s Office may provide additional clarity to consumers and businesses and to ensure, where appropriate, the interoperability of the Colorado...more
The California Privacy Protection Agency (CPPA) quietly issued the first draft of the California Consumer Privacy Act (CPRA) regulations and an Initial Statement of Reasons by attaching them to the June 8 board meeting...more
In an opinion released on March 10, 2022, California Attorney General Rob Bonta addressed the applicability of the “right to know” under the California Consumer Privacy Act (CCPA) (pdf) to internal inferences that...more
When can a data breach get worse? When the process of notifying victims creates a second breach. Take the example of a cancer treatment center that recently paid $425,000 to settle allegations that included a faulty...more
Starting in January of 2023, businesses subject to California Privacy Rights Act (CPRA), may be required to publish the retention periods for all categories of personal and sensitive information they collect, manage, store,...more
Last month, California Governor Gavin Newsom signed Senate Bill 41, the Genetic Information Privacy Act (“GIPA”), a law that regulates “direct-to-consumer genetic testing companies” that handle the “genetic data” of...more
On October 6, 2021, Apple announced that the requirement that applications that allow users to create an account must also enable users to initiate deletion of their accounts from within the application will go into effect on...more
Since its enactment just over a year ago, some companies have struggled to interpret the California Consumer Privacy Act (CCPA) and the circumstances that might subject them to penalties and fines for violations. In an effort...more