On December 6, 2024, the Colorado Attorney General’s Office notified the public that it adopted the updated Colorado Privacy Act (CPA) Rules, as a follow-up to the amendments to the CPA made earlier in the year (collectively,...more
1/10/2025
/ Biometric Information ,
Compliance ,
Consent ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Employee Privacy Rights ,
Employee Rights ,
Privacy Laws ,
Regulatory Requirements ,
State Privacy Laws
On April 27, 2023, the Washington State governor signed into law the My Health My Data Act or the MHMDA. In spite of the onerous and at times confusing requirements of the MHMDA, the Washington Attorney General (AG) has only...more
On April 27, 2023, the Washington State governor signed into law the My Health My Data Act or the MHMDA. In spite of the onerous and at times confusing requirements of the MHMDA, the Washington Attorney General (AG) has only...more
1/30/2024
/ Compliance ,
Consent ,
Data Collection ,
Data Privacy ,
Data Subject Access Requests ,
Effective Date ,
Notice Requirements ,
Penalties ,
Personal Information ,
PHI ,
Privacy Laws ,
State Privacy Laws
In late 2021, the Quebec legislature passed “The Privacy Legislation Modernization Act” or Law No. 25 (“Law 25”), which was designed to modernize and make significant changes to Quebec’s existing privacy framework....more
1/23/2024
/ Amended Legislation ,
Canada ,
Compliance ,
Consent ,
Data Protection Impact Assessments (DPIAs) ,
Data Subjects Rights ,
General Data Protection Regulation (GDPR) ,
Personal Information ,
PIPEDA ,
Privacy Laws ,
Reporting Requirements ,
Transparency
With the onslaught of new privacy legislation and cyber threats coupled with upticks in enforcement, running a well-functioning and flexible privacy program is now, more than ever, a critical component of an organization’s...more
1/5/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
EU ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Personally Identifiable Information ,
Privacy Laws ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Sensitive Personal Information ,
State Privacy Laws ,
Targeted Digital Advertising
The Colorado Privacy Act (“CPA”), Colorado’s first comprehensive consumer privacy law, came into effect on July 1, 2023. Like many new privacy laws, though, there has been uncertainty surrounding when meaningful enforcement...more
To date, US non-profit organizations have enjoyed an exemption from the state omnibus privacy laws. That’s about to change. Unlike the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA),...more
On April 27, 2023, the Washington state governor signed into law the My Health My Data Act, also known as the MHMDA. The majority of the law’s provisions will take effect on March 31, 2024, providing companies with one...more
The concept of Sensitive Personal Information (SPI) has made its way into new and emerging US privacy laws. The usual challenges associated with a novel privacy obligation certainly apply to Sensitive Personal Information,...more
On October 7, President Joe Biden signed an Executive Order (EO) on Enhancing Safeguards for United States Signals Intelligence Activities, which is intended to move forward next steps in the EU US Privacy Shield Framework...more
10/24/2022
/ Biden Administration ,
Compliance ,
Compliance Dates ,
EU ,
EU-US Privacy Shield ,
Executive Orders ,
Foreign Intellgence ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Intelligence Agencies ,
National Security ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance