When it comes to safeguarding health data, the Health Insurance Portability and Accountability Act (HIPAA) is paramount. HIPAA’s extensive reach encompasses nearly all healthcare providers and all health plans, affecting just...more
5/28/2025
/ Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Enforcement ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Patient Privacy Rights ,
Privacy Laws ,
Reproductive Healthcare Issues ,
State Attorneys General ,
State Privacy Laws
On June 25, 2024, Rhode Island became the 20th state to enact a comprehensive consumer data protection law, the Rhode Island Data Transparency and Privacy Protection Act (“RIDTPPA”). The state joins Kentucky, Maryland,...more
8/13/2024
/ Consent ,
Consumer Privacy Rights ,
Data Controller ,
Enforcement ,
Geolocation ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Rhode Island ,
State Attorneys General ,
State Privacy Laws
On May 24, 2024, Minnesota’s governor signed an omnibus bill, HF4757 which included the new Consumer Data Privacy Act. The state joins Kentucky, Minnesota, Nebraska, New Hampshire, New Jersey, and Rhode Island in passing...more
Maryland’s governor recently signed the Maryland Online Data Privacy Act of 2024 (MODPA), making Maryland one of six states—along with Kentucky, Nebraska, New Hampshire, New Jersey, and Rhode Island—to pass a comprehensive...more
In what is being called the American Privacy Rights Act (Act), some are suggesting this could be the one! For many years, Congress has been unable to come together to craft a national privacy law. There have been several...more
The California Privacy Protection Agency (CPPA) issued its first enforcement advisory concerning the California Consumer Privacy Act (CCPA). In Enforcement Advisory No. 2024-01, the CPPA tackles a foundational principle –...more
Though enforcement of the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act (CCPA) has been paused for now, the State of California is not resting when it comes to compliance with the...more
At the start of 2023, the New York State legislature introduced several privacy-related bills. One of those bills, S365, appears to be gaining momentum. It was reported and committed to the Internet and Technology Committee...more
On March 28, 2023, Iowa’s Governor signed Iowa’s new statute relating to consumer data protection. Iowa joins California, Colorado, Connecticut, Utah, and Virginia in the ever-growing patchwork of consumer privacy laws across...more
On March 15, 2023, the Iowa legislature unanimously passed Senate File 262, the Consumer Privacy Act, which relates to consumer data and privacy protection. Once signed by Iowa’s governor, the statute will become operative on...more
On October 21 and 22, the California Privacy Protection Agency (CPPA) Board will meet to discuss possible action regarding the proposed regulations for the California Consumer Privacy Act (CCPA) and California Privacy Rights...more
1. What’s changing?
Under the current version of the California Consumer Privacy Act (“CCPA”), an employer’s obligations related to the personal information it collects from employees, applicants, and contractors residing...more
9/28/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Do Not Sell ,
Employee Rights ,
Job Applicants ,
Notice Requirements ,
Personal Information ,
Privacy Policy
At the start of June, the California Privacy Protection Agency (CPPA), the agency tasked with implementing and enforcing the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act (CCPA), voted...more
The California Consumer Privacy Act (CCPA), considered one of the most expansive U.S. privacy laws to date, went into effect on January 1, 2020. The CCPA placed significant limitations on the collection and sale of a...more
1/20/2022
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CMIA ,
Consumer Privacy Rights ,
Contractors ,
Cookies ,
Coronavirus/COVID-19 ,
Corporate Counsel ,
Covered Business ,
Data Breach ,
Data Deletion ,
Data Privacy ,
Data Protection ,
Do Not Sell ,
For-Profit Corporations ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Opt-Outs ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Record Retention ,
Sensitive Personal Information ,
Third-Party
In late May, New York Attorney General Letitia James announced a $200,000 settlement agreement with Filters Fast, an online water filtration retailer, stemming from a 2019 data breach compromising the personal information of...more
6/8/2021
/ Breach Notification Rule ,
Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Cyber Attacks ,
Data Breach ,
New York ,
Personal Information ,
Policies and Procedures ,
Settlement Agreements ,
SHIELD Act ,
State Attorneys General ,
Websites
On May 13th, New York State Senator Kevin Thomas, Chair of NY’s Consumer Protection Committee, reintroduced the New York Privacy Act (“NYPA”), a comprehensive consumer privacy law similar in kind to the California Consumer...more
5/26/2021
/ Anti-Discrimination Policies ,
California Consumer Privacy Act (CCPA) ,
CDPA ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Controller ,
DPPA ,
Duty of Care ,
FERPA ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
New York ,
Opt-In ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Proposed Legislation ,
Right to Delete ,
Written Notice
Effective July 9, 2021, certain retail and hospitality businesses that collect and use “biometric identifier information” from customers will need to post conspicuous notices near all customer entrances to their facilities. ...more
5/12/2021
/ Biometric Information ,
Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Data Selling ,
Hospitality Industry ,
New York ,
Private Right of Action ,
Retailers ,
SHIELD Act
In 2018, the California Consumer Privacy Act (“CCPA”), which provides for an expansive array of privacy rights and obligations, was enacted. At the time, it was reasonable to wonder whether California’s bold example would...more
3/24/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CDPA ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Brokers ,
Data Deletion ,
Duty of Care ,
New York ,
Opt-In ,
Opt-Outs ,
Personal Data ,
Policies and Procedures ,
Private Right of Action ,
Third-Party ,
Written Consent
Already at the cutting edge of U.S. privacy law, California jumped even further ahead of the pack with the recent approval by State voters of the California Privacy Rights Act (“CPRA”). The CPRA, which builds upon the...more
For years now, state laws have required subject organizations to provide notification to affected data subjects and, in some instances, to state agencies, consumer reporting agencies, and the media, when they experience a...more
9/19/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Governor Newsom ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Private Right of Action ,
Right to Delete