As with a growing number of states, Connecticut passed a comprehensive consumer privacy law, the Connecticut Data Privacy Act (the “CTDPA”), on May 10, 2022. The CTDPA becomes effective on July 1, 2023 and, in spite of the...more
7/3/2023
/ Amended Legislation ,
Consent ,
Consumer Privacy Rights ,
COPPA ,
Data Controller ,
Data Deletion ,
Data Processors ,
Data Selling ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Minors ,
PHI ,
Sensitive Personal Information ,
State Privacy Laws
A recent case highlights another area of potential legal risk with using generative AI: liability for content when AI simply gets the facts wrong.
Earlier this month, a radio host sued OpenAI in Georgia state court,...more
In 2023, state legislatures across the U.S. responded to the growing impact of artificial intelligence (AI) by introducing a substantial number of bills aimed at regulating its development and use by private industry. To...more
To date, US non-profit organizations have enjoyed an exemption from the state omnibus privacy laws. That’s about to change. Unlike the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA),...more
On March 15, 2023, the Colorado Attorney General’s Office announced the finalization of the Regulations implementing the Colorado Privacy Act (CPA), which will take effect on July 1, 2023. Covered businesses that make use of...more
On April 27, 2023, the Washington state governor signed into law the My Health My Data Act, also known as the MHMDA. The majority of the law’s provisions will take effect on March 31, 2024, providing companies with one...more
Artificial Intelligence (AI), once limited to the pages of science fiction novels, has now been adopted by more than 1/4 of businesses in the United States, and nearly half of all organizations are working to embed AI into...more
Artificial Intelligence (AI) has enormous potential to make many operational tasks easier, including hiring and retention functions. Nonetheless, the technology – unchecked – could produce discriminatory outcomes....more
4/27/2023
/ Artificial Intelligence ,
Bias ,
Compliance Dates ,
Department of Justice (DOJ) ,
Employment Discrimination ,
Equal Employment Opportunity Commission (EEOC) ,
Final Rules ,
Hiring & Firing ,
Job Applicants ,
Local Ordinance ,
Machine Learning
On January 1, 2023, the California Privacy Rights Act of 2020, which amended the existing California Consumer Privacy Act (collectively, the “CPRA”) and Virginia’s Consumer Data Protection Act (“VCDPA”) went into effect....more
“Precise Geolocation” has become a hot button issue in the privacy world with recent data privacy laws seeking to regulate the collection and processing of such information, including in California and Virginia. The...more
3/30/2023
/ California Consumer Privacy Act (CCPA) ,
Consumer Information ,
Data Collection ,
Federal Trade Commission (FTC) ,
Geolocation ,
Guidance Update ,
Location Data ,
Location Privacy ,
Mobile Apps ,
Mobile Devices ,
Privacy Concerns ,
Third-Party Service Provider
2023 will be yet another dynamic year for data privacy regulation. In addition to the data privacy laws in Virginia, Colorado, Utah, and Connecticut going into force this year, businesses also have to contend with the fact...more
Businesses have become increasingly reliant on artificial intelligence (AI) to assist with hiring, promotion, and other employment-related tasks. These tools are facing increased scrutiny from regulators, especially in New...more
1/9/2023
/ Americans with Disabilities Act (ADA) ,
Anti-Discrimination Policies ,
Artificial Intelligence ,
Automation Systems ,
Bias ,
Corporate Counsel ,
Equal Employment Opportunity Commission (EEOC) ,
Fair Credit Reporting Act (FCRA) ,
Hiring & Firing ,
Job Applicants ,
Local Ordinance ,
Software
The protection of children’s online data has come to the forefront as one of the most important data privacy issues both in the United States and EMEA, and California is now expected to join the list of jurisdictions to enact...more
What is a data protection impact assessment (DPIA)?
A data protection impact assessment or data protection assessment (DPIA) is a form of risk assessment that is designed to help organizations identify, analyze and...more
On November 3, 2020, Californians voted to pass Proposition 24, expanding and modifying the California Consumer Privacy Act (“CCPA”), which came into force on January 1, 2020. The new California Privacy Rights Act (“CPRA”)...more
On November 3, 2020, Californians voted to pass Proposition 24, expanding and modifying the California Consumer Privacy Act (“CCPA”), which came into force on January 1, 2020. The new California Privacy Rights Act (“CPRA”),...more
The CCPA itself does not contain a limitations period, but, like many states, California has, within its rules of civil procedure, omnibus limitations periods that apply to statutes for which a limitations period is not...more
Civil Code Section 1798.135(a)(1) provides that businesses must establish “a clear and conspicuous link on the business’ Internet homepage, titled ‘Do Not Sell My Personal Information,’ to an Internet Web page that enables a...more
Pursuant to Cal. Civ. Code Sections 1798,100(a), and 1798.110(a) and (b), a consumer has a right to request, and a business that “collects personal information about a consumer” has an obligation to disclose and deliver upon...more
On May 29, 2019, Nevada adopted Senate Bill No. 220 emulating portions of the California Consumer Protection Act (“CCPA”) with respect to permitting individuals to opt out of the sale of their personal information. While...more
The European Union's General Data Protection Regulation ("GDPR") is arguably the most comprehensive - and complex - data privacy regulation in the world. Although the GDPR went into force on May 25, 2018, there continues to...more
4/17/2019
/ Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Indemnification ,
Indemnification Clauses ,
Indemnity Agreements ,
International Data Transfers ,
Personal Data
Companies that do business in California know that it is a magnet for class action litigation. The California Consumer Privacy Act ("CCPA"), a new privacy law that applies to data collected about California residents, will...more
Companies that do business in California know that it is a magnet for class action litigation. The California Consumer Privacy Act ("CCPA"), a new privacy law that applies to data collected about California residents, will...more
The California Consumer Privacy Act (“CCPA”), was passed last summer as a compromise to avoid a highly restrictive privacy regime slated to appear on the November 2018 ballot in California. Amidst much controversy and debate,...more
The Consumer Product Safety Commission’s (CPSC) final rule expanding phthalate restrictions in children’s toys and child care articles takes effect this week, on April 25, 2018. The rule renews the ban on DEHP, DBP and BBP,...more