As part of our series to provide practical insights into emerging Federal Trade Commission (FTC) priority areas for consumer protection and data privacy enforcement, we are taking a deep dive into the Protecting Americans’...more
8/13/2025
/ Compliance ,
Corporate Counsel ,
Cross-Border Transactions ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
National Security ,
New Legislation ,
Personal Data ,
Protecting Americans Data from Foreign Adversaries Act (PADFA) ,
Regulatory Requirements ,
Risk Management ,
Sensitive Personal Information
Recent enforcement activities in California and Connecticut highlight that states are ready and willing to actively enforce their comprehensive privacy laws. These recent actions – which continue the trend of states ramping...more
7/17/2025
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Connecticut ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Enforcement Actions ,
Opt-Outs ,
Personal Data ,
Privacy Policy ,
Sensitive Personal Information ,
State Attorneys General ,
State Privacy Laws
The U.S. Department of Justice (DOJ) is set to enforce its sweeping new rule on certain U.S. data transactions with countries of concern and covered persons as of July 9, 2025. The new rule regarding “Preventing Access to...more
7/9/2025
/ China ,
Compliance Dates ,
Corporate Counsel ,
Data Privacy ,
Data Security ,
Department of Justice (DOJ) ,
Economic Sanctions ,
Enforcement ,
Enforcement Actions ,
Export Controls ,
Governance Standards ,
International Data Transfers ,
National Security ,
New Regulations ,
Regulatory Requirements
On June 22, 2025, Texas Governor Greg Abbott signed the Texas Responsible Artificial Intelligence Governance Act (TRAIGA or the Texas AI Act) into law. The new law goes into effect January 1, 2026. The law places obligations...more
6/24/2025
/ Algorithms ,
Artificial Intelligence ,
Biometric Information ,
Corporate Counsel ,
Data Privacy ,
Enforcement ,
Enforcement Actions ,
Governance Standards ,
Government Agencies ,
Governor Abbott ,
Machine Learning ,
New Legislation ,
NIST ,
Privacy Laws ,
Regulatory Requirements ,
State and Local Government ,
State Attorneys General ,
State Privacy Laws ,
Texas
On June 2, the New Jersey Division of Consumer Affairs (Division) published proposed regulations to implement the New Jersey Data Privacy Act (NJDPA). Of note, these rules were proposed months after the NJDPA went into effect...more
6/17/2025
/ Comment Period ,
Compliance ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
New Jersey ,
Notice Requirements ,
Personal Data ,
Proposed Legislation ,
Proposed Rules ,
Regulatory Requirements ,
State Privacy Laws
State enforcement agencies are keeping the pressure on businesses, with two new enforcement actions announced this week in California and Texas. This activity signals to companies – both within and outside of the United...more
As we enter the New Year, Wiley is looking ahead to the top privacy developments and trends to watch in 2025. On the state side, 2025 kicked off with several new privacy laws going into effect in January, and states continue...more
1/9/2025
/ Biometric Information ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Personal Data ,
Privacy Laws ,
State Attorneys General ,
State Privacy Laws
Last year we made some predictions about 2024’s cyber landscape and major issues. Several proved prescient, with incident reporting, CISO scrutiny, SEC aggression, and new regulation of various sectors taking shape as the...more
1/7/2025
/ Artificial Intelligence ,
Chief Information Security Officer (CISO) ,
China ,
Corporate Counsel ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
DFARS ,
Emerging Technologies ,
FCC ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Intelligence Services ,
Internet of Things ,
Loper Bright Enterprises v Raimondo ,
National Security Agency (NSA) ,
NIST ,
OIG ,
Popular ,
Regulatory Agenda ,
Regulatory Standards ,
SCOTUS ,
TSA ,
Unmanned Aircraft Systems
The Texas Attorney General’s (AG) office announced its first enforcement action under a new children’s and teens’ state privacy law that went into effect a mere month ago. Texas’ Securing Children Online Through Parental...more
10/8/2024
/ Chat Rooms ,
Corporate Counsel ,
Data Sellers ,
Data-Sharing ,
Digital Service Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Message Boards ,
Minors ,
Online Safety for Children ,
Personal Information ,
Social Media ,
State Attorneys General ,
State Privacy Laws ,
Texas ,
TikTok
With new comprehensive privacy laws in Texas and Oregon going into effect on Monday, July 1, we invited enforcers from the Texas and Oregon Attorneys General Offices – Tyler Bridegan and Kristen Hilton – to join our Wiley...more
7/1/2024
/ Collaboration ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Documentation ,
Enforcement ,
GLBA Privacy ,
Oregon ,
Risk Assessment ,
Risk Management ,
State Privacy Laws ,
Texas
Over the weekend, lawmakers unveiled the latest push for a federal privacy law – the American Privacy Rights Act (APRA). The bill was circulated as a discussion draft by Sen. Maria Cantwell (D-WA), Chair of the Senate...more
4/11/2024
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Federal Trade Commission (FTC) ,
FTC Act ,
Government Entities ,
Minors ,
Nonprofits ,
Privacy Framework ,
Private Right of Action ,
Right to Delete ,
Right-To-Access ,
Small Business ,
Social Media ,
Third-Party Service Provider ,
Transparency
2024 has started off with a bang for state privacy law developments. Only two months into the new year, there has been significant enforcement activity in California and Connecticut – with the California Privacy Protection...more
A recent spate of successful legal challenges has provided some relief from the ever-swelling wave of state privacy laws. The legal bases of these challenges vary, but taken together, they highlight that state privacy laws –...more
10/6/2023
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
COPPA ,
Corporate Counsel ,
Data Collection ,
Data Management ,
Data Protection Impact Assessments (DPIAs) ,
First Amendment ,
New Regulations ,
Online Safety for Children ,
State Privacy Laws
On Friday, June 30, 2023, a California state superior court ruled that any California Privacy Rights Act (CPRA) regulation may not be enforced until one year after the regulation is promulgated. Practically speaking, this...more
It has been an active legislative season, with numerous states advancing new data privacy laws. In May, Indiana, Montana, and Tennessee joined Iowa in adopting new privacy laws, while the legislature in Texas sent an omnibus...more
6/8/2023
/ Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
NIST ,
Online Safety for Children ,
Opt-Outs ,
Personal Data ,
Privacy Laws
On January 26, the National Institute of Standards and Technology (NIST) published its much anticipated AI Risk Management Framework 1.0 (AI RMF or Version 1.0), a risk-management resource for organizations designing,...more
The Chairwoman of the Federal Communications Commission recently articulated a new vision of that agency’s role in the nation’s cybersecurity. The FCC, as an independent agency with a relatively discrete set of regulatory...more
2023 already is a landmark year for privacy regulation. As of January 1, 2023, two new privacy laws are now in effect: (1) the California Privacy Rights Act (CPRA), which amends the California Consumer Privacy Act (CCPA), and...more
On October 20, 2022, the Federal Trade Commission (FTC) announced the launch of a new rulemaking process to address how fees are charged for goods or services, focusing on potentially “deceptive or unfair” fees that the FTC...more
10/24/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Advertising ,
AMG Capital Management LLC v FTC ,
Corporate Counsel ,
Cybersecurity ,
Disclosure Requirements ,
Federal Trade Commission (FTC) ,
Fees ,
FTC Act ,
Marketing ,
Proposed Rules ,
Surveillance ,
Unfair or Deceptive Trade Practices
On August 11, 2022, the Federal Trade Commission (FTC) released its much anticipated advance notice of proposed rulemaking (ANPR), titled “Trade Regulation Rule on Commercial Surveillance and Data Security.” The ANPR is the...more
8/12/2022
/ Administrative Procedure Act ,
Advanced Notice of Proposed Rulemaking (ANPRM) ,
Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Communications Decency Act ,
Consent ,
Consumer Financial Products ,
Corporate Counsel ,
Data Collection ,
Data Security ,
Federal Register ,
Federal Trade Commission (FTC) ,
FTC Act ,
Surveillance ,
Transparency ,
Unfair or Deceptive Trade Practices
Big changes are underway in California privacy, with a brand new privacy agency, forthcoming new privacy rules due by July, and a new comprehensive privacy framework going into effect in January 2023. As businesses subject to...more
Privacy In Focus®-
The last several years have seen major developments in state privacy laws. While Congress remains gridlocked on the federal privacy front, states enacted omnibus data privacy bills that will impact...more
1/19/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CDPA ,
Colorado ,
Comment Period ,
Compliance ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Mapping ,
Data Privacy ,
Data Protection ,
Privacy Policy ,
Proposed Amendments ,
State Data Privacy Laws ,
State Privacy Laws ,
Third-Party ,
Virginia
As 2021 draws to a close, businesses subject to California’s privacy laws should pay close attention to developments underway in that state that will have broad impacts on compliance strategies. On September 22, 2021, the...more
Companies subject to the California Consumer Privacy Act (CCPA) are required to update their online privacy policies “at least once every 12 months,” as detailed in the statute. For many companies that updated their CCPA...more
On June 8, 2021, the Colorado Legislature passed the Colorado Privacy Act (CPA or “Act”), moving Colorado close to becoming the third state in the nation with its own omnibus privacy law, joining California and Virginia. If...more