In December 2024, Jonathan Gabrielli filed several claims alleging that Motorola Mobility LLC (Motorola) misrepresented its data usage policy and shared his personal data with third parties, including Google, Amazon, and...more
Before assuming his new role as Executive Director for the California Privacy Protection Agency (CPPA), Tom Kemp served as a volunteer policy advisor on the Delete Act in 2023 and California’s 2020 ballot initiative, which...more
U.S. companies are running out of time to comply with a sweeping new Department of Justice (DOJ) rule that limits sharing sensitive personal data with certain foreign countries—including China, Russia, and Iran. With a hard...more
California Cryobank, LLC, the largest sperm bank in the country, faces a lawsuit in the U.S. District Court for the Central District of California over an April 2024 data breach. Cryobank provides frozen donor sperm and...more
The California Privacy Protection Agency (CPPA) the agency responsible for implementing and enforcing the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) (collectively the CCPA), protecting...more
The California Privacy Protection Agency (CPPA) and Background Alert, Inc. (a California-based data broker) settled allegations that Background Alert failed to register and pay the annual fee required by the California Delete...more
3/7/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Personal Data ,
Privacy Laws ,
State Privacy Laws
Last week, a class action was filed against NewsBank, Inc., a Florida-based news database company, related to a 2024 breach of employee personal information.
NewsBank provides a database of archived news publications...more
2/21/2025
/ Class Action ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Employee Privacy Rights ,
Employee Rights ,
Identity Theft ,
Personal Data ,
Personal Information ,
Privacy Laws
The Oregon Department of Justice (DOJ) released a new toolkit sharing with Oregonians how to protect their online information to celebrate Data Privacy Day. The toolkit includes information on how consumers can exercise their...more
2024 was a year chock-full of data breaches and privacy violations. Many new data privacy and cybersecurity regulations were introduced (and became effective), and regulators sent a strong message to businesses that privacy...more
1/3/2025
/ Biometric Information ,
Class Action ,
Compliance ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
FCC ,
Fines ,
Personal Data ,
Ransomware ,
Regulatory Oversight ,
Settlement
Earlier this month, after the conclusion of the public comment period, the Colorado Department of Law adopted amendments to the Colorado Privacy Act (CPA), which grants rights to Colorado consumers concerning their personal...more
12/20/2024
/ Biometric Information ,
Colorado ,
Consumer Privacy Rights ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Protection ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Right to Delete ,
State Privacy Laws
On January 1, 2025, five states’ consumer privacy rights laws will go into effect. Is your business ready? Have you determined if these laws apply to your business?...more
As we outlined in our previous blog article, California recently became the second state to enact a law safeguarding consumer brain data, following a similar law passed by Colorado in April. Both state laws prevent the sale...more
This week, two class actions were filed in the U.S. District Court for the Eastern District of Pennsylvania against David’s Bridal based on two data breaches. The actions allege that David’s Bridal failed to protect the...more
Minnesota was the nineteenth state to pass a comprehensive data privacy law, the Minnesota Consumer Privacy Act (H.F. 4757) (MCPA), which becomes effective on July 31, 2025.
While we continue to see more of these laws...more
Last week Marriott Hotel Services was hit with a class action lawsuit for alleged violations of the Illinois’ Biometrics Information Privacy Act (BIPA). The lawsuit alleges that the hotel violated BIPA by requiring workers to...more
5/28/2024
/ Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Data Collection ,
Data Privacy ,
Employer Liability Issues ,
Employment Litigation ,
Fingerprints ,
Hospitality Industry ,
Marriott ,
Personal Data ,
Personally Identifiable Information ,
Statutory Violations
Last week, the Vermont legislature passed H. 121, the Vermont Data Privacy Act. This law will make Vermont the 18th state to grant consumers privacy rights similar to those under the California Consumer Privacy Act (CCPA). It...more
CYBERSECURITY -
Health Care Entities Continue to Get Pummeled by Cybersecurity Attacks -
The newest health care entity to be hit by a cyberattack is Ascension Health, which operates 140 hospitals and 40 assisted living...more
5/10/2024
/ Consumer Privacy Rights ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Sharing ,
Personal Data ,
Personally Identifiable Information ,
Social Media
Last month, Nebraska passed the Nebraska Data Privacy Act (NDPA), making it the latest state to enact comprehensive privacy legislation. Nebraska joins California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana,...more
CYBERSECURITY -
New Threat: Scattered Spider International Coalition of Hackers -
Cyber adversaries in China and Russia continue to be a formidable threat to U.S. based companies. In the past, scams might be detected...more
Convergent Outsourcing Inc., a debt-collection agency, settled a data breach class action in the U.S. District Court for the Western District of Washington for $2.45 million. The class action suit against Convergent alleged...more
CYBERSECURITY CISA-
FBI + MS-ISAC Issue Warning on Phobos Ransomware-
To help organizations protect against ransomware, CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a...more
On February 28, 2024, the Justice Department published an Advanced Notice of Proposed Rulemaking (ANPRM) to seek public comments on the establishment of a new regulatory regime to restrict U.S. persons from transferring bulk...more
3/8/2024
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Cross-Border Transactions ,
Cybersecurity ,
Data Brokers ,
Department of Homeland Security (DHS) ,
Executive Orders ,
Foreign Nationals ,
International Emergency Economic Powers Act (IEEPA) ,
National Security ,
Personal Data ,
Regulatory Agenda
Similar to the well-known California Consumer Privacy Act, on July 1, 2024, the Colorado Privacy Act (CPA) goes into effect and will provide Colorado residents with express rights over their data collected by businesses. The...more
1/12/2024
/ Colorado ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Priorities ,
Opt-Outs ,
Personal Data ,
Regulatory Agenda ,
Regulatory Reform ,
State Data Privacy Laws
CYBERSECURITY -
New York Governor Proposes Cybersecurity Regulations for NY Hospitals -
On November 13, 2023, Governor Kathy Hochul released proposed cybersecurity regulations applicable to all hospitals located within...more
11/17/2023
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Corporate Sales Transactions ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
FCC ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Identity Theft ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
Regulatory Reform
This week, California’s governor signed a first-in-the-nation law that will impose new regulations on data brokers, requiring such entities to delete personal data pursuant to consumer requests. Data brokers specialize in...more
10/13/2023
/ California ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Brokers ,
Data Collection ,
Data Deletion ,
Data Management ,
Data Protection ,
Information Governance ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Reform