On June 11, 2025, Connecticut passed Senate Bill 01295 (SB 01295). If signed by the governor, SB 01295 will amend the existing Connecticut Data Privacy Act (CTDPA) in several important ways, with the amendments going into...more
6/19/2025
/ Connecticut ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Minors ,
New Amendments ,
Proposed Amendments ,
Regulatory Agenda ,
Sensitive Personal Information ,
Social Media ,
State Privacy Laws
On February 12, 2025, the House Energy and Commerce Committee Chair Brett Guthrie (R-Ky) and Vice Chair John Joyce (R-Pa) announced the formation of 12-member working group tasked with developing comprehensive data privacy...more
2/20/2025
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Federal Data Privacy ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Personal Data ,
Proposed Legislation ,
Regulatory Agenda ,
State Privacy Laws ,
Working Groups
On November 12, 2024, the Consumer Financial Protection Bureau (CFPB) released a report examining the carve outs and limitations contained in comprehensive state privacy laws relating to financial institutions. In an...more
11/21/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Open Banking ,
Personal Information ,
Regulatory Oversight ,
State Privacy Laws
On November 14, 2024, the California Privacy Protection Agency (“CPPA”), which is tasked with enforcing the California Consumer Privacy Act (the “CCPA”), announced it settled with two data brokers, Growbots, Inc. and UpLead...more
11/18/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Brokers ,
Data Management ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Personal Information ,
Registration Requirement ,
Regulatory Requirements ,
Settlement ,
State Privacy Laws ,
Statutory Violations
Colorado has become the first state to pass legislation (SB24-205) regulating the use of artificial intelligence (AI) within the United States. This legislation is designed to address the influence and implications,...more
5/14/2024
/ Algorithms ,
Anti-Fraud Provisions ,
Artificial Intelligence ,
Bias ,
Colorado ,
Data Protection ,
Disclosure Requirements ,
Machine Learning ,
New Legislation ,
Non-Discrimination Rules ,
Personal Data ,
Regulatory Reform
This episode is part of our Cyber Adviser series, where we discuss emerging issues in the world of privacy and data security.
Today, our lawyers discuss new state consumer health data laws in Connecticut, Nevada, and...more
The FTC published guidance warning companies that “[i]t may be unfair or deceptive for a company to adopt more permissive data practices—for example, to start sharing consumers’ data with third parties or using that data for...more
On November 14, 2023, the Colorado Division of Insurance’s AI insurance regulations went into effect. Colorado is now the first state in the nation to adopt regulations specifically aimed at insurance algorithms....more
The Colorado Department of Law (“DoL”) has published a shortlist of potential universal opt-out mechanisms (“UOOMs”). Beginning on July 1, 2024, companies will be required to allow consumers to opt out of the sale of their...more
On May 28, Texas became the sixth state this year to pass a comprehensive data protection law. Although the Texas Data Privacy and Security Act (“TDPSA”) is largely in line with the Virginia Consumer Data Protection Act and...more
As we have previously posted, it has been an active year on the state privacy law front. Indeed, the number of states with privacy laws is about to nearly double in a matter of months, with Iowa, Indiana, Montana, and...more
On March 15, the Colorado Attorney General’s Office finalized the Colorado Privacy Act regulations. ...more
With Colorado joining California as the only other state with rules implementing a comprehensive privacy law, businesses and practitioners have been anxiously watching to see whether a California-compliant privacy policy...more
2022 proved to be an historic year for privacy and data security. Connecticut and Utah joined the list of states that have now passed comprehensive data privacy laws, bringing the total to five (5) states. For the first...more
On December 21, the Colorado Attorney General released a revised draft of the Colorado Privacy Act Rules....more
In early November, Pennsylvania amended its data breach notification law broadening the definition of personal information. The amendment adds “health insurance information” and “medical information” as data elements that...more
On October 1, 2022, the Colorado Attorney General‘s Office announced that it had submitted the first draft of its Rules implementing the Colorado Privacy Act....more
The August 31 closing of the California legislative session likely marked the end of hopes for an extension of the limited exemptions for employee and business-to-business (B2B) data that have existed for the California...more
Following the lead of California, Colorado, and Virginia, Utah is set to become the fourth state to pass a comprehensive privacy law.
As of March 4, the Utah Consumer Privacy Act (SB 227) cleared both houses of the Utah...more
On January 28, 2022 the Consumer Protection Section of the Colorado Attorney General’s Office issued guidance regarding data security best practices. Businesses subject to the Colorado Privacy Act can look to these best...more