On April 4, 2024, Kentucky became the fifteenth state to enact a comprehensive data privacy law, with Governor Andy Beshear signing the Kentucky Consumer Data Protection Act (KCDPA) into law. The Kentucky law will go into...more
6/3/2024
/ Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Fair Credit Reporting Act (FCRA) ,
FERPA ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-In ,
Popular ,
Right of Access ,
Sensitive Personal Information ,
State Data Privacy Laws
In September 2023, Delaware became the seventh state in 2023 to enact comprehensive privacy law with the Delaware Personal Data Privacy Act (DPDPA), joining Indiana, Iowa, Montana, Oregon, Tennessee and Texas. The DPDPA will...more
5/14/2024
/ Consumer Privacy Rights ,
Covered Entities ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Data Security ,
EU ,
Exemptions ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
New Legislation ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
State and Local Government ,
State Privacy Laws
On January 16, 2024, New Jersey became the first state to enact a comprehensive data privacy law in the new year, with Gov. Phil Murphy (D-NJ) signing the New Jersey Privacy Act (NJPA) (SB 332) into law. The New Jersey law...more
2/14/2024
/ Confidential Information ,
Consent ,
Data Collection ,
Data Protection ,
Data Security ,
DPPA ,
EU ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Minors ,
New Jersey ,
Opt-In ,
Opt-Outs ,
Sensitive Personal Information ,
State Privacy Laws ,
Subcontractors
On February 1, 2024, the Federal Trade Commission (FTC) announced that it had reached a proposed settlement with that would require Blackbaud Inc. (“Blackbaud”) to delete personal data it does not need to retain and upgrade...more
2/7/2024
/ Certifications ,
Cyber Attacks ,
Cyber Incident Reporting ,
Data Deletion ,
Data Management ,
Data Protection ,
Data Retention ,
Data Security ,
Federal Trade Commission (FTC) ,
Personal Data ,
Ransomware ,
Settlement ,
Third-Party
On May 11, 2023, Tennessee joined the rapidly growing ranks of U.S. states to enact a comprehensive data privacy law as Gov. Bill Lee (R-TN) signed the Tennessee Information Protection Act (TIPA) into law. Taking effect July...more
In a policy statement released on May 18, 2023, the Federal Trade Commission (FTC) warned of several consumer data privacy risks related to the increasing commercial use of biometrics technologies. The Commission unanimously...more
On June 18, 2023, Texas enacted the Texas Data Privacy and Security Act (TDPSA), joining the rapidly growing list of U.S. states with comprehensive data privacy laws.1 The statute will take effect on July 1, 2024, except for...more
On March 15, 2023, the Colorado Attorney General (AG) finalized its set of regulations implementing the Colorado Privacy Act (CPA) – the Colorado Privacy Act Rules (“Colorado Rules”). The Colorado Rules clarify and expand...more
Growing regulatory action to combat so-called “dark patterns” used in web design to influence consumer choice has resulted in hundreds of millions of dollars in fines, and promises to continue to be an area of enforcement in...more
On February 1, 2023, the Federal Trade Commission (FTC) announced that it had taken enforcement action against prescription drug discount company GoodRx, which agreed to injunctive relief and to pay a $1.5 million civil...more
On November 3, 2022, the California Privacy Protection Agency (CPPA) officially published modifications to the proposed regulations implementing the Consumer Privacy Rights Act (CPRA). These modified proposed regulations...more
With the recent signing of the Utah Consumer Privacy Act (UCPA) by Gov. Spencer J. Cox on March 24, 2022, Utah has become the fourth state to enact a comprehensive law addressing consumer data privacy, joining California,...more
Last week the Biden administration and the European Commission jointly announced a new trans-Atlantic data flow agreement. While no specifics have yet been made public, a recent press release gives the high-level facts of...more
United Kingdom, French and Belgian national security laws (and such laws of other EU Member States) fell under the scrutiny of the Court of Justice of the European Union (CJEU), which on October 6, 2020, ruled on whether such...more
10/14/2020
/ Consumer Privacy Rights ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Electronic Communications ,
EU ,
General Data Protection Regulation (GDPR) ,
Member State ,
National Security ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
UK
On October 1, 2020, the three-month grace period for businesses to comply with the Dubai International Financial Centre (DIFC) Data Protection Law (DIFC Law No. 5 of 2020) (“DPL 2020”) came to an end. Regulating the...more
10/2/2020
/ California Consumer Privacy Act (CCPA) ,
Consent ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Security ,
Data Subjects Rights ,
DIFC ,
Dubai ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Notice Requirements ,
Penalties ,
Personal Data ,
Popular
On Friday, August 14, California’s Office of Administrative Law (OAL) approved the final draft of the Attorney General’s (AG) regulations under the California Consumer Privacy Act (CCPA). Attorney General Xavier Becerra’s...more
8/20/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Subjects Rights ,
Office of Administrative Law ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Private Right of Action ,
Regulatory Requirements ,
State Attorneys General
On May 29, 2019, Nevada’s governor approved a new privacy law, Senate Bill 220 (“SB 220”). SB 220 amends existing state law that requires operators of websites and online services (“Operators”) to post privacy notices on...more
9/12/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Rights ,
Data Security ,
Data Use Policies ,
New Legislation ,
Online Platforms ,
Operators ,
Opt-Outs ,
Permanent Injunctions ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Private Right of Action ,
State Data Privacy Laws ,
Statutory Penalties ,
Third-Party Service Provider ,
Websites
A year ago, on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into force. With its extraterritorial scope and detailed requirements, the GDPR aimed to change the approach to personal data...more
5/31/2019
/ Consent ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Data Subjects Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular ,
Regulatory Oversight ,
Regulatory Standards ,
Telemarketing
The EU General Data Protection Regulation (GDPR), which revised and sought to ensure greater harmonization of the European Union’s data protection framework, took effect in May 2018. Among the changes it introduced was the...more
2/21/2019
/ Cybersecurity ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Data Subjects Rights ,
EU ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
Goods or Services ,
International Data Transfers ,
Proposed Guidance