In the run-up to this Friday’s December Board meeting, the California Privacy Protection Agency (CPPA or the “Agency”) has continued its recent flurry of regulatory activity. Late last week, the CPPA published an additional...more
12/7/2023
/ Audits ,
Automated Decision Systems (ADS) ,
Automated Systems ,
Board Meetings ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Subject Access Requests ,
Insurance Industry ,
Mobile Apps ,
Opt-Outs ,
Popular ,
Proposed Regulation ,
Risk Assessment ,
Sensitive Personal Information
In advance of the California Privacy Protection Agency’s (CPPA) December 8 Board meeting, the Agency has published new draft automated decisionmaking technology (ADMT) regulations, as well as revisions to draft regulations on...more
12/1/2023
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Machine Learning ,
Notice Requirements ,
Opt-Outs ,
Personal Information ,
Right of Access ,
Risk Assessment
On November 3, a federal court in the District of Idaho unsealed an amended complaint that the Federal Trade Commission (FTC) had filed in June 2023 against Kochava. The complaint alleges that Kochava engaged in unfair acts...more
On October 15, the Utah Department of Commerce’s Consumer Protection Division published a Proposed Rule implementing elements of the Utah Social Media Regulation Act (SMRA), which was signed into law in March 2023....more
On Friday, September 8, the California Privacy Protection Agency (CPPA) held a public board meeting. The primary topic of discussion at this meeting was the Agency’s draft regulations on cybersecurity audits and risk...more
9/19/2023
/ Artificial Intelligence ,
Auditors ,
Audits ,
Board Meetings ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Brokers ,
Proposed Regulation ,
Public Meetings ,
Risk Assessment
On July 14, the California Privacy Protection Agency (CPPA or the “Board”) hosted a meeting to discuss key issues. Notably, the Board’s New CPRA Rules Subcommittee (“the Subcommittee”) previewed three areas of forthcoming...more
8/9/2023
/ Advisory Board ,
Artificial Intelligence ,
Audits ,
Automation Systems ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Machine Learning ,
Personal Data ,
Personal Information ,
Proposed Regulation ,
Risk Assessment
Over the past year, the Federal Trade Commission (FTC) has emerged as a leading actor in the health privacy enforcement space, spearheading enforcement actions, policy statements, and regulatory changes all aimed at...more
8/7/2023
/ Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Authority ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Personal Information ,
PHI ,
Privacy Laws
On June 28, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a settlement (resolution agreement and corrective action plan) with iHealth Solutions (also known as Advantum Health)...more
7/21/2023
/ Compliance ,
Corrective Action Plans (CAPs) ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
OCR ,
PHI ,
Policies and Procedures ,
Popular ,
Risk Assessment ,
Risk Management ,
Settlement
On June 27, the Federal Trade Commission (FTC) announced an enforcement action against Publishers Clearing House (PCH) in connection with the company’s long-running sweepstakes promotions. Though the FTC’s complaint alleges a...more
7/18/2023
/ Advertising ,
CAN-SPAM Act ,
Consumer Privacy Rights ,
Contests & Promotions ,
Data Collection ,
Data-Sharing ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Misrepresentation ,
Personal Data ,
Privacy Policy ,
Sweepstakes ,
Targeted Digital Advertising
On June 30, the Sacramento County Superior Court issued a ruling that will delay enforcement of regulations issued pursuant to the California Privacy Rights Act (CPRA) to March 29, 2024. These regulations were originally...more
7/11/2023
/ Audits ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Chamber of Commerce ,
Compliance Dates ,
Covered Entities ,
Enforcement ,
Grace Period ,
Risk Assessment ,
State Privacy Laws ,
Statutory Requirements ,
Time Extensions
On June 16, the Federal Trade Commission (FTC) announced an enforcement action against 1Health.io Inc. (“1Health,” also known as Vitagene, Inc.), a genetic testing company that analyzes consumer-provided DNA samples and uses...more
6/30/2023
/ Consent Order ,
Data Protection ,
Data Security ,
DNA ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Genetic Materials ,
Genetic Testing ,
Privacy Policy ,
Section 5 ,
Sensitive Personal Information ,
Unfair or Deceptive Trade Practices
On June 5, the Nevada state legislature passed an amended version of Senate Bill 370 (“SB 370”), a bill imposing new requirements on the collection, use, and sale of consumer health data. The bill has been delivered to...more
As we move into the summer months, state comprehensive privacy law developments continue to steadily emerge. Most notably, in the weeks since our last update, the Texas legislature passed the Texas Data Privacy and Security...more
On June 2, the Connecticut state legislature passed an amended version of Senate Bill 3 (“SB 3”), a bill containing provisions imposing new requirements related to consumer health data and children’s online protection. The...more
On May 31, the Federal Trade Commission (FTC or Commission) announced two separate enforcement actions against Amazon—one involving its cloud-based voice service, Alexa, and the other involving Ring, its smart doorbell...more
6/7/2023
/ ALEXA ,
Amazon ,
Artificial Intelligence ,
Biometric Information ,
Consumer Privacy Rights ,
COPPA ,
Corporate Counsel ,
Cybersecurity ,
Data Deletion ,
Data Privacy ,
Deceptive Intent ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Personal Data ,
Popular ,
Settlement ,
Unfair or Deceptive Trade Practices
The weeks since our last update have seen continued developments in the state comprehensive privacy law arena. Bills passed by the Indiana, Tennessee, and Montana legislatures were officially signed into law by those states’...more
On May 4, the Florida House passed an amended version of SB 262, a bill establishing the Florida Digital Bill of Rights. The bill now moves to Governor Ron DeSantis’s desk for signature. ...more
This legislative session has been marked by the continuing growth of the nation’s patchwork of state comprehensive privacy laws, and the weeks since our last update have been no exception. April saw state legislatures in...more
On Friday, April 21, the Montana and Tennessee state legislatures approved comprehensive privacy law proposals. In Montana, the state senate passed an amended version of the Montana Consumer Data Privacy Act (SB 384) in a...more
On Monday, April 17, the Washington House passed an amended version of the My Health My Data Act (HB 1155) (the “Act”), a bill that would impose sweeping new requirements on the collection, processing, and sale of consumer...more
The past two weeks have seen continued progress on proposed comprehensive privacy legislation across multiple states. Most notably, on March 28, Iowa Governor Kim Reynolds signed SF 262 into law, officially making Iowa the...more
On Wednesday, March 15, the Consumer Financial Protection Bureau (CFPB) announced an inquiry into data brokers, issuing a “Request for Information Regarding Data Brokers and Other Business Practices Involving the Collection...more
The state comprehensive privacy law legislative process has officially kicked into high gear. Of course, the primary development since our last update is Iowa’s passage of SF 262, which positions Iowa to become the sixth...more
On Wednesday, March 15, the Colorado Attorney General’s Office announced the finalization of the Colorado Privacy Act Rules (“Rules”). The Rules implement the Colorado Privacy Act (CPA), a comprehensive privacy law enacted in...more
On Wednesday, March 15, the Iowa House passed Senate File 262 (SF 262), a comprehensive state privacy law similar to the ones that are already in effect in five US states. The bill had previously passed the Senate on March 6,...more