How Startups Can Comply With Ever-Changing Privacy Laws
Getting Bang for Your Buck: Spend Your 2025 Privacy Budget Wisely
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
The ‘Long Arm’ of CIPA and Its Newfound Pen-Trap Claims
Privacy Litigation Trends: Meta Pixels, Cookie Opt-Out, and Sale of Data
Fashion Counsel: Privacy in the Retail Fashion Industry
Healthcare Privacy Walkthroughs
CF on Cyber: An Update on the Florida Security of Communications Act (FSCA)
NGE On Demand: Privacy Considerations for Remote Work Productivity Monitoring with David Wheeler
I Wish I Knew What I Know Now: Conversations with AGG on FDA Issues - Data Privacy Issues Life Sciences Companies May Encounter
Education Data Privacy and Security Laws: Best Practices for School Districts
Compliance Perspectives: Permissible Disclosures under HIPAA, Especially in the Time of COVID-19
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
BakerHostetler Partner Alan Friel Talks Big Data and Data Collection
IP|Trend: It’s Time to Get to Know the Federal Trade Commission
IP|Trend: Keeping Your Start-Up Compliant
Yul Kwon, Head of @Facebook's Privacy Program & CBS 'Survivor' Winner, Opens Up On @HsuUntied
An Overview of the 2014 Class Action Survey
Recent enforcement activities in California and Connecticut highlight that states are ready and willing to actively enforce their comprehensive privacy laws. These recent actions – which continue the trend of states ramping...more
While website privacy notices are now commonplace – and consumers might only skim them – a recent settlement highlights the importance of staying vigilant about complying with applicable consumer privacy laws. The Connecticut...more
In its first fine for violations of the Connecticut Data Privacy Act (“CDPA”), the state's omnibus data privacy law, the Connecticut Attorney General (“CT AG”) chose to make an example of deficient privacy notices....more
A California bill aimed at curbing the explosion of lawsuits filed against businesses using common website tools like cookies, pixels, and session replay software has stalled out in the 2025 legislative session, meaning your...more
In the recent high-profile civil class action, Frasco v. Flo Health, a California federal court issued a significant ruling partially certifying a nationwide class and California subclass of individuals who used the Flo...more
Startups face many challenges in complying with ever-changing state and federal privacy laws. Procopio Partner and Privacy Officer Elaine Harwell walks startup founders and executives on how to navigate privacy laws and build...more
Montana’s privacy law has received a refresh and updates will go into effect October 1, 2025 – exactly one year since the law took effect. The law was modified with SB 297, and changes include coverage, approach with minors,...more
Keypoint: In this post: (1) Standing may depend on how specific plaintiffs’ complaint is; (2) the 2d Circuit adopts the 3rd and 9th Circuit’s narrower interpretation of PII under the VPPA; (3) Promises in privacy policies not...more
Montana recently amended its privacy law through Senate Bill 297, effective October 1, 2025, strengthening consumer protections and requiring businesses to revisit their privacy policies that apply to citizens of Montana....more
On June 3, 2025, the Connecticut legislature passed a bill amending the Connecticut Data Privacy Act (CTDPA). The amendment introduces a variety of changes, including a broadening of the CTDPA’s applicability, changed...more
On May 8, 2025, Montana Governor Greg Gianforte signed Senate Bill 297 (SB 297) into law, significantly revising the existing Montana Consumer Data Privacy Act (MCDPA). These amendments generally mirror requirements in...more
Online retailer Harriet Carter Gifts recently obtained summary judgment from the district court in a class action under Pennsylvania wiretap law. At the heart of this case is the interpretation and application of the...more
In today’s digital landscape, privacy policies have evolved from obscure legal documents into essential corporate governance tools. As data privacy regulations expand globally, organizations face increasing compliance...more
In a big win for businesses, a California federal court just held that a “tester” plaintiff – someone who visits websites for purposes of initiating litigation – cannot bring a claim under the California Invasion of Privacy...more
As the privacy litigation landscape continues to take shape, search bars have quietly become a Trojan horse in online data collection, carrying new legal theories into the California Invasion of Privacy Act (CIPA) arena. The...more
Oregon Attorney General Dan Rayfield has released a report detailing implementation steps and enforcement actions taken during the first six months of the Oregon Consumer Privacy Act ("OCPA"), which entered into force in July...more
Oregon consumers submitted more than 100 privacy complaints to the state’s justice department within six months of the Oregon Consumer Privacy Act (OCPA) taking effect, and businesses subject to the new law need to take note....more
An oft-discussed topic on this blog is the rise in lawsuits asserting illegal wiretapping claims against companies that use technology on their websites to track consumer interactions. Recently, a Pennsylvania federal judge...more
This week, New York Attorney General Letitia James announced a settlement with app developer Saturn Technologies (Saturn) following an investigation into privacy practices that promised teens an exclusive community but...more
Keypoint: In this post: (1) How a privacy policy can defeat a plaintiff’s “delayed discovery” argument; (2) Two CA state courts reject plaintiffs’ allegations concerning personal jurisdiction; (3) Three courts dismiss PR/TT...more
Businesses operating in California that rely on location tracking – whether for fleet management, employee monitoring, logistics, or marketing – should pay close attention to a bill that would dramatically alter the legal...more
On February 10, 2025, the first class action complaint was filed pursuant to Washington’s MY Health MY Data Act (“MHMDA”), Wash. Rev. Code Ann. § 19.373.005 et seq. See Maxwell v. Amazon.com, Inc. et al., Case No. 2:25-cv-261...more
On the heels of the formation of the House Privacy Working Group, Congressman Brett Guthrie (KY-02), Chairman of the House Committee on Energy and Commerce, and Congressman John Joyce, M.D. (PA-13), Vice Chairman of the House...more
If enacted, the New York Health Information Privacy Act (“NYHIPA”) will be the latest in a series of state privacy laws that regulate health data outside of the traditional health care context. It would follow the passage of...more
Almost every business has a website; every website should have a privacy policy, terms of use, and, in some cases, a consumer privacy rights notice—if certain state consumer privacy rights laws apply to your business, such as...more