State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
California regulators unanimously approved a sweeping set of regulations on July 24 governing the use of automated decision-making technology (ADMT) and mandating risk assessments and cybersecurity audits for businesses...more
On June 24, 2025, the Connecticut governor signed into law SB 1295, a bill amending the Connecticut Data Protection Act (CTDPA). The bill will cause CTDPA to reach more entities, more data, and more data processing activities...more
Virginia S.B. 754, now effective, amends the Virginia Consumer Protection Act to prohibit unauthorized collection and disclosure of non-HIPAA reproductive and sexual health information. The law notably includes a broad scope...more
On June 18, 2025, the U.S. Food and Drug Administration (FDA) announced that it will review new clinical trials that involve sending biological samples to “hostile countries,” to prevent exploitation of Americans’ sensitive...more
Protecting sensitive data has never been more important. In a globalized world of advanced cyber threats, sophisticated espionage techniques, and external data monetization, increased security is crucial to safeguard...more
Connecticut has revised its privacy law for the third time since it was passed in 2022. With SB 1295, the state has mirrored others (like Colorado and Montana) in making ongoing changes to its law. Many of the changes...more
On July 23, 2025, Cambodia released a draft of its first ever comprehensive personal data protection law, the Law on Personal Data Protection (“LPDP”). Once passed, Cambodia will join the ranks of seven other countries...more
It’s well-known that China’s data protection laws define sensitive personal information very differently to other jurisdictions. Instead of a closed list of data types, sensitive personal information in China has...more
Online political advertising has become central to modern electoral campaigns. However, the growing lack of transparency, particularly regarding funding, targeting, and data processing practices, raises serious concerns about...more
The U.S. Department of Justice has added a new weapon to its enforcement arsenal, aimed at enhancing its ability to prevent foreign adversaries from accessing and exploiting government related data and sensitive personal data...more
As federal privacy enforcement shows signs of slowing, states are aggressively stepping in to fill the void. On July 1, 2025, the California attorney general (AG) announced a $1.55 million settlement with Healthline Media,...more
After Foley Hoag’s prior updates regarding the chapter 11 bankruptcy cases of 23andMe Holding Co and its affiliated debtors (collectively, “23andMe”), the United States Bankruptcy Court for the Eastern District of Missouri...more
New Jersey officials recently released proposed privacy regulations that would create several new compliance obligations for businesses above and beyond what existing state law and many other state laws require, meaning you...more
Recent enforcement activities in California and Connecticut highlight that states are ready and willing to actively enforce their comprehensive privacy laws. These recent actions – which continue the trend of states ramping...more
On July 1, 2025, California Attorney General Rob Bonta announced a $1.55 million settlement, pending court approval, with Healthline Media, LLC. This settlement is the largest penalty issued to date under the CCPA, as...more
On June 25, 2025, Governor Ned Lamont signed Connecticut Senate Bill 1295 into law. SB 1295 significantly amends the Connecticut Data Privacy Act (CTDPA) by lowering the threshold for applicability, broadening the definition...more
California Attorney General Rob Bonta has settled claims against Healthline Media (Healthline) for violations of the California Privacy Protection Act (CCPA) related to the company's sharing of personal information and...more
The dramatic increase in global reach that the internet provides U.S.-based companies comes as a double edge sword. While it significantly increases a company’s potential customer pool, it also subjects companies to...more
In this Privacy, Cyber & AI Decoded alert, we cover Colorado’s Biometric Identifier Requirements, Delaware’s Data Protection Assessment Requirement, Minnesota’s new comprehensive privacy law going into effect, Tennessee’s...more
The California attorney general’s (AG) July 1, 2025, proposed settlement with Healthline Media LLC (Healthline) marks the third cookie-related California Consumer Privacy Act (CCPA) settlement in as many months (alongside the...more
In a record-setting enforcement action under the California Consumer Privacy Act (CCPA), the California Attorney General (AG) announced a $1.55 million settlement with Healthline Media, a popular online publisher of health...more
On July 1, the California attorney general (CA AG) announced the largest CCPA settlement to date, $1.55 million, and the first settlement against a website publisher, Healthline Media LLC (Healthline)....more
Blank Rome presents a new summer webinar series where our interdisciplinary team will unpack the most pressing legal, regulatory, and policy developments from the Trump Administration’s first 180 days. Each session offers...more
The United States Data Security Program (DSP) represents a significant regulatory undertaking by the US government to control the flow of bulk sensitive data to specific foreign countries, for national security purposes....more
On June 25, 2025, Connecticut Governor Ned Lamont signed into law a major amendment to the state’s comprehensive privacy law (CTDPA), just over three years after signing the CTDPA into law on May 10, 2022 and two years after...more