State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
Virginia S.B. 754, now effective, amends the Virginia Consumer Protection Act to prohibit unauthorized collection and disclosure of non-HIPAA reproductive and sexual health information. The law notably includes a broad scope...more
Online political advertising has become central to modern electoral campaigns. However, the growing lack of transparency, particularly regarding funding, targeting, and data processing practices, raises serious concerns about...more
After Foley Hoag’s prior updates regarding the chapter 11 bankruptcy cases of 23andMe Holding Co and its affiliated debtors (collectively, “23andMe”), the United States Bankruptcy Court for the Eastern District of Missouri...more
New Jersey officials recently released proposed privacy regulations that would create several new compliance obligations for businesses above and beyond what existing state law and many other state laws require, meaning you...more
In this Privacy, Cyber & AI Decoded alert, we cover Colorado’s Biometric Identifier Requirements, Delaware’s Data Protection Assessment Requirement, Minnesota’s new comprehensive privacy law going into effect, Tennessee’s...more
On June 25, 2025, Connecticut Governor Ned Lamont signed into law a major amendment to the state’s comprehensive privacy law (CTDPA), just over three years after signing the CTDPA into law on May 10, 2022 and two years after...more
The State Administration for Market Regulation and the Standardization Administration of China have jointly issued a new national standard applicable to companies conducting business in China, GB/T 45574-2025, Data Security...more
Over the last quarter century, the boundaries of privacy have shifted dramatically. Once considered private, vast amounts of personal information about individuals – names, addresses, medical records, spending habits – have...more
Welcome to our new series, the March Privacy Forecast. In this weekly series, during the month of March, we will delve into the evolving landscape of data privacy, explore new laws, proposed legislation and enforcement...more
Over the last several years, litigation (often class actions) premised on the use of technology like session-replay products, web beacons, pixels, and cookies has proliferated. Typical theories include plaintiffs claiming...more
On January 03, 2025, the government released the much awaited draft Digital Personal Data Protection Rules, 2025, (Draft Rules / Rules) for public consultation and invited stakeholder feedback by February 18, 2025 (access the...more
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
On September 24, 2024, the State Council released the Regulations on the Management of Network Data Security (《网络数据安全管理条例》) (“Regulations”). The Regulations focus on prominent issues related to Personal Information (PI),...more
As January 2025 privacy strategy planning ramps up this fall, our Privacy, Security, & Artificial Intelligence team has put together a planning alert for 2024–2025. In this installment, we review the following nine state...more
While the definition of sensitive personal information in China has always been different to other jurisdictions, with a focus on risk of harm at its heart, new draft guidance should make it easier for organisations to map...more
As of July 1, three new comprehensive state privacy laws – the Florida Digital Bill of Rights (FDBR), the Oregon Consumer Privacy Act (OCPA), and the Texas Data Privacy and Security Act (TDPSA) – will take effect, joining the...more
On July 1, 2024, Florida, Oregon, and Texas will join California, Colorado, Connecticut, Utah, and Virginia by adding privacy laws governing the collection, use, and transfer of consumer personal data. Montana will follow...more
The Federal Trade Commission (FTC) has assumed the authority to enforce unauthorized data disclosures under the Federal Trade Commission Act (FTC Act). During the past three weeks, the FTC has used this authority to go after...more
Introduction - Data protection is being driven by rapid technological advances and the increasing digitalization of society. Data protection legislation in Portugal is aligned with European Union law, in particular with...more
The Federal Communications Commission (FCC) has announced that it has levied almost $200 million in fines against “the nation’s largest wireless carriers for illegally sharing access to customers’ location information without...more
Introduction - The General Data Protection Regulation (Regulation (EU) 2016/679) is the EU regulation which is directly applicable in all member states of the EU, including the Czech Republic, as of 25 May 2018. The new...more
Introduction - The Brazilian General Data Protection Law (“LGPD”), enacted in 2018 and enforced since 2020, serves as the cornerstone of the country's data protection framework. Its primary objective is to ensure the...more
In Argentina, data protection is governed by comprehensive legislation aimed at safeguarding individuals' personal data. Below you will find an outline of the key aspects including governing legislation, exploring their scope...more
On April 4, 2024, Kentucky joined the rapidly growing number of states adopting a comprehensive data privacy law, when Governor Andy Beshear signed, the Kentucky Consumer Data Protection Act ("Kentucky CDPA"). The law will...more
The amended version of the bill—which itself amends Colorado’s Privacy Act—now heads for final passage and governor signature. The Colorado state legislature is close to final passage of the “Act Concerning Protection the...more