State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
On July 1, 2025, California Attorney General Rob Bonta announced the largest CCPA settlement to date, which included a $1.55 million penalty against Healthline Media LLC. This settlement sends a clear message to businesses...more
California regulators unanimously approved a sweeping set of regulations on July 24 governing the use of automated decision-making technology (ADMT) and mandating risk assessments and cybersecurity audits for businesses...more
As federal privacy enforcement shows signs of slowing, states are aggressively stepping in to fill the void. On July 1, 2025, the California attorney general (AG) announced a $1.55 million settlement with Healthline Media,...more
Recent enforcement activities in California and Connecticut highlight that states are ready and willing to actively enforce their comprehensive privacy laws. These recent actions – which continue the trend of states ramping...more
On June 25, Connecticut Governor Lamont signed Senator James Maroney’s SB 1295 into law. The bill makes several notable changes to Connecticut’s existing consumer data privacy law, including modifying its applicability...more
A pair of recent enforcement actions by the California Privacy Protection Agency (CPPA) unveiled the agency’s latest enforcement priorities for business-to-consumer companies. In March 2025, the CPPA announced a settlement...more
Does your state have its own version of the TCPA? Yes. California has what is known as the California Consumer Privacy Act of 2018, which is located in sections 1798.100 to 1798.199.100 of the California Civil Code. The...more
On March 10, California Attorney General (AG) Rob Bonta announced an investigative sweep of the location data industry for potential noncompliance with the California Consumer Privacy Act (CCPA)....more
A new California investigative sweep into the location data industry focuses on whether businesses have violated state law relating to the consumers’ right to limit how their personal information – including their geolocation...more
On March 10, California Attorney General (AG) Rob Bonta launched an investigation into the location data industry, issuing letters to companies that the AG alleged “appear to be in violation of the California Consumer Privacy...more
California has again made headlines this week with two notable data privacy developments under the California Consumer Privacy Act (“CCPA”): (1) the California Attorney General’s (“California AG”) announcement of a new...more
The California Privacy Protection Agency (CPPA) the agency responsible for implementing and enforcing the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) (collectively the CCPA), protecting...more
Over the last several years, litigation (often class actions) premised on the use of technology like session-replay products, web beacons, pixels, and cookies has proliferated. Typical theories include plaintiffs claiming...more
Businesses need data from consumers, and the sharing and selling of this resource has become quite common. However, you also need to be mindful of the rights of the people whose data you collect, especially their personally...more
States continued to pass comprehensive consumer privacy laws throughout 2024. 2025 brings eight new state-level comprehensive consumer privacy laws into effect. As with the five state privacy laws that went into effect in...more
California is set to amend the California Consumer Privacy Act of 2018 (CCPA) with two recent amendments that have been signed into law. Assembly Bill (AB 1008) and Senate Bill 1223 (SB 1223) aim to clarify how the law...more
Do you know what cookies your company’s website is using? If not, you likely do not know whether your company’s website is honoring users’ data protection choices involving the use of cookies. You should know and care so your...more
On August 31, the California assembly passed SB1223, which amends the CCPA/CPRA to include “neural data” as a type of sensitive data. SB1223, which is likely to become law, defines “neural data” as “information that is...more
Recent U.S. developments indicate a growing focus on regulating and investigating the data privacy practices of companies in the automotive sector. The Federal Trade Commission (FTC) recently highlighted in a blog post its...more
California has a long history of protecting privacy rights. Article I, Section 1, of the California Constitution expressly provides a right of privacy. Recently, the focus has been on compliance with the California Consumer...more
The state of California is on the verge of amending its current data broker law with Senate Bill 362, also known as the Delete Act (“the Act”). The Act passed in the Assembly’s Committee on Privacy and Consumer Protection and...more
Texas, long lauded as one of the most “business-friendly” states, has passed a comprehensive privacy law that will bring new regulations to consumer personal data. The new Texas Data Privacy and Security Act (“TDPSA”), H.B....more
March wrapped up with several significant state privacy developments. First, on March 28, Iowa Governor Kim Reynolds signed Senate File 262 (SF 262) into law, making Iowa the sixth state to adopt comprehensive data privacy...more
The year 2023 will continue to have cybersecurity and data privacy front of mind for General Counsels. With sweeping new US and global laws and regulations coming online and the California Privacy Protection Agency (CPPA)...more
The Colorado Department of Law filed a set of proposed rules to implement the Colorado Privacy Act (Draft CO Rules) on Sept. 29, 2022, foreshadowing additional compliance obligations that businesses will have to strive to...more