State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
Connecticut has revised its privacy law for the third time since it was passed in 2022. With SB 1295, the state has mirrored others (like Colorado and Montana) in making ongoing changes to its law. Many of the changes...more
As federal privacy enforcement shows signs of slowing, states are aggressively stepping in to fill the void. On July 1, 2025, the California attorney general (AG) announced a $1.55 million settlement with Healthline Media,...more
Connecticut has made changes to its privacy law, including lower thresholds, exemptions updates, new categories of sensitive data, expanded consumer rights, and more....more
On June 25, Connecticut Governor Lamont signed Senator James Maroney’s SB 1295 into law. The bill makes several notable changes to Connecticut’s existing consumer data privacy law, including modifying its applicability...more
This monthly report outlines key developments in China’s data protection sector for June. TC260 Two Cybersecurity Practice Guidelines on Personal Information Protection Compliance Audits: On May 19, 2025, TC260 issued two...more
On June 11, 2025, Connecticut passed Senate Bill 01295 (SB 01295). If signed by the governor, SB 01295 will amend the existing Connecticut Data Privacy Act (CTDPA) in several important ways, with the amendments going into...more
As we progress deeper into the 2025 legislative season, comprehensive privacy law proposals continue to progress through the legislative process. In the weeks since our last update, Kentucky amended its comprehensive data...more
California has again made headlines this week with two notable data privacy developments under the California Consumer Privacy Act (“CCPA”): (1) the California Attorney General’s (“California AG”) announcement of a new...more
In data breach litigation, courts generally find plaintiffs have standing such that their complaints may proceed past the pleading stage when it is alleged that sensitive information was impacted and there is an allegation of...more
On January 22, the New York State Legislature passed Senate Bill S929, titled the New York Health Information Privacy Act (NYHIPA), which is poised to redefine how businesses handle health and wellness-related data in and...more
The Court of Appeal has handed down its judgment in the case of Prismall v Google UK Ltd and DeepMind Technologies Ltd [2024] EWCA Civ 1516. Finding for Google, the Court of Appeal upheld the lower Court’s decision to...more
Businesses need data from consumers, and the sharing and selling of this resource has become quite common. However, you also need to be mindful of the rights of the people whose data you collect, especially their personally...more
Looking forward to 2025, more U.S. states are in line to pass omnibus data protection laws, enforcement of U.S. state data protection laws is likely to increase, and “sensitive data” concepts will similarly grow and take...more
With the onslaught of new privacy, AI and cyber legislation coupled with promises for enforcement and class action litigation, running a well-functioning and flexible privacy and cyber program is increasingly a critical...more
On January 14, the FTC issued a consent order against a company and its subsidiary for allegedly engaging in unfair practices concerning the collection, use and sale of consumer location data in violation of the FTC Act. The...more
Advertising on social media platforms such as Facebook and Instagram is a common marketing strategy for many businesses. Government agencies and consumer advocates have increasingly scrutinized this practice to determine if...more
States continued to pass comprehensive consumer privacy laws throughout 2024. 2025 brings eight new state-level comprehensive consumer privacy laws into effect. As with the five state privacy laws that went into effect in...more
In today's digital landscape, data brokers are like modern-day gold miners, sifting through the intimate details of our lives – our addresses, financial records, Social Security numbers – and quietly turning that information...more
Comprehensive consumer privacy laws continue to hit the desks of governors in states across the country, with nineteen state laws now on the books. Since we wrote our 2023 Round-Up on State Consumer Data Privacy Laws article...more
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
Actions in the last six months of the Brazilian National Data Protection Authority (“ANPD”) suggest that it intends to aggressively enforce the Brazilian Data Protection Law (“LGPD”). The LGPD applies to any entity that...more
Do you know what cookies your company’s website is using? If not, you likely do not know whether your company’s website is honoring users’ data protection choices involving the use of cookies. You should know and care so your...more
The stakes are high for FemTech – as Benjamin Franklin noted: ‘it takes many good deeds to build a good reputation and only one bad one to lose it.’...more
Rhode Island is the latest state to enact consumer privacy legislation. The Rhode Island Transparency and Privacy Protection Act (the "Act"), which passed into law on June 28, 2024, establishes a framework for controlling and...more
As of July 1, three new comprehensive state privacy laws – the Florida Digital Bill of Rights (FDBR), the Oregon Consumer Privacy Act (OCPA), and the Texas Data Privacy and Security Act (TDPSA) – will take effect, joining the...more