State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
As an attorney focused on technology transactions and counseling, I approach new technologies with both curiosity and caution. Like many lawyers, I tend to be skeptical until I fully understand how something works....more
Connecticut has revised its privacy law for the third time since it was passed in 2022. With SB 1295, the state has mirrored others (like Colorado and Montana) in making ongoing changes to its law. Many of the changes...more
On July 23, 2025, Cambodia released a draft of its first ever comprehensive personal data protection law, the Law on Personal Data Protection (“LPDP”). Once passed, Cambodia will join the ranks of seven other countries...more
It’s well-known that China’s data protection laws define sensitive personal information very differently to other jurisdictions. Instead of a closed list of data types, sensitive personal information in China has...more
As federal privacy enforcement shows signs of slowing, states are aggressively stepping in to fill the void. On July 1, 2025, the California attorney general (AG) announced a $1.55 million settlement with Healthline Media,...more
Connecticut has made changes to its privacy law, including lower thresholds, exemptions updates, new categories of sensitive data, expanded consumer rights, and more....more
This monthly report outlines key developments in China’s data protection sector for June. TC260 Two Cybersecurity Practice Guidelines on Personal Information Protection Compliance Audits: On May 19, 2025, TC260 issued two...more
Kilpatrick’s Tony Glosson recently spoke at the German Accelerator New York City Cohort during the organization’s “Immersion Week.” He discussed recent developments in the ever-evolving legal landscape of U.S. data...more
Key Takeaways: On December 28, 2024, education technology company PowerSchool disclosed a cybersecurity breach impacting 62 million students and 9.5 million educators across the globe. The intrusion, which began on December...more
As we progress deeper into the 2025 legislative season, comprehensive privacy law proposals continue to progress through the legislative process. In the weeks since our last update, Kentucky amended its comprehensive data...more
U.S. companies and organizations have entered a new era of sweeping restrictions on cross-border data transfers. The Department of Justice's (DOJ) Final Rule, "Preventing Access to U.S. Sensitive Personal Data and...more
California has again made headlines this week with two notable data privacy developments under the California Consumer Privacy Act (“CCPA”): (1) the California Attorney General’s (“California AG”) announcement of a new...more
With 13 comprehensive state privacy laws already in effect, the state privacy law landscape is complex. While there are several common threads throughout many of these frameworks that can allow companies to implement a...more
Over the last quarter century, the boundaries of privacy have shifted dramatically. Once considered private, vast amounts of personal information about individuals – names, addresses, medical records, spending habits – have...more
In data breach litigation, courts generally find plaintiffs have standing such that their complaints may proceed past the pleading stage when it is alleged that sensitive information was impacted and there is an allegation of...more
Welcome to our new series, the March Privacy Forecast. In this weekly series, during the month of March, we will delve into the evolving landscape of data privacy, explore new laws, proposed legislation and enforcement...more
According to a highly critical article recently published by TechCrunch, the Department of Government Efficiency (DOGE), President Trump’s advisory board headed by Elon Musk, has “taken control of top federal departments and...more
On January 22, the New York State Legislature passed Senate Bill S929, titled the New York Health Information Privacy Act (NYHIPA), which is poised to redefine how businesses handle health and wellness-related data in and...more
The Court of Appeal has handed down its judgment in the case of Prismall v Google UK Ltd and DeepMind Technologies Ltd [2024] EWCA Civ 1516. Finding for Google, the Court of Appeal upheld the lower Court’s decision to...more
Businesses need data from consumers, and the sharing and selling of this resource has become quite common. However, you also need to be mindful of the rights of the people whose data you collect, especially their personally...more
Looking forward to 2025, more U.S. states are in line to pass omnibus data protection laws, enforcement of U.S. state data protection laws is likely to increase, and “sensitive data” concepts will similarly grow and take...more
With the onslaught of new privacy, AI and cyber legislation coupled with promises for enforcement and class action litigation, running a well-functioning and flexible privacy and cyber program is increasingly a critical...more
On January 03, 2025, the government released the much awaited draft Digital Personal Data Protection Rules, 2025, (Draft Rules / Rules) for public consultation and invited stakeholder feedback by February 18, 2025 (access the...more
Advertising on social media platforms such as Facebook and Instagram is a common marketing strategy for many businesses. Government agencies and consumer advocates have increasingly scrutinized this practice to determine if...more
On January 8, 2025, the Department of Justice (DOJ) published in the Federal Register a Final Rule, "Preventing Access to U.S. Sensitive Personal Data and Government Related Data by Countries of Concern or Covered Persons,"...more