State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
As an attorney focused on technology transactions and counseling, I approach new technologies with both curiosity and caution. Like many lawyers, I tend to be skeptical until I fully understand how something works....more
The U.S. Department of Justice has added a new weapon to its enforcement arsenal, aimed at enhancing its ability to prevent foreign adversaries from accessing and exploiting government related data and sensitive personal data...more
As federal privacy enforcement shows signs of slowing, states are aggressively stepping in to fill the void. On July 1, 2025, the California attorney general (AG) announced a $1.55 million settlement with Healthline Media,...more
Recent enforcement activities in California and Connecticut highlight that states are ready and willing to actively enforce their comprehensive privacy laws. These recent actions – which continue the trend of states ramping...more
California Attorney General Rob Bonta has settled claims against Healthline Media (Healthline) for violations of the California Privacy Protection Act (CCPA) related to the company's sharing of personal information and...more
The dramatic increase in global reach that the internet provides U.S.-based companies comes as a double edge sword. While it significantly increases a company’s potential customer pool, it also subjects companies to...more
The California attorney general’s (AG) July 1, 2025, proposed settlement with Healthline Media LLC (Healthline) marks the third cookie-related California Consumer Privacy Act (CCPA) settlement in as many months (alongside the...more
Blank Rome presents a new summer webinar series where our interdisciplinary team will unpack the most pressing legal, regulatory, and policy developments from the Trump Administration’s first 180 days. Each session offers...more
U.S. companies are running out of time to comply with a sweeping new Department of Justice (DOJ) rule that limits sharing sensitive personal data with certain foreign countries—including China, Russia, and Iran. With a hard...more
Health Insurance Portability and Accountability Act (HIPAA)-covered entities and business associates should be familiar with restrictions on the use or disclosure of protected health information (PHI) under HIPAA rules....more
While the US federal government is largely scaling back its rulemaking and compliance efforts, one critical exception is where personal data and technology intersect with national security. Exemplifying this trend, on April...more
The guide outlines the requirements of a newly implemented Data Security Program designed to prevent China, Russia and other foreign adversaries designated by the U.S. Department of Justice from accessing American’s sensitive...more
IAPP’s Global Privacy Summit kicked off on April 22 with keynote remarks from Federal Trade Commission (FTC) Commissioner Melissa Holyoak, who highlighted her top priorities for privacy enforcement and the digital economy. ...more
In a Press Release issued April 11, 2025, the U.S. Department of Justice (“DOJ”) indicated that it would prioritize “facilitating compliance” over civil enforcement actions for the first 90 days of its new US-China data...more
On April 11, 2025, the Department of Justice (“DOJ”) released additional detail regarding the Final Rule implementing former President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal...more
DOJ rule to implement Executive Order 14117, which restricts the exchange of sensitive personal data with certain “countries of concern,” took effect April 8. The order, which was issued under the prior administration,...more
A new California investigative sweep into the location data industry focuses on whether businesses have violated state law relating to the consumers’ right to limit how their personal information – including their geolocation...more
As we progress deeper into the 2025 legislative season, comprehensive privacy law proposals continue to progress through the legislative process. In the weeks since our last update, Kentucky amended its comprehensive data...more
The New York State Department of Financial Services recently announced that it has entered into a consent order with PayPal, Inc. for violations of the NYDFS Cybersecurity Regulation. The consent order, under which PayPal has...more
On January 23, 2025, PayPal settled an enforcement action brought by the New York State Department of Financial Services (NY DFS) for failing to comply with cybersecurity regulations required for financial services businesses...more
The Department of Justice (“DOJ”) published its final regulations on “Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons” (the “Final Rule”). The Final...more
On December 3, 2024, the Federal Trade Commission (FTC) announced two enforcement actions against large data aggregator companies, Mobilewalla, Inc. (“Mobilewalla”) and Gravy Analytics Inc. (“Gravy Analytics”), for alleged...more
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
The Federal Communications Commission (FCC) has announced that it has levied almost $200 million in fines against “the nation’s largest wireless carriers for illegally sharing access to customers’ location information without...more
In May of 2022, Connecticut joined a growing list of U.S. states passing privacy regulations when it signed the Connecticut Data Privacy Act (CTDPA) into law. The CTDPA officially went into effect in July 2023. On...more