State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
California regulators unanimously approved a sweeping set of regulations on July 24 governing the use of automated decision-making technology (ADMT) and mandating risk assessments and cybersecurity audits for businesses...more
It’s well-known that China’s data protection laws define sensitive personal information very differently to other jurisdictions. Instead of a closed list of data types, sensitive personal information in China has...more
After Foley Hoag’s prior updates regarding the chapter 11 bankruptcy cases of 23andMe Holding Co and its affiliated debtors (collectively, “23andMe”), the United States Bankruptcy Court for the Eastern District of Missouri...more
On July 1, 2025, California Attorney General Rob Bonta announced a $1.55 million settlement, pending court approval, with Healthline Media, LLC. This settlement is the largest penalty issued to date under the CCPA, as...more
California Attorney General Rob Bonta has settled claims against Healthline Media (Healthline) for violations of the California Privacy Protection Act (CCPA) related to the company's sharing of personal information and...more
Connecticut has made changes to its privacy law, including lower thresholds, exemptions updates, new categories of sensitive data, expanded consumer rights, and more....more
Five new state privacy laws took effect in January 2025—Delaware (DPDPA), Iowa (ICDPA), Nebraska (NDPA), New Hampshire (NHPA), and New Jersey (NJDPA)—adding to the compliance maze for businesses operating across state lines....more
This monthly report outlines key developments in China’s data protection sector for June. TC260 Two Cybersecurity Practice Guidelines on Personal Information Protection Compliance Audits: On May 19, 2025, TC260 issued two...more
What do a global sportswear giant and a prestigious medical center have in common? Apparently, a shared struggle defending data breach lawsuits for breaches of sensitive personal information caused by third-party vendors....more
A pair of recent enforcement actions by the California Privacy Protection Agency (CPPA) unveiled the agency’s latest enforcement priorities for business-to-consumer companies. In March 2025, the CPPA announced a settlement...more
Does your state have its own version of the TCPA? Yes. California has what is known as the California Consumer Privacy Act of 2018, which is located in sections 1798.100 to 1798.199.100 of the California Civil Code. The...more
As summer approaches, three new state comprehensive privacy laws are poised to take effect, raising the number of states with effective comprehensive privacy legislation in the US to sixteen (with more to come in 2026). The...more
The California Consumer Privacy Protection Agency (CPPA) Board has issued a Stipulated Final Order against Todd Snyder, Inc., a clothing retailer, ordering Todd Snyder to pay a $345,178 fine and implement various changes to...more
Le 26 mars 2025, le Commissariat à la protection de la vie privée du Canada (le « CPVP ») a déployé, à l’intention des organisations, un outil d’autoévaluation du risque réel de préjudice grave à la vie privée (l’« outil »)....more
23andMe, a pioneer in the DNA testing kit industry, announced that it has filed for Chapter 11 bankruptcy protection and recently asked to select an independent customer data representative regarding any sale of user data....more
Oregon Attorney General Dan Rayfield has released a report detailing implementation steps and enforcement actions taken during the first six months of the Oregon Consumer Privacy Act ("OCPA"), which entered into force in July...more
On April 8, 2025, a sweeping rule issued by the US Department of Justice (DOJ) will take effect. The rule imposes restrictions—and in some cases, outright prohibitions—on US companies in connection with certain types of data...more
In the ongoing saga of the 23andMe bankruptcy, Federal Trade Commission Chairman Andrew N. Ferguson recently sent a letter to the Trustee overseeing the 23andMe bankruptcy proceeding stating, “As Chairman of the Federal Trade...more
On March 20, President Trump signed an Executive Order titled Stopping Waste, Fraud, and Abuse by Eliminating Information Silos, which calls for federal officials “to have full and prompt access to all unclassified agency...more
Genetic testing company 23andMe has filed for Chapter 11 bankruptcy protection, and its CEO has resigned. It is seeking to sell “substantially all of its assets” through a reorganization plan that will have to be approved by...more
In data breach litigation, courts generally find plaintiffs have standing such that their complaints may proceed past the pleading stage when it is alleged that sensitive information was impacted and there is an allegation of...more
In April 2024, the IRS sent notices informing more than 70,000 taxpayers that their tax and personal data had been stolen in 2019 by a former IRS contractor, Charles Littlejohn. Littlejohn not only stole the data of hundreds...more
States continued to pass comprehensive consumer privacy laws throughout 2024. 2025 brings eight new state-level comprehensive consumer privacy laws into effect. As with the five state privacy laws that went into effect in...more
The Federal Trade Commission (FTC) announced two significant enforcement actions last week – one against data broker Mobilewalla, Inc. and the other against data analytics provider Gravy Analytics, Inc. (and its subsidiary...more
The Office of the Australian Information Commissioner recently issued practical guidance on how to deploy tracking technologies (pixels) in a privacy compliant manner under the Australian Privacy Law....more