State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
California regulators unanimously approved a sweeping set of regulations on July 24 governing the use of automated decision-making technology (ADMT) and mandating risk assessments and cybersecurity audits for businesses...more
On July 1, 2025, California Attorney General Rob Bonta announced a $1.55 million settlement, pending court approval, with Healthline Media, LLC. This settlement is the largest penalty issued to date under the CCPA, as...more
A pair of recent enforcement actions by the California Privacy Protection Agency (CPPA) unveiled the agency’s latest enforcement priorities for business-to-consumer companies. In March 2025, the CPPA announced a settlement...more
Does your state have its own version of the TCPA? Yes. California has what is known as the California Consumer Privacy Act of 2018, which is located in sections 1798.100 to 1798.199.100 of the California Civil Code. The...more
The California Consumer Privacy Protection Agency (CPPA) Board has issued a Stipulated Final Order against Todd Snyder, Inc., a clothing retailer, ordering Todd Snyder to pay a $345,178 fine and implement various changes to...more
States continued to pass comprehensive consumer privacy laws throughout 2024. 2025 brings eight new state-level comprehensive consumer privacy laws into effect. As with the five state privacy laws that went into effect in...more
California has a long history of protecting privacy rights. Article I, Section 1, of the California Constitution expressly provides a right of privacy. Recently, the focus has been on compliance with the California Consumer...more
In December, the California Privacy Protection Agency (CPPA) published revised draft regulations on risk assessments required under the California Privacy Rights Act (CPRA). Under prior draft regulations, the CPPA will...more
Texas, long lauded as one of the most “business-friendly” states, has passed a comprehensive privacy law that will bring new regulations to consumer personal data. The new Texas Data Privacy and Security Act (“TDPSA”), H.B....more
March wrapped up with several significant state privacy developments. First, on March 28, Iowa Governor Kim Reynolds signed Senate File 262 (SF 262) into law, making Iowa the sixth state to adopt comprehensive data privacy...more
The year 2023 will continue to have cybersecurity and data privacy front of mind for General Counsels. With sweeping new US and global laws and regulations coming online and the California Privacy Protection Agency (CPPA)...more
The concept of Sensitive Personal Information (SPI) has made its way into new and emerging US privacy laws. The usual challenges associated with a novel privacy obligation certainly apply to Sensitive Personal Information,...more
In a groundbreaking decision, the Federal Trade Commission (FTC) announced it was diagnosing GoodRx’s use of tracking pixel codes and analytics, its digital strategy, as not only an unfair or deceptive act or abusive practice...more
The California Privacy Rights Act will go into full effect on January 1. The CPRA is commonly referred to as a “new” act, but is actually an add-on/modification to the California Consumer Privacy Act of 2018, which has been...more
The amended California Consumer Privacy Act (CCPA), sometimes referred to as the California Privacy Rights Act (CPRA) or Proposition 24, takes effect on January 1, 2023 – and introduces new consumer rights, while...more
The so-called “HR exemption” taking employee and applicant personal information out of the control of the California Consumer Privacy Act (CCPA) is about to come to an end. Employers who are “businesses” for purposes of the...more
Following the passage of the California Privacy Rights Act (CPRA), for the past two years, employers have been partially exempt from many of the California Consumer Privacy Act's (CCPA) mandates pertaining to applicants,...more
The compliance date for the California Privacy Rights Act (CPRA) is January 1, 2023. There are significant changes from the current law, the California Consumer Privacy Act (CCPA), including the following...more
The California Consumer Privacy Act (CCPA) took effect on January 1, 2020, instituting requirements on certain businesses processing personal information about California consumers. Businesses subject to the law currently...more
The Massachusetts Information Privacy and Security Act (MIPSA) continues to advance through the state legislative process, and is now before the full legislature. While the Act has several hurdles to clear before becoming...more
Keypoint: The CPRA, CPA, and VCDPA’s definitions of “publicly available information” are broader than the CCPA’s definition, thereby expanding the types of personal information companies may process outside the confines of...more
In the last year, we continued to see a shift in the privacy landscape of the United States, including the passage of comprehensive privacy legislation in both Virginia and Colorado, while other states still have bills under...more
On November 3, 2020, California voters approved Proposition 24, a ballot initiative which enacted the California Privacy Rights Act (“CPRA”). The CPRA amends the California Consumer Privacy Act (“CCPA”), the most sweeping...more
Starting in January of 2023, businesses subject to California Privacy Rights Act (CPRA), may be required to publish the retention periods for all categories of personal and sensitive information they collect, manage, store,...more
Californians voted to enact the California Privacy Rights Act (“CPRA”) almost one year ago. Last week, Governor Gavin Newsom signed three new privacy bills into law....more