Just as businesses are preparing to ensure compliance with similar laws in California, Colorado, and Virginia, they soon will need to consider a fourth jurisdiction, Utah. On March 24, 2022, Governor Spencer Cox signed a measure enacting the Utah Consumer Privacy Act (UCPA). The UCPA is set to take effect December 31, 2023. Note,
Massachusetts Legislature Evaluates Its Own Comprehensive Consumer Privacy Law
The Massachusetts Information Privacy and Security Act (MIPSA) continues to advance through the state legislative process, and is now before the full legislature. While the Act has several hurdles to clear before becoming law, its notable for two reasons. First, the comprehensive nature of the MIPSA exemplifies the direction state data protection laws are heading
CCPA at the Two-Year Mark
The CCPA has reached the two-year mark. This is a good time for businesses to review the success of their compliance programs, recalibrate for the CCPA’s third year, and gear up for the CPRA’s January 1, 2023 effective date.
Here are a few suggestions:
- Privacy Policies. The CCPA requires a business to update the
Health App Alert: FTC Expands Scope Health Breach Notification Rule
The Federal Trade Commission (“FTC”) recently issued an important policy statement to health apps and other connected devices that collect or use consumers’ health information. The FTC’s policy statement effectively clarified the position that health apps and related connected devices are subject to the Health Breach Notification Rule (“the Rule”), which requires vendors of personal
Illinois Panel Issues Important Ruling on BIPA Statute of Limitations
On September 17, 2021, a three-judge panel of the Illinois Appellate Court for the First Judicial District issued a long-awaited decision regarding the statute of limitations for claims under the state’s Biometric Information Privacy Act (“BIPA”) in Tims v. Black Horse Carriers, Inc. The Tims decision marks the first appellate guidance regarding this issue. Although
The Key to NYC and Other Cities’ COVID-19 Vaccine Proof Mandates, and Potential Privacy Issues
Cities step up their efforts to combat the COVID-19 Delta variant. New York City, New Orleans, and San Francisco have all announced requirements for certain persons to produce evidence of COVID vaccination status in order to patronize or work indoors at certain establishments. Adding to an already complex patchwork of COVID-related regulation –
Colorado Becomes Third State To Enact a Comprehensive Privacy Law
Colorado is officially the third U.S. state to enact comprehensive privacy legislation, following California and Virginia. The Colorado General Assembly passed the Colorado Privacy Act (CPA), Senate Bill 21-109, on June 8, 2021, and Governor Jared Polis signed it into law on July 7, 2021.
The Colorado Privacy Act takes effect July 1,
Texas Joins Other States with New Texas Data Breach Notification Requirement: Is This a New Trend?
The Texas Legislature, which meets every other year, pushed a change to its data breach notification law at the end of the session in late May, and yesterday Governor Greg Abbott signed the bill into law. It follows a growing trend of changes to privacy and cybersecurity laws at the state level.
Texas House Bill
The New EU Standard Contractual Clauses
The EU Commission is expected to adopt the long awaited updated Standard Contractual Clauses (“SCCs”) on June 4, 2021. In the wake of the Schrems II decision invalidating the EU-U.S. Privacy Shield, the SCCs have played an increased role as an appropriate safeguard for transferring personal data from the European Economic Area to recipients in
Is New York Next? A Comprehensive Consumer Privacy Bill Reintroduced
On May 13th, New York State Senator Kevin Thomas, Chair of NY’s Consumer Protection Committee, reintroduced the New York Privacy Act (“NYPA”), a comprehensive consumer privacy law similar in kind to the California Consumer Privacy Act (“CCPA”), California Privacy Rights Act (“CPRA”), and Virginia’s Consumer Data Protection Act (“CDPA”). The NYPA had been