Photo of Alexandra Scott

The Connecticut legislature passed Connecticut SB 6 on April 28, 2022.  If signed by the governor, the bill would take effect on July 1, 2023, though the task force created by the bill will be required to begin work sooner.

The bill closely resembles the Colorado Privacy Act, with a few notable additions.  Like the Colorado Privacy Act, the bill adopts “controller” and “processor” terminology, provides consumers with rights to access, correct, delete, obtain a copy, and opt-out of certain types of processing of their personal data, and requires consent for certain activities.
Continue Reading Connecticut Legislature Passes Comprehensive Privacy Bill

On April 12, at the International Association of Privacy Professionals’ global privacy conference, Colorado Attorney General Phil Weiser gave remarks on his office’s approach to the rulemaking and enforcement of the Colorado Privacy Act.
Continue Reading Colorado Attorney General Remarks on CPA Rulemaking

Utah appears poised to be the next state with a comprehensive privacy law on its books, following California, Virginia, and Colorado.  On March 2nd, the Utah House of Representatives voted unanimously to approve an amended version of the legislative proposal, and the Senate concurred with the House amendment on the following day.  Formalities are now being completed to send the bill to Governor Spencer Cox for signature.

The Utah Consumer Privacy Act (“UCPA”) provides for consumer rights and responsibilities for controllers and processors.  Although the bill generally tracks the comprehensive privacy law passed in Virginia last year, the VCDPA, there are some notable differences.  Key provisions in the bill include the following:
Continue Reading Utah Legislature Passes Comprehensive Privacy Bill

As companies begin to prepare their CPRA compliance strategies, they are grappling with whether to include personal information processed in employment and business-to-business contexts. Currently, the CPRA’s partial exemptions for both of those types of data sunset on December 31, 2022. However, last week, the CA legislature introduced AB 2871 and AB 2891. AB

Last week the California Privacy Protection Agency (“CPPA”) held its sixth Board meeting and first meeting of 2022.  The meeting notably included a discussion of the expected timing for issuing final regulations implementing the California Privacy Rights Act.
Continue Reading California Privacy Protection Agency Clarifies Timing of Forthcoming CPRA Regulations

The Virginia Consumer Data Protection Act (“VCDPA”) Work Group has issued its 2021 Final Report. The final report, which is based on the six Work Group meetings between June and October 2021, summarizes information presented at the meetings on topics such as enforcement, definitions and rulemaking authority, as well as consumer rights and education.  We summarize some of the comments below.
Continue Reading Virginia Consumer Data Protection Act Work Group Issues Final Report

The California Privacy Protection Agency (CPPA), which is responsible for issuing regulations implementing the California Privacy Rights Act (CPRA), has posted its approved discussion draft for seeking public comments in preparation for its CPRA rulemaking activities.  The CPPA indicated that it is particularly interested in receiving comments on the following eight topics:
Continue Reading California Privacy Protection Agency Seeks Comments on Preliminary CPRA Issues

Earlier this month the California Privacy Protection Agency (CPPA) held its inaugural public meeting.  The CPPA was created under Proposition 24, the California Privacy Rights Act (CPRA), which was approved by California voters on November 3, 2020.
Continue Reading California Privacy Protection Agency Holds First Meeting, Preparing for Upcoming Rulemaking