Photo of Alexandra Scott

Alexandra Scott

On February 9, the Third Appellate District of California vacated a trial court’s decision that held that enforcement of the California Privacy Protection Agency’s (“CPPA”) regulations could not commence until one year after the finalized date of the regulations.  As we previously explained, the Superior Court’s order prevented the CPPA from enforcing the regulations

On June 30, 2023, a Superior Court of California (County of Sacramento, case number 34-2023-80004106-CU-WM-GDS) held that enforcement of the California Privacy Protection Agency’s (“CPPA”) regulations cannot commence until one year after the finalized date of the regulations.  However, the court declined to delay the CPPA’s ability to enforce violations of the underlying ballot initiative.

On June 30, 2023, the Delaware general assembly passed the Delaware Personal Data Privacy Act (“DPDPA”), H.B. 154.  This bill resembles the comprehensive privacy statutes in Connecticut, Montana, and the recently passed bill in Oregon, though there are some notable distinctions.  If signed into law, Delaware will be the latest state to implement

On June 22, 2023, the Oregon state legislature passed the Oregon Consumer Privacy Act, S.B. 619 (the “Act”).  This bill resembles the comprehensive privacy statutes in Colorado, Montana, and Connecticut, though there are some notable distinctions.  If passed, Oregon will be the twelfth state to implement a comprehensive privacy statute, joining California, Virginia, Colorado, Connecticut

The Connecticut legislature passed Connecticut SB 3 on June 2, 2023.  If enacted by the governor, the bill would amend the Connecticut Data Privacy Act (“CTDPA”) to include a number of provisions related to health and minors’ data. Additional detail on the CTDPA can be found in our previous blog post here.

The health-related provisions would take effect on July 1, 2023.  Most provisions related to minors’ data would take effect on October 1, 2024.  However, requirements that social media platforms “unpublish” or delete certain minors’ accounts would come into effect on July 1, 2024.

As reflected in this bill, state legislatures appear increasingly focused on health privacy.  Connecticut’s bill comes on the heels of Nevada’s SB 370, which the Nevada legislature passed, and which, if enacted would impose requirements on consumer health data.  Both the Nevada and Connecticut bill resemble Washington’s My Health My Data Act, although they appear generally narrower in scope.  For additional detail on Washington’s My Health My Data Act, please review our blog post hereContinue Reading Connecticut Legislature Passes Amendments to the Connecticut Data Privacy Act

On April 11, the Indiana legislature passed comprehensive state privacy legislation in the form of S.B. 5. S.B. 5 shares similarities with the state privacy laws in Virginia, Connecticut, Colorado, Utah, and most recently Iowa.  If signed into law, S.B. 5 would take effect on January 1, 2026.  This blog post summarizes the statute’s key takeaways.Continue Reading Indiana Passes Comprehensive Privacy Statute

On March 28, Governor Kim Reynolds signed into law SF 262, making Iowa the sixth state to enact a comprehensive consumer privacy law.  The new law will take effect on January 1, 2025.

As we discuss here, Iowa’s privacy law shares a number of key similarities to existing state privacy frameworks, including providing

On March 15, 2023, the Colorado Attorney General filed final rules implementing the Colorado Privacy Act (“CPA”) with the Secretary of State.  The Attorney General first released proposed draft rules on October 10, 2022 and subsequently released revised draft rules on December 21, 2022 and January 27, 2023 after public comment.  The final rules will

On March 15th, the Iowa legislature passed S.F. 262 (the “ICDPA”), making it the sixth U.S. state to pass a comprehensive state privacy statute.  The Iowa statute most closely resembles the Utah Consumer Privacy Act (“UCPA”), though it also shares some similarities with the approaches adopted in Virginia, Colorado, and Connecticut.  The statute will next go to the governor’s desk for signature.  If signed into law, the ICDPA would take effect on January 1, 2025.Continue Reading Iowa Passes Comprehensive Privacy Statute