Last Friday, October 1, the Protecting DNA Privacy Act (HB 833), a new genetic privacy law, went into effect in the state of Florida establishing four new crimes related to the unlawful use of another person’s DNA. While the criminal penalties in HB 833 are notable, Florida is not alone in its focus on increased genetic privacy protections. A growing number of states, including Utah, Arizona, and California, have begun developing a net of genetic privacy protections to fill gaps in federal and other state legislation, often focused on the privacy practices of direct-to-consumer (“DTC”) genetic testing companies. While some processing of genetic information is covered by federal law, the existing patchwork of federal genetic privacy protections do not clearly cover all forms of genetic testing, including DTC genetic tests.
Continue Reading Newly Effective Florida Law Imposing Criminal Sanctions Adds to Developing Nationwide Patchwork of State Genetic Privacy Laws
State Legislatures
Virginia Consumer Data Protection Work Group Holds Second Meeting, Hears Recommendations from the Office of the Virginia Attorney General
Last week, Virginia’s Joint Commission on Technology and Science held its second meeting of the Consumer Data Protection Work Group.
Instead of following a detailed rulemaking process for implementation like that provided for in the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA) is being reviewed over the next few months by a group of state officials, business representatives, and advocates. This group will publish recommendations by November 1, 2021, which the state legislature can consider if it amends the law before the VCDPA goes into effect on January 1, 2023. A stated goal of the group is to align the VCDPA with other privacy laws that states are enacting around the country.
At the meeting, the group heard public comments as well as a presentation by Deputy Attorney General Samuel Towell on behalf of the Office of the Attorney General of Virginia (OAG). The presentation covered issues that the OAG sees with the VCDPA’s implementation and proposed a number of recommendations for the group to consider: …
Continue Reading Virginia Consumer Data Protection Work Group Holds Second Meeting, Hears Recommendations from the Office of the Virginia Attorney General
Proposed Bill Would Expand the Scope of the CMIA
By Olivia Vega & Libbie Canter on
Posted in Health Privacy, State Legislatures
In a new post on the Covington Digital Health blog, our colleagues discuss proposed legislation that would expand the definition of “provider of health care” under California’s Confidentiality of Medical Information Act (“CMIA”).
Continue Reading Proposed Bill Would Expand the Scope of the CMIA
California Privacy Protection Agency Holds First Meeting, Preparing for Upcoming Rulemaking
Earlier this month the California Privacy Protection Agency (CPPA) held its inaugural public meeting. The CPPA was created under Proposition 24, the California Privacy Rights Act (CPRA), which was approved by California voters on November 3, 2020.
Continue Reading California Privacy Protection Agency Holds First Meeting, Preparing for Upcoming Rulemaking
Colorado Legislature Passes Comprehensive Consumer Privacy Bill
Colorado is poised to join the growing number of states enacting a comprehensive privacy law. On Monday, June 7, both houses of the legislature passed the Colorado Privacy Act. The bill will now be sent to the Governor for approval. …
Continue Reading Colorado Legislature Passes Comprehensive Consumer Privacy Bill
Florida Legislature Considering Comprehensive Privacy Law
By Libbie Canter, Jayne Ponder, Alexandra Scott & Olivia Vega on
Florida may be next state to join the growing number of states with a consumer privacy law, as both chambers of Florida’s legislature are currently considering comprehensive state privacy legislation. Both HB 969 and SB 1734 resemble the California Consumer Privacy Act (“CCPA”), though they contain some notable differences. Florida Governor Ron DeSantis expressed support of these measures, stating that these proposals “finally check these companies’ unfettered ability to profit off our data and ensure the protection of Floridians’ personal and private information.”
…
Continue Reading Florida Legislature Considering Comprehensive Privacy Law
Virginia Enacts Comprehensive Privacy Law
By Libbie Canter on
On March 2, Virginia Governor Ralph Northam signed into law the Virginia Consumer Data Protection Act (VCDPA), becoming the second U.S. state to enact a comprehensive privacy law (Nevada has enacted an online privacy law, albeit with a narrower scope). As we have previously explained, the VCDPA follows the framework established by the Washington Privacy Act. We recently compared Virginia’s law against other key state privacy frameworks.
Continue Reading Virginia Enacts Comprehensive Privacy Law
Virginia Legislature Passes Comprehensive Privacy Law: The Virginia Consumer Data Protection Act
By Libbie Canter & Kayvan Farchadi on
Posted in Data Privacy, State Legislatures
The Virginia Consumer Data Protection Act (HB 2307 / SB 1392), introduced in the House of Delegates on January 20, passed both houses of Virginia’s state legislature on February 5 with large bipartisan majorities. This comprehensive privacy bill, which would take effect on January 1, 2023, follows a similar framework as the current version of the Washington Privacy Act (“WPA”), though it differs from the WPA in important respects. We have included a high level summary of some of the bill’s provisions below.
The passage of nearly identical legislation by both chambers of the Virginia legislature positions the Virginia Consumer Data Protection Act to become the nation’s next comprehensive state privacy law. Lawmakers must reconcile the two bills before the end of the session on February 27, and, assuming a reconciled bill passes in both houses, it will be sent to Gov. Ralph Northam to sign into law or veto. If Gov. Northam takes no action, the reconciled bill would become law within seven days or, if there are fewer than seven days remaining in the General Assembly session, or if the General Assembly has adjourned, within thirty days.
Continue Reading Virginia Legislature Passes Comprehensive Privacy Law: The Virginia Consumer Data Protection Act
Washington State Hearing on Latest Privacy Bill Highlights Competing Interests For Best Practices and Data Minimization
Washington State Hearing on Latest Privacy Bill Highlights Competing Interests For Best Practices and Data Minimization
On January 14, 2020, Washington’s State Senate Committee on Environment, Energy & Technology received public testimony about Senate Bill 5062, the “Washington Privacy Act.” Representatives from trade associations, the Attorney General’s Office, and civil rights groups offered recommendations to eliminate perceived loopholes and clarify bill provisions.
This post highlights recurring issues from the public hearing.
Continue Reading Washington State Hearing on Latest Privacy Bill Highlights Competing Interests For Best Practices and Data Minimization
Four Key Cyber Takeaways from The CPRA
Last year, Californians passed proposition 24, also known as the California Privacy Rights Act (“CPRA”). That law makes several changes to the California Consumer Privacy Act (“CCPA”), including some that relate to an organization’s cybersecurity practices.
Continue Reading Four Key Cyber Takeaways from The CPRA