On April 12, at the International Association of Privacy Professionals’ global privacy conference, Colorado Attorney General Phil Weiser gave remarks on his office’s approach to the rulemaking and enforcement of the Colorado Privacy Act.
Continue Reading Colorado Attorney General Remarks on CPA Rulemaking
State Legislatures
Utah Legislature Passes Comprehensive Privacy Bill
Utah appears poised to be the next state with a comprehensive privacy law on its books, following California, Virginia, and Colorado. On March 2nd, the Utah House of Representatives voted unanimously to approve an amended version of the legislative proposal, and the Senate concurred with the House amendment on the following day. Formalities are now being completed to send the bill to Governor Spencer Cox for signature.
The Utah Consumer Privacy Act (“UCPA”) provides for consumer rights and responsibilities for controllers and processors. Although the bill generally tracks the comprehensive privacy law passed in Virginia last year, the VCDPA, there are some notable differences. Key provisions in the bill include the following:…
Continue Reading Utah Legislature Passes Comprehensive Privacy Bill
Review of U.S. State Law Developments in 2021
As we look ahead at 2022, we here provide a quick wrap-up of key developments for U.S. state privacy laws in the past year:…
Continue Reading Review of U.S. State Law Developments in 2021
Illinois Enacts Protecting Household Privacy Act
On August 27, 2021, Illinois Governor J.B. Pritzker signed into law the Protecting Household Privacy Act (“PHPA”). The law governs how, and under what conditions, Illinois law enforcement agencies may acquire and use data from household electronic devices, commonly referred to as “smart devices” or the “internet of things.” The PHPA will go into effect…
Virginia Consumer Data Protection Work Group Holds Second Meeting, Hears Recommendations from the Office of the Virginia Attorney General
Last week, Virginia’s Joint Commission on Technology and Science held its second meeting of the Consumer Data Protection Work Group.
Instead of following a detailed rulemaking process for implementation like that provided for in the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA) is being reviewed over the next few months by a group of state officials, business representatives, and advocates. This group will publish recommendations by November 1, 2021, which the state legislature can consider if it amends the law before the VCDPA goes into effect on January 1, 2023. A stated goal of the group is to align the VCDPA with other privacy laws that states are enacting around the country.
At the meeting, the group heard public comments as well as a presentation by Deputy Attorney General Samuel Towell on behalf of the Office of the Attorney General of Virginia (OAG). The presentation covered issues that the OAG sees with the VCDPA’s implementation and proposed a number of recommendations for the group to consider: …
Continue Reading Virginia Consumer Data Protection Work Group Holds Second Meeting, Hears Recommendations from the Office of the Virginia Attorney General
2021 State Privacy Legislation Roundup: California, Virginia, New York, and Washington
Several states have proposed new privacy bills since their sessions began. Some of the proposed bills carry over or re-introduce bills drafted in previous legislative sessions, while others are introducing first–in-time omnibus privacy bills. In the high-level chart below, we compare five of the key state privacy frameworks: the CPRA, VCDPA (which we blogged about here), the NYPA, the general privacy provisions of the Washington Privacy Act, and the newly introduced Washington People’s Privacy Act (HB 1433).
…
Continue Reading 2021 State Privacy Legislation Roundup: California, Virginia, New York, and Washington
Virginia Legislature Passes Comprehensive Privacy Law: The Virginia Consumer Data Protection Act
The Virginia Consumer Data Protection Act (HB 2307 / SB 1392), introduced in the House of Delegates on January 20, passed both houses of Virginia’s state legislature on February 5 with large bipartisan majorities. This comprehensive privacy bill, which would take effect on January 1, 2023, follows a similar framework as the current version of the Washington Privacy Act (“WPA”), though it differs from the WPA in important respects. We have included a high level summary of some of the bill’s provisions below.
The passage of nearly identical legislation by both chambers of the Virginia legislature positions the Virginia Consumer Data Protection Act to become the nation’s next comprehensive state privacy law. Lawmakers must reconcile the two bills before the end of the session on February 27, and, assuming a reconciled bill passes in both houses, it will be sent to Gov. Ralph Northam to sign into law or veto. If Gov. Northam takes no action, the reconciled bill would become law within seven days or, if there are fewer than seven days remaining in the General Assembly session, or if the General Assembly has adjourned, within thirty days.
Continue Reading Virginia Legislature Passes Comprehensive Privacy Law: The Virginia Consumer Data Protection Act
Four Key Cyber Takeaways from The CPRA
Last year, Californians passed proposition 24, also known as the California Privacy Rights Act (“CPRA”). That law makes several changes to the California Consumer Privacy Act (“CCPA”), including some that relate to an organization’s cybersecurity practices.
Continue Reading Four Key Cyber Takeaways from The CPRA
Californians Approve Ballot Initiative Modifying the California Consumer Privacy Act
Voters in California approved Proposition 24, which updates the California Consumer Privacy Act (“CCPA”) just a few months after the landmark regulations implementing the privacy law went into effect. As we have previously explained, the California Privacy Rights Act (“CPRA”) will change the existing CCPA requirements in a number of ways, including limiting the sharing of personal information for cross-context behavioral advertising and the use of “sensitive” personal information, as well as creating a new correction right. It also establishes a new agency to enforce California privacy law. The key provisions of the bill will not go into effect until January 1, 2023, providing much-needed time to clarify the details and for businesses to adjust their CCPA compliance approaches to account for the additional requirements.
…
Continue Reading Californians Approve Ballot Initiative Modifying the California Consumer Privacy Act
Final CCPA Regulations Take Effect With Modification; Extension of Employee and Business-to-Business Exemptions Advances
Two developments in the past week will likely have a significant impact on businesses subject to the California Consumer Privacy Act (“CCPA”): the long-awaited CCPA regulations have been finalized and put into immediate effect with modifications, while at the same time it seems increasingly likely that the exemptions for employees’ and business-to-business contacts’ data will be extended beyond January 2021.
Continue Reading Final CCPA Regulations Take Effect With Modification; Extension of Employee and Business-to-Business Exemptions Advances