Archives: State Legislation

Ohio Proposes Comprehensive Privacy Legislation

Ohio recently became the latest state to consider enacting comprehensive privacy legislation. On July 13, 2021, the Ohio Personal Privacy Act (House Bill 376) was introduced into the Ohio House of Representatives with the backing of Ohio Governor Mike DeWine and Lt. Governor Jon Husted. If passed, OPPA would establish consumer data rights for natural … Continue Reading

The Washington Privacy Act Is Back

By Shea M. Leitch and Andreas Kaltsounis on March 2, 2020 Posted in Consumer Data, State Legislation

After the Washington Privacy Act (“WPA”) failed to pass in 2019, state legislators promised to renew their efforts in the 2020 legislative session. Lawmakers kept this promise last month, introducing three bills targeted at an array of consumer privacy issues. The first bill, SB 6281, or the Washington Privacy Act, introduced in the Senate on … Continue Reading

If Signed by Governor, California Bill AB-602 Will Provide Private Right of Action for Victims of Sexually Explicit ‘Deepfakes’

By Kamran Salour and Veronica Reynolds on September 26, 2019 Posted in State Legislation

AB-602, passed by the California State Senate on September 12, 2019, will, if approved by the governor, create a private right of action against persons who create or disclose another’s sexually explicit content through use of “deepfake” technology. Specifically, the cause of action may be brought against a person who creates and intentionally discloses sexually … Continue Reading

AB-1790 Seeks to Add Transparency to the Marketplace/Marketplace Seller Relationship

By Kamran Salour on September 25, 2019 Posted in State Legislation

Seeking to increase transparency and, consequently, fairness in the marketplace/marketplace seller commercial relationship, the California State Senate approved AB-1790 Marketplaces: marketplace seller on Sept. 12, 2019. AB-1790 aims to achieve this transparency by imposing certain obligations on a marketplace. These obligations will in turn provide a marketplace seller with more insight into the terms and … Continue Reading

Insurance Data Security Model Law Picks Up Steam

By Andreas Kaltsounis and Shea M. Leitch on February 6, 2019 Posted in Cybersecurity, State Legislation

Three states recently enacted variations of the National Association of Insurance Commissioner’s (NAIC) Insurance Data Security Model Law (MDL-668), based on the landmark cybersecurity requirements issued by the New York Department of Financial Services (NYDFS) in March 2017. The NYDFS requirements apply to certain banking, insurance and financial service entities licensed in the state of … Continue Reading

A New Year Brings a New Vermont Law Aimed at Data Brokers and Credit Reporting Agencies

By Laura E. Jehl and Sara Goldstein on January 15, 2019 Posted in Consumer Data, State Legislation

On Jan. 1, 2019, a new Vermont law intended to protect consumers by imposing new requirements on “data brokers,” companies that aggregate and sell consumer information, and credit reporting agencies took effect. Under the new law, data brokers must comply with registration, information security safeguards and reporting requirements, while credit reporting agencies are prohibited from … Continue Reading

First Public Forum on the California Consumer Privacy Act

By Alan L. Friel and Taylor A. Bloom on January 14, 2019 Posted in CCPA, State Legislation

The California Attorney General and the Department of Justice held the first public forum about the California Consumer Privacy Act (CCPA) on Tuesday, Jan. 8, in San Francisco. The public forums are part of the rulemaking process the attorney general’s office is undertaking pursuant to Section 1798.185 of the CCPA, which requires the attorney general … Continue Reading

Massachusetts Enacts Significant Changes to Its Data Breach Notification Law

By David M. Brown on January 11, 2019 Posted in Breach Notification, Data Breach Notification Laws, State Legislation

On Jan. 10, 2019, Massachusetts Gov. Charlie Baker signed legislation that will significantly amend the state’s data breach notification law. The amendments become effective on April 11, 2019. One of the significant changes includes a new requirement to provide an offer of complimentary credit monitoring for “a period of not less than 18 months” when … Continue Reading

California Legislature Cracks Down on Advertising Bots Involved in Commercial Transactions and Influencing Voters in Elections

By Alan L. Friel and Zoe Steinberg on October 8, 2018 Posted in Advertising, State Legislation

Bot or real person? – a question most online users probably don’t ask themselves when interacting online or seeing how many followers a person has on a social media platform. Most likely, online users don’t know whether they are talking to a “bot,” especially if they think they are communicating on or browsing an interactive … Continue Reading

California Delays Privacy Law Enforcement and Congress Is Lobbied to Pre-empt the Law

By Alan L. Friel on September 25, 2018 Posted in CCPA, State Legislation

This summer California enacted, effective Jan. 1, 2020, the California Consumer Privacy Act (CCPA), a privacy law unprecedented in the U.S. that grants California residents a broad range of European-like privacy rights. Amendments passed as SB 1121 on Aug. 31 and signed into law by Gov. Brown on Sept. 23 extend the time for the California … Continue Reading

New Mexico Attorney General Is Turning Up the Heat on Enforcement of Data Privacy Laws

By Sara Goldstein and Aaron Lancaster on September 18, 2018 Posted in Children’s Privacy, State Legislation

With the announcement last week of its new lawsuit against several tech companies for violating Children’s Online Privacy Protection Act (“COPPA”), the FTC Act, and New Mexico’s Unfair Practices Act (“UPA”), the State of New Mexico Office of the Attorney General appears to be the latest in an expanding list of state attorneys general who … Continue Reading

California Consumer Privacy Act: Navigating Consumer Lawsuits & Limiting Remedies

By Paul Karlsgodt, Alan L. Friel and Niloufar Massachi on August 29, 2018 Posted in CCPA, State Legislation

California’s new privacy law, the California Consumer Privacy Act of 2018 (CCPA or act), which goes into effect Jan. 1, 2020, grants California residents (referred to as consumers in the act but not limited to consumers) a wide range of rights in regard to their personal information, broadly defined. To enable compliance with the act, … Continue Reading

SB-1121 Does Not Fix the CA Consumer Privacy Act, But Would Delay Enforcement

By Alan L. Friel on August 27, 2018 Posted in CCPA, State Legislation

In response to controversies concerning consumers’ personal information, such as the Facebook/Cambridge Analytica controversy, and a California ballot initiative that qualified for the November ballot and proposed the California Consumer Privacy Act (“CCPA Initiative”), the legislature in California responded with AB-375, which proposed an alternative version of the California Consumer Privacy Act of 2018. The … Continue Reading

Not Too Early to Start to Prepare for New California Privacy Law

By Alan L. Friel and Niloufar Massachi on August 14, 2018 Posted in CCPA, Privacy Litigation, State Legislation

In late June, the California legislature signed into law Assembly Bill 375 (AB 375) as the California Consumer Privacy Act of 2018 (CCPA), a privacy law, unprecedented in the U.S., that grants California residents a broad range of European-like rights when it comes to their personal information (PI), effective Jan. 1, 2020. To be able … Continue Reading

Ohio Law Offers Safe Harbor to Companies Meeting Cyber Standards

By Brian P. Bartish and Craig A. Hoffman on August 13, 2018 Posted in Data Breaches, State Legislation

Ohio will soon have a law in place that provides a “legal safe harbor” from tort claims related to a data breach, to entities that have implemented and comply with certain cybersecurity frameworks. It remains to be seen whether any entity will ever be in a position to take advantage of the affirmative defense this … Continue Reading

California Legislative Effort to Avert Privacy Ballot Initiative a Race Against the Clock

By Alan L. Friel and Niloufar Massachi on June 26, 2018 Posted in Advertising, Behavioral Advertising, Online Privacy, Retail Industry, State Legislation

On Thursday, June 22, 2018, a previously dead California Assembly bill, AB 375, was revised as a proposed alternative to the ballot initiative known as the California Consumer Privacy Act of 2018 (CCPA),[1] which is expected to be on the November ballot. It was read a third time and amended on June 25 and re-referred to … Continue Reading

California Legislature Working Feverishly To Avert Privacy Ballot Initiative

By Alan L. Friel on June 22, 2018 Posted in Advertising, Behavioral Advertising, Online Privacy, Retail Industry, State Legislation

We have previously reported a ballot initiative known as the California Consumer Privacy Act of 2018 (“CCPA”), that is expected to be on the November ballot. If passed, it would make sweeping changes to consumer privacy protection rights for Californians, likely creating a new national standard. On June 21st, the California Assembly amended AB- 375, … Continue Reading

The Weekly Privacy Rewind

By John Busch and Aaron Lancaster on June 5, 2018 Posted in Data Breaches, GDPR, Online Privacy, Privacy Class Actions, State Legislation

Canada Canadian Banks Notify 90,000 Following Breach • Bank of Montreal and Canadian Imperial Bank of Commerce announced that they were contacted by hackers and informed that nearly 90,000 customers’ personal information was accessed. • The banks will notify customers of the breach and indicate they believe they have fixed the vulnerabilities that led to … Continue Reading

New Jersey Attorney General’s Office Ramping Up Data Privacy and Cybersecurity Enforcement Efforts

By Sara Goldstein on June 4, 2018 Posted in State Legislation

The Office of the New Jersey Attorney General (AG’s Office) recently announced that it will be creating a new civil enforcement unit, known as the Data Privacy & Cybersecurity Section (DPC Section), to investigate data breaches impacting New Jersey residents and to enforce federal and state data privacy and cybersecurity laws. New Jersey’s AG joins … Continue Reading

Colorado Enacts Sweeping Changes to Data Breach Reporting Requirements and Adds New Data Security Requirements

By David M. Brown on May 31, 2018 Posted in Data Breach Notification Laws, State Legislation

Colorado’s Gov. John Hickenlooper signed a bill that significantly strengthens its current data breach notification requirements and adds new measures designed to enhance protections for consumer data privacy. The new law will go into effect on Sept. 1, 2018. Disposal of personal identifying information As previously discussed here (while the bill was in committee), HB18-1128 … Continue Reading

California Voters Likely to Decide Consumer Privacy Rules

By Alan L. Friel on May 17, 2018 Posted in State Legislation

California has a unique ballot initiative process that allows voters to directly pass legislation, and it appears that proponents of an initiative that could impact digital advertising and apply European Union (EU)-inspired consumer privacy protections – including opt-out consent to broad categories of data use and sharing – have obtained enough signatures to place the … Continue Reading

Delaware Revamps Its State Data Breach Notification Statute

By David M. Brown on August 23, 2017 Posted in Data Breach Notification Laws, State Legislation

On Aug. 17, 2017, Delaware revamped its existing data breach notification statute. In doing so, Delaware became the second state (joining Connecticut) to mandate offering individuals affected by a breach of security involving Social Security numbers at least one year of complimentary credit monitoring services. The new law takes effect on April 14, 2018, and … Continue Reading