January brings us new year’s resolutions, and an opportunity to look back at the prior year. As we have done in years past (2023, 2022, 2021
Continue Reading Sheppard Mullin’s 2024 Eye on Privacy Year in ReviewColorado Rolls Out Updated Privacy Rules Ahead of 2025 CPA Amendments
The Colorado AG’s office adopted draft amendments to the Colorado Privacy Act rules last month. The adopted draft reflected input from the public to AG’s September 2024 version and addresses three key issues. First, on opinion letters and interpretive guidance from the AG. Second, changes resulting from the passage of a bill related to biometric (HB 24-1130) data. And third, a bill related to children’s (SB 24-041) privacy. (Both of which amend Colorado’s privacy law.)Continue Reading Colorado Rolls Out Updated Privacy Rules Ahead of 2025 CPA Amendments
New Year, New Protections for New York Artists and AI-Generated Replicas
New York has a new AI-related law which took effect January 1. The law regulates creation and use of digital replicas of an individual’s voice or likeness and is similar to those in California and Tennessee.Continue Reading New Year, New Protections for New York Artists and AI-Generated Replicas
New York Modifies Data Breach Law Heading Into 2025
As 2024 came to a close, New York Gov. Hochul signed two bills (A8872A and S2376B) amending New York’s data breach law. The modifications change both what constitutes personal information under the law, as well as modifying notification timing. The notice modification is now in effect; the change to the definition of personal information does not take effect until March 21, 2025.Continue Reading New York Modifies Data Breach Law Heading Into 2025
FTC Keeps Sights on Data Brokers that Sell Sensitive Location Sites
The Federal Trade Commission recently settled complaints against two data brokers over their handling of consumers’ sensitive location information. The agency alleged that such practices constitute unfair practices. Under the settlement, both Gravy Analytics and Mobilewalla, agreed to stop using and selling sensitive consumer location data.Continue Reading FTC Keeps Sights on Data Brokers that Sell Sensitive Location Sites
FCC’s One-To-One Consent Rule Takes Effect in January
For those who send marketing texts, keep in mind the FCC one-to-one consent rule update. It has been getting some publicity, and takes effect January 27, 2025. As most are aware, TCPA requires getting consent before sending certain automated texts. For automated marketing texts, prior express written (i.e. signed) consent is needed.Continue Reading FCC’s One-To-One Consent Rule Takes Effect in January
Coming to a State Near You: 5 State Privacy Laws Take Effect in January 2025
Are you ready for the next set of US state privacy laws going into effect? Delaware, Iowa, Nebraska, and New Hampshire are effective January 1, and New Jersey’s law go into effect two weeks later (January 15).Continue Reading Coming to a State Near You: 5 State Privacy Laws Take Effect in January 2025
‘All Hands on Deck’ – White House Continues to Call on Agencies for AI National Security Plan
In the waning months of the current administration, the White House issued a memo setting forth actions focused on national security as directed in the AI Executive Order from last year. As a reminder, the order -while directed to government agencies- also had impacts on how businesses use of artificial intelligence.Continue Reading ‘All Hands on Deck’ – White House Continues to Call on Agencies for AI National Security Plan
California’s Privacy Regulator Had a Busy November, Data Broker Edition: What Does It Mean for Businesses?
In the fifth in our series of California developments, we turn to data broker obligations. There are two of note. First, the California privacy agency is moving forward Delete Act regulations it proposed earlier this year. (Its board voted to move regulations addressing data broker requirements to the Office of Administrative Law for review and approval last month.) Second, it announced an investigative sweep of compliance with the Act.Continue Reading California’s Privacy Regulator Had a Busy November, Data Broker Edition: What Does It Mean for Businesses?
California’s Privacy Regulator Had a Busy November, Cybersecurity Audits and Insurance Edition: What Does It Mean for Businesses?
In the fourth in our series of new CCPA regulations from California, we look at both cybersecurity audit obligations as well as the impact of the CCPA on the insurance industry.Continue Reading California’s Privacy Regulator Had a Busy November, Cybersecurity Audits and Insurance Edition: What Does It Mean for Businesses?
California’s Privacy Regulator Had a Busy November, Risk Assessment Edition: What Does It Mean for Businesses?
In the third in our series of new CCPA regulations from California, we look at obligations for conducting risk assessments under CCPA. CCPA had called on the California agency to promulgate rules to address such assessments, and when they would be needed.Continue Reading California’s Privacy Regulator Had a Busy November, Risk Assessment Edition: What Does It Mean for Businesses?