Photo of Kathryn Smith*

Kathryn Smith is a fellow in the firm's Chicago office.

Texas has now become the 11th state, following Florida, to have a “comprehensive” privacy law. HB 4 was signed by the governor on June 18, 2023. This caps off a busy spring for state lawmakers not only in Texas, but Florida, Iowa, Indiana, Tennessee, and Montana. The law goes into effect on July 1, 2024 (the ability for agents to submit rights requests is not effective until January 1, 2025 however). For a round-up of state laws’ effective dates, visit here.

Continue Reading The Lone Star State Joins the Privacy Law Deluge: Another Governor Signs

Companies may want to review their consumer rights processes as we approach July 1. This is the date of enforcement for those parts of CCPA modified by CPRA. It is also the effective date of two more state privacy laws: Colorado and Connecticut. Neither law is substantively much different from California and Virginia, but if an entity was not subject to those laws it may be subject to those in these two additional states. Let’s recap the requirements around choice and individual rights:

Continue Reading The Comprehensive Privacy Law Deluge: Approaching Choice and Rights

New York’s Local Law 144 of 2021 will finally go into effect on July 5, 2023, after several delays. As we previously discussed, the law requires employers to provide candidates for employment and promotion with notice about the use of an AI system, offer them an opt out, and audit any such systems for bias. The law is intended to benefit job applicants and may provide useful guidance for employers who wish to use AI to help eliminate workplace bias.

Continue Reading NY AI Laws Going Live Next Month

Florida has become the latest state to enact a comprehensive privacy law this year when SB 262 was signed by Governor DeSantis last week. It combines some new, and some familiar, provisions. It has also passed a child privacy law, similar to parts of California’s Age Appropriate Design Act, going into effect July 1, 2024.

Continue Reading Another Governor Signs: Florida Privacy Law Will be Effective July 2024

The US has what appears to be a never-ending list of comprehensive privacy laws, but do they all apply to your organization? Not necessarily.

Continue Reading The Comprehensive US Privacy Law Deluge: Which US Privacy Laws Apply to Your Company?

Montana now joins a growing list of states to have a comprehensive privacy law. The law was signed by the governor on May 19, 2023 and will go into effect October 24, 2024. This is before some Iowa (effective January 1, 2025) and Indiana (effective January 1, 2026), which pre-dated it in passage.

Continue Reading Montana Governor Signs Big Sky’s Privacy Law

With January well in the rear view mirror, companies are setting their privacy compliance sights on the next two laws to come into effect on July 1, 2023: Colorado and Connecticut. Knowing, of course, that Utah (December 31, 2023) is not far behind. To say nothing of five more on the horizon, in order of effective date:

Continue Reading Preparing for the US Comprehensive Privacy Law Deluge

Indiana has now become the seventh US state to enact a comprehensive privacy law after Senate Bill 5 (“SB5”) was signed by the governor on May 1, 2023. The new law will go into effect January 1, 2026, and is almost identical to recent comprehensive privacy laws in other states.

Continue Reading Governor Signs: Hoosier State Adds to the US Privacy Patchwork

As we wrote in November, Pennsylvania amended its data breach notification laws last year, and those changes go into effect tomorrow (May 2, 2023). Beginning tomorrow, if a breach of username/email accounts and their respective passwords occurs, companies can provide electronic notification to the impacted individual. That notice will need to tell individuals to change their passwords or take other proactive measures. The law also amends the definition of personal information. It will now include, as of tomorrow, medical and health insurance information.

Continue Reading May 2nd Marks Effective Date of Pennsylvania Breach Law Amendments