The US has what appears to be a never-ending list of comprehensive privacy laws, but do they all apply to your organization? Not necessarily.
Montana Governor Signs Big Sky’s Privacy Law
Montana now joins a growing list of states to have a comprehensive privacy law. The law was signed by the governor on May 19, 2023 and will go into effect October 24, 2024. This is before some Iowa (effective January 1, 2025) and Indiana (effective January 1, 2026), which pre-dated it in passage.
Continue Reading Montana Governor Signs Big Sky’s Privacy Law
EyeMed Data Breach Multistate Settlement
EyeMed recently entered into a settlement with the Attorneys General of Oregon, New Jersey, Florida and Pennsylvania around a 2020 breach of an EyeMed email account that contained the data of more than 2 million individuals. As we previously reported, EyeMed entered into settlement with NYDFS over this breach in October of 2022.
Another Governor Signs: Tennessee Volunteers to Join the Privacy Patchwork
The Tennessee governor has signed Tennessee’s comprehensive privacy law, which as we have indicated will go into effect July 1, 2025. As initially proposed, the law would have been
Continue Reading Another Governor Signs: Tennessee Volunteers to Join the Privacy Patchwork
Preparing for the US Comprehensive Privacy Law Deluge
With January well in the rear view mirror, companies are setting their privacy compliance sights on the next two laws to come into effect on July 1, 2023: Colorado and Connecticut. Knowing, of course, that Utah (December 31, 2023) is not far behind. To say nothing of five more on the horizon, in order of effective date:
Continue Reading Preparing for the US Comprehensive Privacy Law Deluge
Governor Signs: Hoosier State Adds to the US Privacy Patchwork
Indiana has now become the seventh US state to enact a comprehensive privacy law after Senate Bill 5 (“SB5”) was signed by the governor on May 1, 2023. The new law will go into effect January 1, 2026, and is almost identical to recent comprehensive privacy laws in other states.
Continue Reading Governor Signs: Hoosier State Adds to the US Privacy Patchwork
May 2nd Marks Effective Date of Pennsylvania Breach Law Amendments
As we wrote in November, Pennsylvania amended its data breach notification laws last year, and those changes go into effect tomorrow (May 2, 2023). Beginning tomorrow, if a breach of username/email accounts and their respective passwords occurs, companies can provide electronic notification to the impacted individual. That notice will need to tell individuals to change their passwords or take other proactive measures. The law also amends the definition of personal information. It will now include, as of tomorrow, medical and health insurance information.
Continue Reading May 2nd Marks Effective Date of Pennsylvania Breach Law Amendments
Utah Amends Data Breach Law, Creates Cyber Center
Utah’s breach notification requirements will change on May 3, 2023. The recently amended data breach notification law now requires companies to notify the Attorney General for a breach involving 500 or more state residents. If the breach involves 1,000 or more residents, then notification to each consumer reporting agency is also required.
Continue Reading Utah Amends Data Breach Law, Creates Cyber Center
The Beehive State Joins the Buzz Around Minors and Social Media
The Utah legislature recently passed SB 152 and HB 311. While these two bills will primarily impact those who are “social media” entities under the law, they may have broader impact when the majority of their requirements take effect, on March 1, 2024.
Continue Reading The Beehive State Joins the Buzz Around Minors and Social Media
Colorado Privacy Law Regulations Finalized: Time to Review Information Practices
Colorado’s Privacy Act regulations have now been finalized, in advance of the law’s July 1 effective date. As we have written previously, the Colorado privacy law applies to companies that conduct business in the state and either (1) control or process personal data of 100,000 Colorado consumers during a calendar year, or (2) derive revenue or receive a discount on the price of goods or services from the sale of personal data and processes or controls the personal data of at least 25,000 Colorado consumers. The law mirrors in many ways the comprehensive privacy laws of other states.
Continue Reading Colorado Privacy Law Regulations Finalized: Time to Review Information Practices
UK App Code Provides Privacy and Security Compliance Direction
The UK’s new Code of Practice for App Store Operators and App Developers provides companies with privacy-related resources. It also highlights ICO privacy expectations. Participating in the code is done by voluntarily complying with it (it is not mandatory). The UK Department for Digital, Culture, Media, and Sport, though, is not only working with leading companies to participate in the code, but also is looking at whether current laws should be expanded and/or if code participation should become mandatory.
Continue Reading UK App Code Provides Privacy and Security Compliance Direction