Governor Phil Scott has vetoed the state’s proposed comprehensive privacy law. In rejecting the bill, he stated he was worried it created an “unnecessary and avoidable level of risk.” He had concerns in three areas.Continue Reading Vermont Governor Vetoes Comprehensive Privacy Bill
Minnesota’s governor has now signed into law that state’s comprehensive privacy law. For those keeping count – that is number 19 of state “comprehensive” privacy laws, with six in 2024 alone. The Minnesota law will go into effect on July 31, 2025, thirty days after Tennessee’s.Continue Reading The Land of 10,000 Lakes Adds New Consumer Privacy Law: Minnesota Joins Privacy Fray
Maryland’s new comprehensive data privacy law, the Maryland Online Data Privacy Act, was recently signed into law by Governor Moore. This brings the total number of state “comprehensive” privacy laws to 18, five of which have been passed in 2024. Maryland’s law will take effect in 2025 along with several others. Maryland’s effective date is October 1, 2025 (after Tennessee (July 1, 2025) and before Indiana and Kentucky (January 1, 2026)). For a full list of effective dates, as well as other details of these state privacy laws, visit our resource page.Continue Reading Maryland, the Old Line State, Creates New Lines with Consumer Privacy Law
Nebraska’s governor has now signed into law the state’s “comprehensive” privacy law making it the fourth one this year, and the 17th overall. It will take effect on January 1, 2025 – the same day as Delaware, Iowa, and New Hampshire. (For a round-up of all of the recent state privacy laws visit our new online resource.)Continue Reading Nebraska Fourth State to Enact Privacy Law in 2024
With the Kentucky governor recently signing into law that state’s privacy law the US now has 16 states with “comprehensive” privacy laws. This newest one will go into effect on January 1, 2026 – the same day as Indiana. It closely resembles other state privacy laws, in particular, Virginia’s privacy law. For a recap of all of the US state privacy laws and their obligations you can visit our interactive tool.Continue Reading Kentucky’s New Consumer Privacy Law: Is the Privacy Grass Greener in the Bluegrass State?
New Hampshire’s governor has signed into law the second state comprehensive privacy law of 2024. The law takes effect on January 1, 2025 – the same day as Iowa and Delaware (with New Jersey going into effect two weeks later). The law closely resembles other state privacy laws.Continue Reading New Hampshire, the Granite State, Joins Privacy Law Deluge: Sets Its Law in Stone
New Jersey’s governor has signed into law the first US state comprehensive privacy law of 2024. It will go into effect January 16, 2025. For those keeping score, that puts New Jersey after Florida, Oregon, Texas (all July 1, 2024), Montana (October 1, 2024), Delaware, and Iowa (both January 1, 2025). But, before Indiana (January 1, 2026). (Visit this post for a more detailed recap).Continue Reading The Garden State Cultivates a Consumer Privacy Law – The First for 2024
As we begin the new year, many are wondering whether the growing list of US state privacy laws apply to them, and if so, what steps they should take to address them. For companies that gather information from consumers, especially those that offer loyalty programs, collect sensitive information, or have cybersecurity risks, these laws may be top of mind. Even for others, these may be laws that are of concern. As you prepare your new year’s resolutions -or how you will execute on them- having a centralized list of what the laws require might be helpful. So, a quick recap:Continue Reading Current Status of US State Privacy Law Deluge: It’s 2024, Do You Know Where Your Privacy Program’s At?
New York recently announced amendments to the State Department of Financial Services’ cybersecurity regulations. The changes further solidify the state’s already comprehensive cybersecurity regulatory regime. The amendments were both announced by Gov. Hochul and became effective on November 1, 2023. They apply to DFS regulated entities and aim to strengthen provisions around cyber governance, risk mitigation, incident notification, and training.Continue Reading NY Enhances Financial Cybersecurity Regulations
The Massachusetts Gaming Commission approved data privacy regulations under the 2022 Massachusetts Sports Wagering Act earlier this fall. While directed to a narrow group of companies, the restrictions around use of artificial intelligence, profiling and breach notification suggest the types of concerns that we may see other regulators focus on in other industries.Continue Reading Massachusetts Wagers Big on Privacy in Sports Betting