Much of the focus on US privacy has been US state laws, and the potential of a federal privacy law. This focus can lead one to forget, however, that US privacy and data security law follows a patchwork approach both at a state level and a federal level. “Comprehensive” privacy laws are thus only one piece of the puzzle. There are federal and state privacy and security laws that apply based on a company’s (1) industry (financial services, health care, telecommunications, gaming, etc.), (2) activity (making calls, sending emails, collecting information at point of purchase, etc.), and (3) the type of individual from whom information is being collected (children, students, employees, etc.). There have been developments this year in each of these areas.Continue Reading Mid-Year Recap: Think Beyond US State Laws!

May 1 is a busy privacy day in Utah, with not only updates to the breach notification and social media platforms and minors laws going into effect, but also a new AI law, and one in the vehicle space. This last, the Utah Motor Vehicle Data Protection Act, has a narrow scope. It impacts “dealer data systems,” i.e., systems used by car dealerships to house consumer information.Continue Reading May 1 Brings Another Privacy Law to the Beehive State: The Utah Motor Vehicle Data Protection Act