state privacy

Subscribe to state privacy

With the Kentucky governor recently signing into law that state’s privacy law the US now has 16 states with “comprehensive” privacy laws. This newest one will go into effect on January 1, 2026 – the same day as Indiana. It closely resembles other state privacy laws, in particular, Virginia’s privacy law. For a recap of all of the US state privacy laws and their obligations you can visit our interactive tool.Continue Reading Kentucky’s New Consumer Privacy Law: Is the Privacy Grass Greener in the Bluegrass State?

New Hampshire’s governor has signed into law the second state comprehensive privacy law of 2024. The law takes effect on January 1, 2025 – the same day as Iowa and Delaware (with New Jersey going into effect two weeks later). The law closely resembles other state privacy laws.Continue Reading New Hampshire, the Granite State, Joins Privacy Law Deluge: Sets Its Law in Stone

New Jersey’s governor has signed into law the first US state comprehensive privacy law of 2024. It will go into effect January 16, 2025. For those keeping score, that puts New Jersey after Florida, Oregon, Texas (all July 1, 2024), Montana (October 1, 2024), Delaware, and Iowa (both January 1, 2025). But, before Indiana (January 1, 2026). (Visit this post for a more detailed recap).Continue Reading The Garden State Cultivates a Consumer Privacy Law – The First for 2024

As we begin the new year, many are wondering whether the growing list of US state privacy laws apply to them, and if so, what steps they should take to address them. For companies that gather information from consumers, especially those that offer loyalty programs, collect sensitive information, or have cybersecurity risks, these laws may be top of mind. Even for others, these may be laws that are of concern. As you prepare your new year’s resolutions -or how you will execute on them- having a centralized list of what the laws require might be helpful. So, a quick recap:Continue Reading Current Status of US State Privacy Law Deluge: It’s 2024, Do You Know Where Your Privacy Program’s At?

New York recently announced amendments to the State Department of Financial Services’ cybersecurity regulations. The changes further solidify the state’s already comprehensive cybersecurity regulatory regime. The amendments were both announced by Gov. Hochul and became effective on November 1, 2023. They apply to DFS regulated entities and aim to strengthen provisions around cyber governance, risk mitigation, incident notification, and training.Continue Reading NY Enhances Financial Cybersecurity Regulations

The Massachusetts Gaming Commission approved data privacy regulations under the 2022 Massachusetts Sports Wagering Act earlier this fall. While directed to a narrow group of companies, the restrictions around use of artificial intelligence, profiling and breach notification suggest the types of concerns that we may see other regulators focus on in other industries.Continue Reading Massachusetts Wagers Big on Privacy in Sports Betting

The talk of “opt-out preference signals” or global privacy controls (GPC) has been increasing as companies dig into the forthcoming requirements under US “comprehensive” privacy laws. What is an opt-out preference signal? An “opt-out preference signal” also known colloquially as ”GPC,” is a signal sent by a platform or technology on behalf of a consumer that communicates the consumer’s choice to opt out of sale or sharing. Below, we summarize how each of the states treats this requirement.Continue Reading Comparing and Contrasting the Opt Out Preference Signal Across States

With 2023 quickly approaching, many are spending this final quarter preparing for the five US state “comprehensive” privacy laws. Some of these contemplate clarifying regulations with technical and operational requirements. Requirements that will impact preparation activities.Continue Reading State Comprehensive Privacy Laws: Status of the Regulations

Utah’s governor recently signed into law SB 227, creating the Genetic Information Privacy Act (GIPA). The law, which is anticipated to go into effect in May, is aimed at protecting genetic data collected from direct-to-consumer genetic testing companies. Generally, the law creates requirements for (i) notice; (ii) consent for certain data uses; (iii) data security obligations; and (iv) access, deletion, and destruction rights.
Continue Reading States Continue to Step in to Safeguard Genetic Information